Manages policies for an Identity Group for Vault. The Identity secrets engine is the identity management solution for Vault.
resource "vault_identity_group" "internal" {
name = "internal"
type = "internal"
external_policies = true
metadata = {
version = "2"
}
}
resource "vault_identity_group_policies" "policies" {
policies = [
"default",
"test",
]
exclusive = true
group_id = vault_identity_group.internal.id
}
resource "vault_identity_group" "internal" {
name = "internal"
type = "internal"
external_policies = true
metadata = {
version = "2"
}
}
resource "vault_identity_group_policies" "default" {
policies = [
"default",
"test",
]
exclusive = false
group_id = vault_identity_group.internal.id
}
resource "vault_identity_group_policies" "others" {
policies = [
"others",
]
exclusive = false
group_id = vault_identity_group.internal.id
}
The following arguments are supported:
namespace
- (Optional) The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The namespace
is always relative to the provider's configured namespace.
Available only for Vault Enterprise.
policies
- (Required) List of policies to assign to the group
group_id
- (Required) Group ID to assign policies to.
exclusive
- (Optional) Defaults to true
.
If true
, this resource will take exclusive control of the policies assigned to the group and will set it equal to what is specified in the resource.
If set to false
, this resource will simply ensure that the policies specified in the resource are present in the group. When destroying the resource, the resource will ensure that the policies specified in the resource are removed.
In addition to all arguments above, the following attributes are exported:
group_name
- The name of the group that are assigned the policies.