Starting with Consul 1.5.0, the consul_acl_binding_rule resource can be used to managed Consul ACL binding rules.
resource "consul_acl_auth_method" "minikube" {
name = "minikube"
type = "kubernetes"
description = "dev minikube cluster"
config = {
Host = "https://192.0.2.42:8443"
CACert = "-----BEGIN CERTIFICATE-----\n...-----END CERTIFICATE-----\n"
ServiceAccountJWT = "eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9..."
}
}
resource "consul_acl_binding_rule" "test" {
auth_method = consul_acl_auth_method.minikube.name
description = "foobar"
selector = "serviceaccount.namespace==default"
bind_type = "service"
bind_name = "minikube"
}
auth_method
(String) The name of the ACL auth method this rule apply.bind_name
(String) The name to bind to a token at login-time.bind_type
(String) Specifies the way the binding rule affects a token created at login.bind_vars
(Block List, Max: 1) The variables used when binding rule type is templated-policy
. Can be lightly templated using HIL ${foo}
syntax from available field names. (see below for nested schema)description
(String) A free form human readable description of the binding rule.namespace
(String) The namespace to create the binding rule within.partition
(String) The partition the ACL binding rule is associated with.selector
(String) The expression used to match this rule against valid identities returned from an auth method validation.id
(String) The ID of this resource.bind_vars
Optional:
name
(String) The name of node, workload identity or service.