consul_config_entry_service_intentions (Resource)

The consul_service_intentions_config_entry resource configures service intentions that are configurations for controlling access between services in the service mesh. A single service intentions configuration entry specifies one destination service and one or more L4 traffic sources, L7 traffic sources, or combination of traffic sources.

Example Usage

resource "consul_config_entry" "jwt_provider" {
  name = "okta"
  kind = "jwt-provider"

  config_json = jsonencode({
    ClockSkewSeconds = 30
    Issuer           = "test-issuer"
    JSONWebKeySet = {
      Remote = {
        URI                 = "https://127.0.0.1:9091"
        FetchAsynchronously = true
      }
    }
  })
}

resource "consul_config_entry_service_intentions" "web" {
  name = "web"

  jwt {
    providers {
      name = consul_config_entry.jwt_provider.name

      verify_claims {
        path  = ["perms", "role"]
        value = "admin"
      }
    }
  }

  sources {
    name   = "frontend-webapp"
    type   = "consul"
    action = "allow"
  }

  sources {
    name   = "nightly-cronjob"
    type   = "consul"
    action = "deny"
  }
}

Schema

Required

Optional

Read-Only

Nested Schema for jwt

Optional:

Nested Schema for jwt.providers

Optional:

Nested Schema for jwt.providers.verify_claims

Optional:

Nested Schema for sources

Optional:

Nested Schema for sources.permissions

Required:

Nested Schema for sources.permissions.http

Optional:

Nested Schema for sources.permissions.http.headers

Required:

Optional: