No Resource visible inside created project from UI when configuring it through terraform

I have created a boundary scope as below, using terraform boundary provider .i.e.
Created a global scope, in it created an org, and in the org created 3 projects as dev, stage and prod

resource "boundary_scope" "global" {
  global_scope = true
  description  = "Global Scope"
  scope_id     = "global"
}



#Creating an organization scope within global:
resource "boundary_scope" "org" {
  name                     = "corp"
  description              = "corp scope"
  scope_id                 = boundary_scope.global.id
  auto_create_admin_role   = true
  auto_create_default_role = true
}

resource "boundary_scope" "project" {
  for_each               = toset(var.boundary_projects)
  name                   = each.key
  description            = "project for ${each.key}"
  scope_id               = boundary_scope.corp.id
  auto_create_admin_role = true
  auto_create_default_role = true
}

variable "boundary_projects" {
   type = list
   default = ["development", "staging", "production"]
}

I was able to successfully created host target inside one of the project (development) using below terraform

# Create host catalogs .i.e. collection of hosts for development
resource "boundary_host_catalog_static" "development" {
  name        = "development"
  description = "development hosts"
  scope_id    = boundary_scope.project["development"].id
}

# Boundary static host represents the static host
resource "boundary_host_static" mongo_dev_host {
  name            = "mongo_dev_host"
  description     = "mongo db primary host"
  address         = local.internal_db.mongo_primary.url
  host_catalog_id = boundary_host_catalog_static.development.id
}

resource "boundary_host_set_static" "mongo_dev_host" {
  name            = "mongo_dev_host_set"
  description     = "Host set for mongo db"
  host_catalog_id = boundary_host_catalog_static.development.id
  host_ids = [
      boundary_host_static.mongo_dev_host.id
  ]
}

# Define boundary target for mongo_dev
resource "boundary_target" "mongo_dev_host" {
  type                     = "tcp"
  name                     = "mongo_dev_host"
  description              = "mongo dev host"
  scope_id                 = boundary_scope.project["development"].id
  session_connection_limit = -1
  default_port             = 27017
  host_source_ids = [
    boundary_host_set_static.mongo_dev_host.id
  ]
}

however I am not able to see this target on the UI (or any other resource ).i.e. i get this page only

image1920×1093 49 KB

when I manually create a project on UI inside the org, I can see other resources,

I have logged in as admin user so not sure why I am getting behaviour, kindly guide !!!
I am uisng version hashicorp/boundary:0.13.0

That’s odd behavior. (I like the way you wrote that TF config though!)

The sidebar in your screenshot of the UI looks weird as well — I think if you’re logged in as admin you should be seeing resource types or other things there, not just gray dividers. Any chance this is just your browser behaving oddly? Do you have any kind of script or other content blocker running that might be causing issues?

it looks like my user is not getting treated as admin. this is the error message I get from CLI

 boundary targets list -scope-id p_d29Ck9liTX
Error from controller when performing list on targets

Error information:
  Kind:                PermissionDenied
  Message:             Forbidden.
  Status:              403
  context:             Error from controller when performing list on targets

this is tf config around creating user

## Use password auth method /// This can be worked upon for other methods like OIDC LDAP
## For now as starting point using password

resource "boundary_auth_method" "password" {
  name     = "MyCorp Password"
  scope_id = boundary_scope.org.id
  type     = "password"
}


resource "boundary_account_password" "admin_users_acct" {
  for_each       = var.admin_users
  name           = each.key
  description    = "User account for ${each.key}"
  auth_method_id = boundary_auth_method.password.id
  type           = "password"
  login_name     = lower(each.key)
  password       = each.value.password
}


resource "boundary_user" "admin_users" {
  for_each    = var.admin_users
  name        = each.key
  description = "User resource for ${each.key}"
  account_ids = [ boundary_account_password.admin_users_acct[each.key].id ]
  scope_id    = boundary_scope.corp.id
}

resource "boundary_group" "admin_group" {
  name        = "admin_group"
  description = "Organization group for admin users"
  member_ids  = [for user in boundary_user.admin_users : user.id]
  scope_id    = boundary_scope.corp.id
}

resource "boundary_role" "admin_role" {
  name        = "admin_role"
  description = "Admin role"
  principal_ids = [boundary_group.admin_group.id]
  grant_strings = ["id=*;type=*;actions=*"]
  scope_id    = boundary_scope.org.id
}

The user scope is set on org level as [ [“id=;type=;actions=*”]] , I am under impression the projects getting created under org level he should have access for as well.

After creating admin role on project scope as well it is working

resource "boundary_role" "admin_role_project" {
  for_each    = toset(var.boundary_projects)
  name        = "admin_role"
  description = "Admin role"
  principal_ids = [boundary_group.admin_group.id]
  grant_strings = ["id=*;type=*;actions=*"]
  scope_id    =  boundary_scope.project[each.key].id
}

I’ve had this issue before. The solution was to create a second admin role resource exactly as you’ve already done but add the grant_scope_id parameter to it and the argument should be the project id.

That should solve your issue.

https://registry.terraform.io/providers/hashicorp/boundary/latest/docs/resources/role#grant_scope_id