The consul_acl_token_role_attachment
resource links a Consul Token and an ACL
role. The link is implemented through an update to the Consul ACL token.
resource "consul_acl_role" "role" {
name = "foo"
description = "Foo"
service_identities {
service_name = "foo"
}
}
resource "consul_acl_token_role_attachment" "attachment" {
token_id = "00000000-0000-0000-0000-000000000002"
role_id = consul_acl_role.role.id
}
first_configuration/main.tf
resource "consul_acl_token" "test" {
accessor_id = "5914ee49-eb8d-4837-9767-9299ec155000"
description = "my test token"
local = true
lifecycle {
ignore_changes = ["roles"]
}
}
second_configuration/main.tf
resource "consul_acl_role" "role" {
name = "foo"
description = "Foo"
service_identities {
service_name = "foo"
}
}
resource "consul_acl_token_role_attachment" "attachment" {
token_id = "00000000-0000-0000-0000-000000000002"
role_id = consul_acl_role.role.id
}
NOTE: consul_acl_token
would attempt to enforce an empty set of roles,
because its roles
attribute is empty. For this reason it is necessary to add
the lifecycle clause to prevent Terraform from attempting to clear the set of
roles associated to the token.
The following arguments are supported:
token_id
- (Required) The id of the token.role_id
- (Required) The id of the role to attach to the token.The following attributes are exported:
id
- The attachment ID.token_id
- The id of the token.role_id
- The id of the role attached to the token.consul_acl_token_role_attachment
can be imported. This is especially useful to manage the
policies attached to the anonymous and the master tokens with Terraform:
$ terraform import consul_acl_token_role_attachment.anonymous token_id:role_id