[FEATURE]

[mrh-chain]

Description

As a new user of this provider, I find it frustrating having to debug permission issues. As an example, I was trying to setup a ovh_cloud_project_gateway and Terraform returned the fairly non-descript error: Error: waiting for gateway (name: gateway, model: s): OVHcloud API error (status code 403): Client::Forbidden: "User not granted for this request" (X-OVH-Query-Id: EU.ext-1.67a29e75.1590976.01252628251300f53fc7ec9bebda2343)

I had to dig into the code to of the provider to find the API's called and then use the REST API documentation to map that to IAM actions.

It would be beneficial for users if each resource had documentation added to them describing what IAM Actions they perform (or at the very least which API endpoints they hit).

Affected Resource(s) and/or Data Source(s)

All of them

[amstuta]

Hello @mrh-chain,

Indeed IAM errors could be handled more nicely.
A solution that we have is to throw an error with the missing IAM rights when it happens because in this case the API returns the following body:

{
  "class": "Client::Forbidden",
  "message": "User not granted for this request",
  "details": {
    "unauthorizedActionsByAuthentication": "",
    "unauthorizedActionsByIAM": "publicCloudProject:apiovh:operation/get"
  }
}

We'll work on adding this feature shortly.

[amstuta]

A fix has been made in repository go-ovh to return errors like the following in case of missing IAM permissions: OVHcloud API error (status code 403): Client::Forbidden: "User not granted for this request (missing IAM permissions: publicCloudProject:apiovh:operation/get)".

The release of the provider will be made shortly.