vault_gcp_auth_backend_role

Provides a resource to create a role in an GCP auth backend within Vault.

Example Usage

resource "vault_auth_backend" "gcp" {
  path = "gcp"
  type = "gcp"
}

resource "vault_gcp_auth_backend_role" "test" {
  backend                = vault_auth_backend.gcp.path
  role                   = "test"
  type                   = "iam"
  bound_service_accounts = ["test"]
  bound_projects         = ["test"]
  token_ttl              = 300
  token_max_ttl          = 600
  token_policies         = ["policy_a", "policy_b"]
  add_group_aliases      = true
}

Argument Reference

The following arguments are supported:

iam-only Parameters

gce-only Parameters

The following parameters are only valid when the role is of type "gce":

For more details on the usage of each argument consult the Vault GCP API documentation.

Common Token Arguments

These arguments are common across several Authentication Token resources since Vault 1.2.

Attribute Reference

No additional attributes are exposed by this resource.

Import

GCP authentication roles can be imported using the path, e.g.

$ terraform import vault_gcp_auth_backend_role.my_role auth/gcp/role/my_role