Generates an IAM policy that may be referenced by and applied to other HCP IAM resources, such as the hcp_project_iam_policy
resource.
To see what each role grants, please see HCP Documentation. The basic roles can be referenced as follows:
roles/owner
roles/admin
roles/contributor
roles/viewer
HCP Vault Secrets specific roles can be referenced as shown below, please see Documentation for more details.
roles/secrets.app-manager
roles/secrets.app-secret-reader
data "hcp_iam_policy" "example" {
bindings = [
{
role = "roles/admin"
principals = [
"example-user-id-1",
"example-group-id-1",
"example-sp-1"
]
},
{
role = "roles/contributor"
principals = [
"example-user-id-2",
"example-group-id-2",
]
},
{
role = "roles/secrets.app-secret-reader"
principals = [
"example-sp-3"
]
},
]
}
bindings
(Attributes Set) A binding associates a set of principals to a role. (see below for nested schema)policy_data
(String) The policy data in a format suitable for reference by resources that support setting IAM policy.bindings
Required:
principals
(Set of String) The set of principals to bind to the given role.role
(String) The role name to bind to the given principals.