consul_namespace_policy_attachment

The consul_namespace_policy_attachment resource links a Consul Namespace and an ACL policy. The link is implemented through an update to the Consul Namespace.

Example Usage

Attach a policy to the default namespace

resource "consul_acl_policy" "agent" {
  name  = "agent"
  rules = <<-RULE
    node_prefix "" {
      policy = "read"
    }
    RULE
}

resource "consul_namespace_policy_attachment" "attachment" {
    namespace = "default"
    policy    = consul_acl_policy.agent.name
}

Attach a policy to a namespace created in another Terraform configuration

In first_configuration/main.tf

resource "consul_namespace" "qa" {
  name = "qa"

  lifecycle {
    ignore_changes = [policy_defaults]
  }
}

In second_configuration/main.tf

resource "consul_acl_policy" "agent" {
  name  = "agent"
  rules = <<-RULE
    node_prefix "" {
      policy = "read"
    }
  RULE
}

resource "consul_namespace_policy_attachment" "attachment" {
    namespace = "qa"
    policy    = consul_acl_policy.agent.name
}

NOTE: consul_acl_namespace would attempt to enforce an empty set of default policies, because its policy_defaults attribute is empty. For this reason it is necessary to add the lifecycle clause to prevent Terraform from attempting to empty the set of policies associated to the namespace.

Argument Reference

The following arguments are supported:

Attributes Reference

The following attributes are exported:

Import

consul_namespace_policy_attachment can be imported. This is especially useful to manage the policies attached to the default namespace:

$ terraform import consul_namespace_policy_attachment.default default:policy_name