Hey, I use ovh terraform provider to manage my resources. The ovh provider uses OAuth2 client id and secret with limited IAM policies — when I need to extend the policies I generate a temporary full access consumer key, use it to create the required IAM policy through terraform and then I switch back to OAuth2 credentials. I stumbled upon an issue — changing display_name of a dedicated server requires separate API request call PUT /services/{serviceID}. So this terraform code:
resource "ovh_dedicated_server" "my_server" {
service_name = "ns111.ip-11-111-111.eu"
display_name = "my_server"
}fails, becaue the ovh terraform provider could not execute the request to change the display name (which is a separate request from the normal management of a resource).
So I defined the policy using my temporary full access token:
resource "ovh_iam_policy" "services_edit" {
name = "policy-services-edit"
description = "Allows Terraform to edit service details (for selected resources)"
identities = [ovh_me_api_oauth2_client.terraform_client.identity]
allow = [
"account:apiovh:services/edit"
]
resources = [
"urn:v1:eu:resource:dedicatedServer:*",
"urn:v1:eu:resource:vps:*"
]
}But this still fails with the following error:
module.dedicated_servers.ovh_dedicated_server.my_server: Modifying... [name=ns111.ip-11-111-111.eu]
╷
│ Error: failed to update display name
│
│ with module.dedicated_servers.ovh_dedicated_server.my_server,
│ on dedicated_servers/main.tf line 9, in resource "ovh_dedicated_server" "myserver":
│ 9: resource "ovh_dedicated_server" "my_server" {
│
│ failed to update service info: OVHcloud API error (status code 403): Client::Forbidden: "You are not allowed to call this route"
│ (X-OVH-Query-Id: EU.ext-4.691ddc3d.512067)What is the issue here? I cannot seem to get it working. According to OVHcloud API docs this is the right IAM action and I believe the resource URNs are also okay? Or the issue is with resource URNs? If so, what should they be?
I'd be grateful for any help,
Jakub
14866 
01.12.2025 01:10