consul_acl_token_role_attachment

The consul_acl_token_role_attachment resource links a Consul Token and an ACL role. The link is implemented through an update to the Consul ACL token.

Example Usage

Attach a role to the anonymous token

resource "consul_acl_role" "role" {
  name = "foo"
  description = "Foo"

  service_identities {
    service_name = "foo"
  }
}

resource "consul_acl_token_role_attachment" "attachment" {
  token_id = "00000000-0000-0000-0000-000000000002"
  role_id  = consul_acl_role.role.id
}

Attach a policy to a token created in another Terraform configuration

In first_configuration/main.tf

resource "consul_acl_token" "test" {
  accessor_id = "5914ee49-eb8d-4837-9767-9299ec155000"
  description = "my test token"
  local = true

  lifecycle {
    ignore_changes = ["roles"]
  }
}

In second_configuration/main.tf

resource "consul_acl_role" "role" {
  name = "foo"
  description = "Foo"

  service_identities {
    service_name = "foo"
  }
}

resource "consul_acl_token_role_attachment" "attachment" {
  token_id = "00000000-0000-0000-0000-000000000002"
  role_id  = consul_acl_role.role.id
}

NOTE: consul_acl_token would attempt to enforce an empty set of roles, because its roles attribute is empty. For this reason it is necessary to add the lifecycle clause to prevent Terraform from attempting to clear the set of roles associated to the token.

Argument Reference

The following arguments are supported:

Attributes Reference

The following attributes are exported:

Import

consul_acl_token_role_attachment can be imported. This is especially useful to manage the policies attached to the anonymous and the master tokens with Terraform:

$ terraform import consul_acl_token_role_attachment.anonymous token_id:role_id