Create Aliyun OSS bucket in resource group with Admin that has permission to create only in that resource group.

[gohjiaying]

Terraform Version

Terraform v1.8.1
on windows_amd64

• provider registry.terraform.io/aliyun/alicloud v1.222.0

Affected Resource(s)

Please list the resources as a list, for example:

• oss_bucket

Terraform Configuration Files

in main.tf:

data "alicloud_resource_manager_resource_groups" "infra" {
  name_regex = "infra"
}

resource "alicloud_oss_bucket" "test-bucket" {
   bucket = var.backend_oss_bucket
   resource_group_id =  data.alicloud_resource_manager_resource_groups.infra.groups.0.id 
 }

Expected Behavior

What should have happened?

• Bucket should be created in resource group.
  

Actual Behavior

What actually happened?

1. First error: Unable to list bucket. Worked around by giving read only permission without resource group scope.
2. Second error: Unable to create bucket.

```Error: [ERROR] terraform-provider-alicloud/alicloud/resource_alicloud_oss_bucket.go:519: Resource alicloud_oss_bucket CreateBucket Failed!!! [SDK aliyun-oss-go-sdk ERROR]:
│ oss: service returned error: StatusCode=403, ErrorCode=AccessDenied, ErrorMessage="Put bucket request is not resource owner."

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. Create a Aliyun user with access key/secret key. Permission is Administrator Access, but scoped to resource group.

 policy_name       = "AdministratorAccess"
 policy_type       = "System"
 principal_name    =  format("%s@%s.onaliyun.com", alicloud_ram_user.example-user, data.alicloud_account.account.id)
 principal_type    = "IMSUser"
 resource_group_id = alicloud_resource_manager_resource_group.infra.id
}

2. Use the above user to apply terraform configuration and create bucket.

Important Factoids

• I am using an administrator that can only create in specific resource group
• Able to create bucket in resource group with the same user via console. Did not work when creating via Terraform.