-
Notifications
You must be signed in to change notification settings - Fork 9.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support Consul ACL resources #2331
Comments
When/If we can encrypt state (c.f. #516) then this feels a lot more palatable. |
Perhaps at some point Consul will get the idea of "token accessors" like Vault has, so that it's possible to talk about a token without holding a token. This was mentioned in passing in hashicorp/consul#2334 but I wasn't able to find a top-level issue about it. I feel kinda inclined to just make sure that the Vault provider has reasonable support for Vault's Consul Backend and for now suggest that folks should be issuing Consul ACLs through that, but it does feel a little harsh to say "if you want to manage Consul ACLs with Terraform then you need to deploy Vault first". |
The Consul issue you're looking for, @apparentlymart, is hashicorp/consul#2027. |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
I've love support for Consul ACL resources.
I've taken a quick look, and there's a bit of a decision to be made. Either I have to
/v1/acl/list
endpoint to scroll through all tokens, looking for the one that matches the policy I have in tfstate, or/v1/acl/info/<id>
.I'm keen to hear what people think of this trade-off. My instinct is that relying on
/v1/acl/list
will turn into a mess. In fact, it might not even be possible when there are multiple tokens with the same policy.So we might be stuck with the less secure idea of saving tokens to tfstate?
The text was updated successfully, but these errors were encountered: