Manages policies for an Identity Entity for Vault. The Identity secrets engine is the identity management solution for Vault.
resource "vault_identity_entity" "entity" {
name = "entity"
external_policies = true
}
resource "vault_identity_entity_policies" "policies" {
policies = [
"default",
"test",
]
exclusive = true
entity_id = vault_identity_entity.entity.id
}
resource "vault_identity_entity" "entity" {
name = "entity"
external_policies = true
}
resource "vault_identity_entity_policies" "default" {
policies = [
"default",
"test",
]
exclusive = false
entity_id = vault_identity_entity.entity.id
}
resource "vault_identity_entity_policies" "others" {
policies = [
"others",
]
exclusive = false
entity_id = vault_identity_entity.entity.id
}
The following arguments are supported:
namespace
- (Optional) The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The namespace
is always relative to the provider's configured namespace.
Available only for Vault Enterprise.
policies
- (Required) List of policies to assign to the entity
entity_id
- (Required) Entity ID to assign policies to.
exclusive
- (Optional) Defaults to true
.
If true
, this resource will take exclusive control of the policies assigned to the entity and will set it equal to what is specified in the resource.
If set to false
, this resource will simply ensure that the policies specified in the resource are present in the entity. When destroying the resource, the resource will ensure that the policies specified in the resource are removed.
In addition to all arguments above, the following attributes are exported:
entity_name
- The name of the entity that are assigned the policies.