Terraform OCI-为尚未创建的组创建策略

这一次有一个问题，我不知道如何解决：

我需要为我必须创建的用户组创建一个策略。

这是我代码的一部分：

提供者.tf

provider "oci" {
tenancy_ocid = local.json_data.TERRAFORM.tenancy_ocid
user_ocid = local.json_data.TERRAFORM.user_ocid
private_key_path = local.json_data.TERRAFORM.private_key_path
fingerprint = local.json_data.TERRAFORM.fingerprint
region = local.json_data.TERRAFORM.region
}

data "oci_identity_compartments" "compartment_id" {
#Required
compartment_id = local.json_data.COMPARTMENT.compartment_ocid
//compartment_id = local.json_data.TERRAFORM.tenancy_ocid
}
data "oci_identity_tenancy" "test_tenancy" {
#Required
tenancy_id = local.json_data.TERRAFORM.tenancy_ocid
}
data "oci_identity_region_subscriptions" "test_region_subscriptions" {
#Required
tenancy_id = local.json_data.TERRAFORM.tenancy_ocid
}

// password: $KV3PeNx&f5QJD0OBJK&
resource "oci_identity_user" "create_user_Traininguser1" {
#Required
//compartment_id = data.oci_identity_compartments.compartment_id.id
compartment_id = local.json_data.TERRAFORM.tenancy_ocid
description = local.json_data.USER_GROUP.user_description
name = local.json_data.USER_GROUP.user_name
}

resource "oci_identity_group" "create_group_Traininggroup" {
#Required
compartment_id = local.json_data.TERRAFORM.tenancy_ocid
description = local.json_data.USER_GROUP.group_description
name = local.json_data.USER_GROUP.group_name
}
resource "oci_identity_user_group_membership" "add_user_group_membership" {
#Required
group_id = oci_identity_group.create_group_Traininggroup.id
user_id = oci_identity_user.create_user_Traininguser1.id
}

resource "oci_identity_policy" "test_policy" {
#Required
compartment_id = local.json_data.TERRAFORM.tenancy_ocid
description = local.json_data.POLICY.policy_description
name = local.json_data.POLICY.policy_name
statements = local.json_data.POLICY.policy_statements
}

变量.tf

locals {
json_data = jsondecode(file("${path.module}/init_values.json"))
}

init_values.json

{
"TERRAFORM": {
"tenancy_ocid": "ocid1.tenancy.ocxxxxxxxxxxxxx",
"user_ocid": "ocid1.user.oc1.xxxxxxxxxxxxxxx",
"private_key_path": "/Users/name/.oci/oci_api_key.pem",
"fingerprint": "XX:X0:X2:5X:c0:32:XX:07:3f:7e:XX:af:XX:3f:31:93",
"region": "eu-frankfurt-1",
"new_compartment": "new_compartment"
},
"COMPARTMENT": {
"compartment_ocid": "ocid1.compartment.oc1.Xxxxxxxxxxxxxxx"
},
"USER_GROUP": {
"user_description": "usuario de prueba",
"user_name": "Traininguser1",
"group_description": "grupo de prueba",
"group_name": "Traininggroup"
},
"POLICY": {
"policy_name": "TrainingPolicy",
"policy_description": "TrainingDescription",
"policy_statements": ["Allow group Traininggroup to manage virtual-network-family in Tenancy", "Allow group Traininggroup to manage instance-family in Tenancy"]
}
}

错误：

│ Error: 400-InvalidParameter 
│ Provider version: 4.28.0, released on 2021-05-26. This provider is 8 update(s) behind to current. 
│ Service: Identity Policy 
│ Error Message: The group Traininggroup specified in the policy statement does not exist under current compartment hierarchy.
│  
│ OPC request ID: 897be7b9cd1dfccdbf34826dca571765/69DB175ED2CA61834FB1EBE77EC362BA/8A9735EF7EACF883EDE87413C40FBD45 
│ Suggestion: Please update the parameter(s) in the Terraform config as per error message The group Traininggroup specified in the policy statement does not exist under current compartment hierarchy.
│ 
│ 
│ 
│   with oci_identity_policy.test_policy,
│   on provider.tf line 70, in resource "oci_identity_policy" "test_policy":
│   70: resource "oci_identity_policy" "test_policy" {
│ 
╵

我不想为这个部分创建单独的脚本，这意味着：

• 首先执行一个脚本来创建一个用户组
• 第二个执行另一个脚本来创建策略等

例如，如果我想创建一个包含用户、用户组、策略等的隔间。

那么，如何才能同时做到这一点呢？

有人能帮我吗？

问候