Manages an ACL token in Nomad.
Creating a token with limited policies:
resource "nomad_acl_token" "dakota" {
name = "Dakota"
type = "client"
policies = ["dev", "qa"]
}
Creating a global token that will be replicated to all regions:
resource "nomad_acl_token" "dakota" {
name = "Dakota"
type = "client"
policies = ["dev", "qa"]
global = true
}
Creating a token with full access to the cluster:
resource "nomad_acl_token" "iman" {
name = "Iman"
type = "management"
}
Accessing the token:
resource "nomad_acl_token" "token" {
type = "client"
policies = ["dev"]
}
output "nomad_token" {
value = nomad_acl_token.token.secret_id
}
The following arguments are supported:
type
(string: <required>)
- The type of token this is. Use client
for tokens that will have policies associated with them. Use management
for tokens that can perform any action.
name
(string: "")
- A human-friendly name for this token.
policies
(set: [])
- A set of policy names to associate with this
token. Must be set on client
-type tokens, must not be set on
management
-type tokens. Policies do not need to exist before being
used here.
role
(set: [])
- The list of roles attached to the token. Each entry has
name
and id
attributes. It may be used multiple times.
global
(bool: false)
- Whether the token should be replicated to all
regions, or if it will only be used in the region it was created in.
expiration_ttl
(string: "")
- Provides a TTL for the token in the form of
a time duration such as "5m"
or "1h"
.
In addition to the above arguments, the following attributes are exported and can be referenced:
accessor_id
(string)
- A non-sensitive identifier for this token that
can be logged and shared safely without granting any access to the cluster.
secret_id
(string)
- The token value itself, which is presented for
access to the cluster.
create_time
(string)
- The timestamp the token was created.
expiration_time
(string)
- The timestamp after which the token is
considered expired and eligible for destruction.