Resource boundary_role

The role resource allows you to configure a Boundary role.

Example Usage

Basic usage:

resource "boundary_scope" "org" {
  name                     = "organization_one"
  description              = "My first scope!"
  scope_id                 = "global"
  auto_create_admin_role   = true
  auto_create_default_role = true
}

resource "boundary_role" "example" {
  name        = "My role"
  description = "My first role!"
  scope_id    = boundary_scope.org.id
}

Usage with a user resource:

resource "boundary_scope" "org" {
  name                     = "organization_one"
  description              = "My first scope!"
  scope_id                 = "global"
  auto_create_admin_role   = true
  auto_create_default_role = true
}

resource "boundary_user" "foo" {
  name     = "User 1"
  scope_id = boundary_scope.org.id
}

resource "boundary_user" "bar" {
  name     = "User 2"
  scope_id = boundary_scope.org.id
}

resource "boundary_role" "example" {
  name          = "My role"
  description   = "My first role!"
  principal_ids = [boundary_user.foo.id, boundary_user.bar.id]
  scope_id      = boundary_scope.org.id
}

Usage with user and grants resource:

resource "boundary_scope" "org" {
  name                     = "organization_one"
  description              = "My first scope!"
  scope_id                 = "global"
  auto_create_admin_role   = true
  auto_create_default_role = true
}

resource "boundary_user" "readonly" {
  name        = "readonly"
  description = "A readonly user"
  scope_id    = boundary_scope.org.id
}

resource "boundary_role" "readonly" {
  name          = "readonly"
  description   = "A readonly role"
  principal_ids = [boundary_user.readonly.id]
  grant_strings = ["ids=*;type=*;actions=read"]
  scope_id      = boundary_scope.org.id
}

Usage for a project-specific role:

resource "boundary_scope" "org" {
  name                     = "organization_one"
  description              = "My first scope!"
  scope_id                 = "global"
  auto_create_admin_role   = true
  auto_create_default_role = true
}

resource "boundary_scope" "project" {
  name                   = "project_one"
  description            = "My first scope!"
  scope_id               = boundary_scope.org.id
  auto_create_admin_role = true
}

resource "boundary_user" "readonly" {
  name        = "readonly"
  description = "A readonly user"
  scope_id    = boundary_scope.org.id
}

resource "boundary_role" "readonly" {
  name          = "readonly"
  description   = "A readonly role"
  principal_ids = [boundary_user.readonly.id]
  grant_strings = ["ids=*;type=*;actions=read"]
  scope_id      = boundary_scope.project.id
}

Schema

Required

Optional

Read-Only

Import

Import is supported using the following syntax:

terraform import boundary_role.foo <my-id>