The consul_namespace_role_attachment
resource links a Consul Namespace and an ACL
role. The link is implemented through an update to the Consul Namespace.
resource "consul_acl_role" "agent" {
name = "agent"
}
resource "consul_namespace_role_attachment" "attachment" {
namespace = "default"
role = consul_acl_role.agent.name
}
first_configuration/main.tf
resource "consul_namespace" "qa" {
name = "qa"
lifecycle {
ignore_changes = [role_defaults]
}
}
second_configuration/main.tf
resource "consul_acl_role" "agent" {
name = "agent"
}
resource "consul_namespace_role_attachment" "attachment" {
namespace = "qa"
role = consul_acl_role.agent.name
}
NOTE: consul_acl_namespace would attempt to enforce an empty set of default
roles, because its role_defaults
attribute is empty. For this reason it
is necessary to add the lifecycle clause to prevent Terraform from attempting to
empty the set of policies associated to the namespace.
The following arguments are supported:
namespace
- (Required) The namespace to attach the role to.role
- (Required) The name of the role attached to the namespace.The following attributes are exported:
id
- The attachment ID.namespace
- The name of the namespace.role
- The name of the role attached to the namespace.consul_namespace_role_attachment
can be imported. This is especially useful
to manage the policies attached to the default
namespace:
$ terraform import consul_namespace_role_attachment.default default:role_name