boundary_role
The role resource allows you to configure a Boundary role.
Basic usage:
resource "boundary_scope" "org" {
name = "organization_one"
description = "My first scope!"
scope_id = "global"
auto_create_admin_role = true
auto_create_default_role = true
}
resource "boundary_role" "example" {
name = "My role"
description = "My first role!"
scope_id = boundary_scope.org.id
}
Usage with a user resource:
resource "boundary_scope" "org" {
name = "organization_one"
description = "My first scope!"
scope_id = "global"
auto_create_admin_role = true
auto_create_default_role = true
}
resource "boundary_user" "foo" {
name = "User 1"
scope_id = boundary_scope.org.id
}
resource "boundary_user" "bar" {
name = "User 2"
scope_id = boundary_scope.org.id
}
resource "boundary_role" "example" {
name = "My role"
description = "My first role!"
principal_ids = [boundary_user.foo.id, boundary_user.bar.id]
scope_id = boundary_scope.org.id
}
Usage with user and grants resource:
resource "boundary_scope" "org" {
name = "organization_one"
description = "My first scope!"
scope_id = "global"
auto_create_admin_role = true
auto_create_default_role = true
}
resource "boundary_user" "readonly" {
name = "readonly"
description = "A readonly user"
scope_id = boundary_scope.org.id
}
resource "boundary_role" "readonly" {
name = "readonly"
description = "A readonly role"
principal_ids = [boundary_user.readonly.id]
grant_strings = ["ids=*;type=*;actions=read"]
scope_id = boundary_scope.org.id
}
Usage for a project-specific role:
resource "boundary_scope" "org" {
name = "organization_one"
description = "My first scope!"
scope_id = "global"
auto_create_admin_role = true
auto_create_default_role = true
}
resource "boundary_scope" "project" {
name = "project_one"
description = "My first scope!"
scope_id = boundary_scope.org.id
auto_create_admin_role = true
}
resource "boundary_user" "readonly" {
name = "readonly"
description = "A readonly user"
scope_id = boundary_scope.org.id
}
resource "boundary_role" "readonly" {
name = "readonly"
description = "A readonly role"
principal_ids = [boundary_user.readonly.id]
grant_strings = ["ids=*;type=*;actions=read"]
scope_id = boundary_scope.project.id
}
scope_id
(String) The scope ID in which the resource is created. Defaults to the provider's default_scope
if unset.description
(String) The role description.grant_scope_id
(String, Deprecated) For Boundary 0.15+, use grant_scope_ids
instead. The scope for which the grants in the role should apply.grant_scope_ids
(Set of String) A list of scopes for which the grants in this role should apply, which can include the special values "this", "children", or "descendants"grant_strings
(Set of String) A list of stringified grants for the role.name
(String) The role name. Defaults to the resource name.principal_ids
(Set of String) A list of principal (user or group) IDs to add as principals on the role.id
(String) The ID of the role.Import is supported using the following syntax:
terraform import boundary_role.foo <my-id>