The consul_acl_token_policy_attachment
resource links a Consul Token and an ACL
policy. The link is implemented through an update to the Consul ACL token.
resource "consul_acl_policy" "agent" {
name = "agent"
rules = <<-RULE
node_prefix "" {
policy = "read"
}
RULE
}
resource "consul_acl_token_policy_attachment" "attachment" {
token_id = "00000000-0000-0000-0000-000000000002"
policy = "${consul_acl_policy.agent.name}"
}
first_configuration/main.tf
resource "consul_acl_token" "test" {
accessor_id = "9b20de68-3ea2-4b70-b4f1-506afad062a4"
description = "my test token"
local = true
lifecycle {
ignore_changes = ["policies"]
}
}
second_configuration/main.tf
resource "consul_acl_policy" "agent" {
name = "agent"
rules = <<-RULE
node_prefix "" {
policy = "read"
}
RULE
}
resource "consul_acl_token_policy_attachment" "attachment" {
token_id = "9b20de68-3ea2-4b70-b4f1-506afad062a4"
policy = "${consul_acl_policy.agent.name}"
}
NOTE: consul_acl_token would attempt to enforce an empty set of policies, because its policies attribute is empty. For this reason it is necessary to add the lifecycle clause to prevent Terraform from attempting to empty the set of policies associated to the token.
The following arguments are supported:
token_id
- (Required) The id of the token.policy
- (Required) The name of the policy attached to the token.The following attributes are exported:
id
- The attachment ID.token_id
- The id of the token.policy
- The name of the policy attached to the token.consul_acl_token_policy_attachment
can be imported. This is especially useful to manage the
policies attached to the anonymous and the master tokens with Terraform:
$ terraform import consul_acl_token_policy_attachment.anonymous 00000000-0000-0000-0000-000000000002:policy_name
$ terraform import consul_acl_token_policy_attachment.master-token 624d94ca-bc5c-f960-4e83-0a609cf588be:policy_name