Creates a role on an RabbitMQ Secret Backend for Vault. Roles are used to map credentials to the policies that generated them.
resource "vault_rabbitmq_secret_backend" "rabbitmq" {
connection_uri = "https://....."
username = "user"
password = "password"
}
resource "vault_rabbitmq_secret_backend_role" "role" {
backend = vault_rabbitmq_secret_backend.rabbitmq.path
name = "deploy"
tags = "tag1,tag2"
vhost {
host = "/"
configure = ""
read = ".*"
write = ""
}
vhost_topic {
vhost {
topic = "amq.topic"
read = ".*"
write = ""
}
host = "/"
}
}
The following arguments are supported:
namespace
- (Optional) The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The namespace
is always relative to the provider's configured namespace.
Available only for Vault Enterprise.
backend
- (Required) The path the RabbitMQ secret backend is mounted at,
with no leading or trailing /
s.
name
- (Required) The name to identify this role within the backend.
Must be unique within the backend.
tags
- (Optional) Specifies a comma-separated RabbitMQ management tags.
vhost
- (Optional) Specifies a map of virtual hosts to permissions.
vhost_topic
- (Optional) Specifies a map of virtual hosts and exchanges to topic permissions. This option requires RabbitMQ 3.7.0 or later.
No additional attributes are exported by this resource.
RabbitMQ secret backend roles can be imported using the path
, e.g.
$ terraform import vault_rabbitmq_secret_backend_role.role rabbitmq/roles/deploy