I may have figured out the problem here, apparently there's something either undocumented or that I'm unable to find documented where built in role templates cannot be found with a data object and instead I'm having to look them up with http data resources and parse

hmm, still seems like a permissions issue. Are you using the bootstrap resource to get a token or providing your own? Try using the same token you are getting for the http data resources and see if that works.

bootstrap resource

The bootstrap resource generates its own child token from the admin token (which is confusing) so it might not be the same as what you are giving it.

I went from the above rancher2_role_template data resource which is configured with

token_key = rancher2_bootstrap.self.token

to an http data resource configured with

Authorization = "Bearer ${rancher2_bootstrap.self.token}"

v5 of the provider relates to Rancher's v2.9 (I know that is confusing, sorry, I am working on making that better)

yup, I'm using rancher 2.9

Yeah, that is what I am talking about. The bootstrap resource's

self.token

isn't the actual token that is being used. You can see the child token generated in the UI. The

self.token

is what it is using to generate the child token. That being said, let me look through the code and see if there is any weirdness around internal resources.

Sadly cant upgrade until all my downstream clusters are running a supported version and eks gives us quite a long support window

sorry I couldn't give a better answer, maybe try asking in the #C3ASABBD1 channel

You were indeed helpful, and the http data call seems to be working fine. This is all generally just to deal with the a rolebinding explosion that seems to be solvable by merging the required roles instead of attaching multiple templates