consul_acl_auth_method (Resource)

Starting with Consul 1.5.0, the consul_acl_auth_method resource can be used to managed Consul ACL auth methods.

Example Usage

Define a kubernetes auth method:

resource "consul_acl_auth_method" "minikube" {
  name        = "minikube"
  type        = "kubernetes"
  description = "dev minikube cluster"

  config_json = jsonencode({
    Host              = "https://192.0.2.42:8443"
    CACert            = "-----BEGIN CERTIFICATE-----\n...-----END CERTIFICATE-----\n"
    ServiceAccountJWT = "eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9..."
  })
}

Define a jwt auth method:

resource "consul_acl_auth_method" "oidc" {
  name          = "auth0"
  type          = "oidc"
  max_token_ttl = "5m"

  config_json = jsonencode({
    AllowedRedirectURIs = [
      "http://localhost:8550/oidc/callback",
      "http://localhost:8500/ui/oidc/callback"
    ]
    BoundAudiences = [
      "V1RPi2MYptMV1RPi2MYptMV1RPi2MYpt"
    ]
    ClaimMappings = {
      "http://example.com/first_name" = "first_name"
      "http://example.com/last_name"  = "last_name"
    }
    ListClaimMappings = {
      "http://consul.com/groups" = "groups"
    }
    OIDCClientID     = "V1RPi2MYptMV1RPi2MYptMV1RPi2MYpt"
    OIDCClientSecret = "...(omitted)..."
    OIDCDiscoveryURL = "https://my-corp-app-name.auth0.com/"
  })
}

Schema

Required

Optional

Read-Only

Nested Schema for namespace_rule

Required:

Optional: