Sets the Vault Secrets App IAM policy and replaces any existing policy.
data "hcp_iam_policy" "example" {
bindings = [
{
role = "roles/secrets.app-secret-reader"
principals = [
"example-user-id-1",
"example-group-id-1",
"example-sp-1"
]
},
]
}
resource "hcp_vault_secrets_app" "example" {
app_name = "example-app-name"
description = "My new app!"
}
resource "hcp_vault_secrets_app_iam_policy" "example" {
resource_name = hcp_vault_secrets_app.example.resource_name
policy_data = data.hcp_iam_policy.example.policy_data
}
policy_data
(String) The policy to apply.resource_name
(String) The app's resource name in the format secrets/project/etag
(String) The etag captures the existing state of the policy.Import is supported using the following syntax:
# Vault Secrets App IAM Policy can be imported by specifying the resource name of the app
terraform import hcp_vault_secrets_app_iam_policy.example secrets/project/41d107a7-eea6-4b5e-8481-508ab29e2b07/app/example-app-name