Docs Home
Consul v3.12.5 published on Tuesday, Apr 29, 2025 by Pulumi
consul.ConfigEntryServiceIntentions
Explore with Pulumi AI
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as consul from "@pulumi/consul";
const jwtProvider = new consul.ConfigEntry("jwt_provider", {
name: "okta",
kind: "jwt-provider",
configJson: JSON.stringify({
ClockSkewSeconds: 30,
Issuer: "test-issuer",
JSONWebKeySet: {
Remote: {
URI: "https://127.0.0.1:9091",
FetchAsynchronously: true,
},
},
}),
});
const web = new consul.ConfigEntryServiceIntentions("web", {
name: "web",
jwts: [{
providers: [{
name: jwtProvider.name,
verifyClaims: [{
paths: [
"perms",
"role",
],
value: "admin",
}],
}],
}],
sources: [
{
name: "frontend-webapp",
type: "consul",
action: "allow",
},
{
name: "nightly-cronjob",
type: "consul",
action: "deny",
},
],
});
import pulumi
import json
import pulumi_consul as consul
jwt_provider = consul.ConfigEntry("jwt_provider",
name="okta",
kind="jwt-provider",
config_json=json.dumps({
"ClockSkewSeconds": 30,
"Issuer": "test-issuer",
"JSONWebKeySet": {
"Remote": {
"URI": "https://127.0.0.1:9091",
"FetchAsynchronously": True,
},
},
}))
web = consul.ConfigEntryServiceIntentions("web",
name="web",
jwts=[{
"providers": [{
"name": jwt_provider.name,
"verify_claims": [{
"paths": [
"perms",
"role",
],
"value": "admin",
}],
}],
}],
sources=[
{
"name": "frontend-webapp",
"type": "consul",
"action": "allow",
},
{
"name": "nightly-cronjob",
"type": "consul",
"action": "deny",
},
])
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-consul/sdk/v3/go/consul"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tmpJSON0, err := json.Marshal(map[string]interface{}{
"ClockSkewSeconds": 30,
"Issuer": "test-issuer",
"JSONWebKeySet": map[string]interface{}{
"Remote": map[string]interface{}{
"URI": "https://127.0.0.1:9091",
"FetchAsynchronously": true,
},
},
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
jwtProvider, err := consul.NewConfigEntry(ctx, "jwt_provider", &consul.ConfigEntryArgs{
Name: pulumi.String("okta"),
Kind: pulumi.String("jwt-provider"),
ConfigJson: pulumi.String(json0),
})
if err != nil {
return err
}
_, err = consul.NewConfigEntryServiceIntentions(ctx, "web", &consul.ConfigEntryServiceIntentionsArgs{
Name: pulumi.String("web"),
Jwts: consul.ConfigEntryServiceIntentionsJwtArray{
&consul.ConfigEntryServiceIntentionsJwtArgs{
Providers: consul.ConfigEntryServiceIntentionsJwtProviderArray{
&consul.ConfigEntryServiceIntentionsJwtProviderArgs{
Name: jwtProvider.Name,
VerifyClaims: consul.ConfigEntryServiceIntentionsJwtProviderVerifyClaimArray{
&consul.ConfigEntryServiceIntentionsJwtProviderVerifyClaimArgs{
Paths: pulumi.StringArray{
pulumi.String("perms"),
pulumi.String("role"),
},
Value: pulumi.String("admin"),
},
},
},
},
},
},
Sources: consul.ConfigEntryServiceIntentionsSourceArray{
&consul.ConfigEntryServiceIntentionsSourceArgs{
Name: pulumi.String("frontend-webapp"),
Type: pulumi.String("consul"),
Action: pulumi.String("allow"),
},
&consul.ConfigEntryServiceIntentionsSourceArgs{
Name: pulumi.String("nightly-cronjob"),
Type: pulumi.String("consul"),
Action: pulumi.String("deny"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Consul = Pulumi.Consul;
return await Deployment.RunAsync(() =>
{
var jwtProvider = new Consul.ConfigEntry("jwt_provider", new()
{
Name = "okta",
Kind = "jwt-provider",
ConfigJson = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["ClockSkewSeconds"] = 30,
["Issuer"] = "test-issuer",
["JSONWebKeySet"] = new Dictionary<string, object?>
{
["Remote"] = new Dictionary<string, object?>
{
["URI"] = "https://127.0.0.1:9091",
["FetchAsynchronously"] = true,
},
},
}),
});
var web = new Consul.ConfigEntryServiceIntentions("web", new()
{
Name = "web",
Jwts = new[]
{
new Consul.Inputs.ConfigEntryServiceIntentionsJwtArgs
{
Providers = new[]
{
new Consul.Inputs.ConfigEntryServiceIntentionsJwtProviderArgs
{
Name = jwtProvider.Name,
VerifyClaims = new[]
{
new Consul.Inputs.ConfigEntryServiceIntentionsJwtProviderVerifyClaimArgs
{
Paths = new[]
{
"perms",
"role",
},
Value = "admin",
},
},
},
},
},
},
Sources = new[]
{
new Consul.Inputs.ConfigEntryServiceIntentionsSourceArgs
{
Name = "frontend-webapp",
Type = "consul",
Action = "allow",
},
new Consul.Inputs.ConfigEntryServiceIntentionsSourceArgs
{
Name = "nightly-cronjob",
Type = "consul",
Action = "deny",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.consul.ConfigEntry;
import com.pulumi.consul.ConfigEntryArgs;
import com.pulumi.consul.ConfigEntryServiceIntentions;
import com.pulumi.consul.ConfigEntryServiceIntentionsArgs;
import com.pulumi.consul.inputs.ConfigEntryServiceIntentionsJwtArgs;
import com.pulumi.consul.inputs.ConfigEntryServiceIntentionsSourceArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var jwtProvider = new ConfigEntry("jwtProvider", ConfigEntryArgs.builder()
.name("okta")
.kind("jwt-provider")
.configJson(serializeJson(
jsonObject(
jsonProperty("ClockSkewSeconds", 30),
jsonProperty("Issuer", "test-issuer"),
jsonProperty("JSONWebKeySet", jsonObject(
jsonProperty("Remote", jsonObject(
jsonProperty("URI", "https://127.0.0.1:9091"),
jsonProperty("FetchAsynchronously", true)
))
))
)))
.build());
var web = new ConfigEntryServiceIntentions("web", ConfigEntryServiceIntentionsArgs.builder()
.name("web")
.jwts(ConfigEntryServiceIntentionsJwtArgs.builder()
.providers(ConfigEntryServiceIntentionsJwtProviderArgs.builder()
.name(jwtProvider.name())
.verifyClaims(ConfigEntryServiceIntentionsJwtProviderVerifyClaimArgs.builder()
.paths(
"perms",
"role")
.value("admin")
.build())
.build())
.build())
.sources(
ConfigEntryServiceIntentionsSourceArgs.builder()
.name("frontend-webapp")
.type("consul")
.action("allow")
.build(),
ConfigEntryServiceIntentionsSourceArgs.builder()
.name("nightly-cronjob")
.type("consul")
.action("deny")
.build())
.build());
}
}
resources:
jwtProvider:
type: consul:ConfigEntry
name: jwt_provider
properties:
name: okta
kind: jwt-provider
configJson:
fn::toJSON:
ClockSkewSeconds: 30
Issuer: test-issuer
JSONWebKeySet:
Remote:
URI: https://127.0.0.1:9091
FetchAsynchronously: true
web:
type: consul:ConfigEntryServiceIntentions
properties:
name: web
jwts:
- providers:
- name: ${jwtProvider.name}
verifyClaims:
- paths:
- perms
- role
value: admin
sources:
- name: frontend-webapp
type: consul
action: allow
- name: nightly-cronjob
type: consul
action: deny
Create ConfigEntryServiceIntentions Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ConfigEntryServiceIntentions(name: string, args?: ConfigEntryServiceIntentionsArgs, opts?: CustomResourceOptions);@overload
def ConfigEntryServiceIntentions(resource_name: str,
args: Optional[ConfigEntryServiceIntentionsArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def ConfigEntryServiceIntentions(resource_name: str,
opts: Optional[ResourceOptions] = None,
jwts: Optional[Sequence[ConfigEntryServiceIntentionsJwtArgs]] = None,
meta: Optional[Mapping[str, str]] = None,
name: Optional[str] = None,
namespace: Optional[str] = None,
partition: Optional[str] = None,
sources: Optional[Sequence[ConfigEntryServiceIntentionsSourceArgs]] = None)func NewConfigEntryServiceIntentions(ctx *Context, name string, args *ConfigEntryServiceIntentionsArgs, opts ...ResourceOption) (*ConfigEntryServiceIntentions, error)public ConfigEntryServiceIntentions(string name, ConfigEntryServiceIntentionsArgs? args = null, CustomResourceOptions? opts = null)
public ConfigEntryServiceIntentions(String name, ConfigEntryServiceIntentionsArgs args)
public ConfigEntryServiceIntentions(String name, ConfigEntryServiceIntentionsArgs args, CustomResourceOptions options)
type: consul:ConfigEntryServiceIntentions
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ConfigEntryServiceIntentionsArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ConfigEntryServiceIntentionsArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ConfigEntryServiceIntentionsArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ConfigEntryServiceIntentionsArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ConfigEntryServiceIntentionsArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var configEntryServiceIntentionsResource = new Consul.ConfigEntryServiceIntentions("configEntryServiceIntentionsResource", new()
{
Jwts = new[]
{
new Consul.Inputs.ConfigEntryServiceIntentionsJwtArgs
{
Providers = new[]
{
new Consul.Inputs.ConfigEntryServiceIntentionsJwtProviderArgs
{
Name = "string",
VerifyClaims = new[]
{
new Consul.Inputs.ConfigEntryServiceIntentionsJwtProviderVerifyClaimArgs
{
Paths = new[]
{
"string",
},
Value = "string",
},
},
},
},
},
},
Meta =
{
{ "string", "string" },
},
Name = "string",
Namespace = "string",
Partition = "string",
Sources = new[]
{
new Consul.Inputs.ConfigEntryServiceIntentionsSourceArgs
{
Action = "string",
Description = "string",
Name = "string",
Namespace = "string",
Partition = "string",
Peer = "string",
Permissions = new[]
{
new Consul.Inputs.ConfigEntryServiceIntentionsSourcePermissionArgs
{
Action = "string",
Https = new[]
{
new Consul.Inputs.ConfigEntryServiceIntentionsSourcePermissionHttpArgs
{
Headers = new[]
{
new Consul.Inputs.ConfigEntryServiceIntentionsSourcePermissionHttpHeaderArgs
{
Name = "string",
Exact = "string",
Invert = false,
Prefix = "string",
Present = false,
Regex = "string",
Suffix = "string",
},
},
Methods = new[]
{
"string",
},
PathExact = "string",
PathPrefix = "string",
PathRegex = "string",
},
},
},
},
Precedence = 0,
SamenessGroup = "string",
Type = "string",
},
},
});
example, err := consul.NewConfigEntryServiceIntentions(ctx, "configEntryServiceIntentionsResource", &consul.ConfigEntryServiceIntentionsArgs{
Jwts: consul.ConfigEntryServiceIntentionsJwtArray{
&consul.ConfigEntryServiceIntentionsJwtArgs{
Providers: consul.ConfigEntryServiceIntentionsJwtProviderArray{
&consul.ConfigEntryServiceIntentionsJwtProviderArgs{
Name: pulumi.String("string"),
VerifyClaims: consul.ConfigEntryServiceIntentionsJwtProviderVerifyClaimArray{
&consul.ConfigEntryServiceIntentionsJwtProviderVerifyClaimArgs{
Paths: pulumi.StringArray{
pulumi.String("string"),
},
Value: pulumi.String("string"),
},
},
},
},
},
},
Meta: pulumi.StringMap{
"string": pulumi.String("string"),
},
Name: pulumi.String("string"),
Namespace: pulumi.String("string"),
Partition: pulumi.String("string"),
Sources: consul.ConfigEntryServiceIntentionsSourceArray{
&consul.ConfigEntryServiceIntentionsSourceArgs{
Action: pulumi.String("string"),
Description: pulumi.String("string"),
Name: pulumi.String("string"),
Namespace: pulumi.String("string"),
Partition: pulumi.String("string"),
Peer: pulumi.String("string"),
Permissions: consul.ConfigEntryServiceIntentionsSourcePermissionArray{
&consul.ConfigEntryServiceIntentionsSourcePermissionArgs{
Action: pulumi.String("string"),
Https: consul.ConfigEntryServiceIntentionsSourcePermissionHttpArray{
&consul.ConfigEntryServiceIntentionsSourcePermissionHttpArgs{
Headers: consul.ConfigEntryServiceIntentionsSourcePermissionHttpHeaderArray{
&consul.ConfigEntryServiceIntentionsSourcePermissionHttpHeaderArgs{
Name: pulumi.String("string"),
Exact: pulumi.String("string"),
Invert: pulumi.Bool(false),
Prefix: pulumi.String("string"),
Present: pulumi.Bool(false),
Regex: pulumi.String("string"),
Suffix: pulumi.String("string"),
},
},
Methods: pulumi.StringArray{
pulumi.String("string"),
},
PathExact: pulumi.String("string"),
PathPrefix: pulumi.String("string"),
PathRegex: pulumi.String("string"),
},
},
},
},
Precedence: pulumi.Int(0),
SamenessGroup: pulumi.String("string"),
Type: pulumi.String("string"),
},
},
})
var configEntryServiceIntentionsResource = new ConfigEntryServiceIntentions("configEntryServiceIntentionsResource", ConfigEntryServiceIntentionsArgs.builder()
.jwts(ConfigEntryServiceIntentionsJwtArgs.builder()
.providers(ConfigEntryServiceIntentionsJwtProviderArgs.builder()
.name("string")
.verifyClaims(ConfigEntryServiceIntentionsJwtProviderVerifyClaimArgs.builder()
.paths("string")
.value("string")
.build())
.build())
.build())
.meta(Map.of("string", "string"))
.name("string")
.namespace("string")
.partition("string")
.sources(ConfigEntryServiceIntentionsSourceArgs.builder()
.action("string")
.description("string")
.name("string")
.namespace("string")
.partition("string")
.peer("string")
.permissions(ConfigEntryServiceIntentionsSourcePermissionArgs.builder()
.action("string")
.https(ConfigEntryServiceIntentionsSourcePermissionHttpArgs.builder()
.headers(ConfigEntryServiceIntentionsSourcePermissionHttpHeaderArgs.builder()
.name("string")
.exact("string")
.invert(false)
.prefix("string")
.present(false)
.regex("string")
.suffix("string")
.build())
.methods("string")
.pathExact("string")
.pathPrefix("string")
.pathRegex("string")
.build())
.build())
.precedence(0)
.samenessGroup("string")
.type("string")
.build())
.build());
config_entry_service_intentions_resource = consul.ConfigEntryServiceIntentions("configEntryServiceIntentionsResource",
jwts=[{
"providers": [{
"name": "string",
"verify_claims": [{
"paths": ["string"],
"value": "string",
}],
}],
}],
meta={
"string": "string",
},
name="string",
namespace="string",
partition="string",
sources=[{
"action": "string",
"description": "string",
"name": "string",
"namespace": "string",
"partition": "string",
"peer": "string",
"permissions": [{
"action": "string",
"https": [{
"headers": [{
"name": "string",
"exact": "string",
"invert": False,
"prefix": "string",
"present": False,
"regex": "string",
"suffix": "string",
}],
"methods": ["string"],
"path_exact": "string",
"path_prefix": "string",
"path_regex": "string",
}],
}],
"precedence": 0,
"sameness_group": "string",
"type": "string",
}])
const configEntryServiceIntentionsResource = new consul.ConfigEntryServiceIntentions("configEntryServiceIntentionsResource", {
jwts: [{
providers: [{
name: "string",
verifyClaims: [{
paths: ["string"],
value: "string",
}],
}],
}],
meta: {
string: "string",
},
name: "string",
namespace: "string",
partition: "string",
sources: [{
action: "string",
description: "string",
name: "string",
namespace: "string",
partition: "string",
peer: "string",
permissions: [{
action: "string",
https: [{
headers: [{
name: "string",
exact: "string",
invert: false,
prefix: "string",
present: false,
regex: "string",
suffix: "string",
}],
methods: ["string"],
pathExact: "string",
pathPrefix: "string",
pathRegex: "string",
}],
}],
precedence: 0,
samenessGroup: "string",
type: "string",
}],
});
type: consul:ConfigEntryServiceIntentions
properties:
jwts:
- providers:
- name: string
verifyClaims:
- paths:
- string
value: string
meta:
string: string
name: string
namespace: string
partition: string
sources:
- action: string
description: string
name: string
namespace: string
partition: string
peer: string
permissions:
- action: string
https:
- headers:
- exact: string
invert: false
name: string
prefix: string
present: false
regex: string
suffix: string
methods:
- string
pathExact: string
pathPrefix: string
pathRegex: string
precedence: 0
samenessGroup: string
type: string
ConfigEntryServiceIntentions Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ConfigEntryServiceIntentions resource accepts the following input properties:
- Jwts
List<Config
Entry Service Intentions Jwt> - Specifies a JSON Web Token provider configured in a JWT provider configuration entry, as well as additional configurations for verifying a service's JWT before authorizing communication between services
- Meta Dictionary<string, string>
- Specifies key-value pairs to add to the KV store.
- Name string
- Specifies a name of the destination service for all intentions defined in the configuration entry.
- Namespace string
- Specifies the namespace to apply the configuration entry.
- Partition string
- Specifies the admin partition to apply the configuration entry.
- Sources
List<Config
Entry Service Intentions Source> - List of configurations that define intention sources and the authorization granted to the sources.
- Jwts
[]Config
Entry Service Intentions Jwt Args - Specifies a JSON Web Token provider configured in a JWT provider configuration entry, as well as additional configurations for verifying a service's JWT before authorizing communication between services
- Meta map[string]string
- Specifies key-value pairs to add to the KV store.
- Name string
- Specifies a name of the destination service for all intentions defined in the configuration entry.
- Namespace string
- Specifies the namespace to apply the configuration entry.
- Partition string
- Specifies the admin partition to apply the configuration entry.
- Sources
[]Config
Entry Service Intentions Source Args - List of configurations that define intention sources and the authorization granted to the sources.
- jwts
List<Config
Entry Service Intentions Jwt> - Specifies a JSON Web Token provider configured in a JWT provider configuration entry, as well as additional configurations for verifying a service's JWT before authorizing communication between services
- meta Map<String,String>
- Specifies key-value pairs to add to the KV store.
- name String
- Specifies a name of the destination service for all intentions defined in the configuration entry.
- namespace String
- Specifies the namespace to apply the configuration entry.
- partition String
- Specifies the admin partition to apply the configuration entry.
- sources
List<Config
Entry Service Intentions Source> - List of configurations that define intention sources and the authorization granted to the sources.
- jwts
Config
Entry Service Intentions Jwt[] - Specifies a JSON Web Token provider configured in a JWT provider configuration entry, as well as additional configurations for verifying a service's JWT before authorizing communication between services
- meta {[key: string]: string}
- Specifies key-value pairs to add to the KV store.
- name string
- Specifies a name of the destination service for all intentions defined in the configuration entry.
- namespace string
- Specifies the namespace to apply the configuration entry.
- partition string
- Specifies the admin partition to apply the configuration entry.
- sources
Config
Entry Service Intentions Source[] - List of configurations that define intention sources and the authorization granted to the sources.
- jwts
Sequence[Config
Entry Service Intentions Jwt Args] - Specifies a JSON Web Token provider configured in a JWT provider configuration entry, as well as additional configurations for verifying a service's JWT before authorizing communication between services
- meta Mapping[str, str]
- Specifies key-value pairs to add to the KV store.
- name str
- Specifies a name of the destination service for all intentions defined in the configuration entry.
- namespace str
- Specifies the namespace to apply the configuration entry.
- partition str
- Specifies the admin partition to apply the configuration entry.
- sources
Sequence[Config
Entry Service Intentions Source Args] - List of configurations that define intention sources and the authorization granted to the sources.
- jwts List<Property Map>
- Specifies a JSON Web Token provider configured in a JWT provider configuration entry, as well as additional configurations for verifying a service's JWT before authorizing communication between services
- meta Map<String>
- Specifies key-value pairs to add to the KV store.
- name String
- Specifies a name of the destination service for all intentions defined in the configuration entry.
- namespace String
- Specifies the namespace to apply the configuration entry.
- partition String
- Specifies the admin partition to apply the configuration entry.
- sources List<Property Map>
- List of configurations that define intention sources and the authorization granted to the sources.
Outputs
All input properties are implicitly available as output properties. Additionally, the ConfigEntryServiceIntentions resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing ConfigEntryServiceIntentions Resource
Get an existing ConfigEntryServiceIntentions resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ConfigEntryServiceIntentionsState, opts?: CustomResourceOptions): ConfigEntryServiceIntentions@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
jwts: Optional[Sequence[ConfigEntryServiceIntentionsJwtArgs]] = None,
meta: Optional[Mapping[str, str]] = None,
name: Optional[str] = None,
namespace: Optional[str] = None,
partition: Optional[str] = None,
sources: Optional[Sequence[ConfigEntryServiceIntentionsSourceArgs]] = None) -> ConfigEntryServiceIntentionsfunc GetConfigEntryServiceIntentions(ctx *Context, name string, id IDInput, state *ConfigEntryServiceIntentionsState, opts ...ResourceOption) (*ConfigEntryServiceIntentions, error)public static ConfigEntryServiceIntentions Get(string name, Input<string> id, ConfigEntryServiceIntentionsState? state, CustomResourceOptions? opts = null)public static ConfigEntryServiceIntentions get(String name, Output<String> id, ConfigEntryServiceIntentionsState state, CustomResourceOptions options)resources: _: type: consul:ConfigEntryServiceIntentions get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Jwts
List<Config
Entry Service Intentions Jwt> - Specifies a JSON Web Token provider configured in a JWT provider configuration entry, as well as additional configurations for verifying a service's JWT before authorizing communication between services
- Meta Dictionary<string, string>
- Specifies key-value pairs to add to the KV store.
- Name string
- Specifies a name of the destination service for all intentions defined in the configuration entry.
- Namespace string
- Specifies the namespace to apply the configuration entry.
- Partition string
- Specifies the admin partition to apply the configuration entry.
- Sources
List<Config
Entry Service Intentions Source> - List of configurations that define intention sources and the authorization granted to the sources.
- Jwts
[]Config
Entry Service Intentions Jwt Args - Specifies a JSON Web Token provider configured in a JWT provider configuration entry, as well as additional configurations for verifying a service's JWT before authorizing communication between services
- Meta map[string]string
- Specifies key-value pairs to add to the KV store.
- Name string
- Specifies a name of the destination service for all intentions defined in the configuration entry.
- Namespace string
- Specifies the namespace to apply the configuration entry.
- Partition string
- Specifies the admin partition to apply the configuration entry.
- Sources
[]Config
Entry Service Intentions Source Args - List of configurations that define intention sources and the authorization granted to the sources.
- jwts
List<Config
Entry Service Intentions Jwt> - Specifies a JSON Web Token provider configured in a JWT provider configuration entry, as well as additional configurations for verifying a service's JWT before authorizing communication between services
- meta Map<String,String>
- Specifies key-value pairs to add to the KV store.
- name String
- Specifies a name of the destination service for all intentions defined in the configuration entry.
- namespace String
- Specifies the namespace to apply the configuration entry.
- partition String
- Specifies the admin partition to apply the configuration entry.
- sources
List<Config
Entry Service Intentions Source> - List of configurations that define intention sources and the authorization granted to the sources.
- jwts
Config
Entry Service Intentions Jwt[] - Specifies a JSON Web Token provider configured in a JWT provider configuration entry, as well as additional configurations for verifying a service's JWT before authorizing communication between services
- meta {[key: string]: string}
- Specifies key-value pairs to add to the KV store.
- name string
- Specifies a name of the destination service for all intentions defined in the configuration entry.
- namespace string
- Specifies the namespace to apply the configuration entry.
- partition string
- Specifies the admin partition to apply the configuration entry.
- sources
Config
Entry Service Intentions Source[] - List of configurations that define intention sources and the authorization granted to the sources.
- jwts
Sequence[Config
Entry Service Intentions Jwt Args] - Specifies a JSON Web Token provider configured in a JWT provider configuration entry, as well as additional configurations for verifying a service's JWT before authorizing communication between services
- meta Mapping[str, str]
- Specifies key-value pairs to add to the KV store.
- name str
- Specifies a name of the destination service for all intentions defined in the configuration entry.
- namespace str
- Specifies the namespace to apply the configuration entry.
- partition str
- Specifies the admin partition to apply the configuration entry.
- sources
Sequence[Config
Entry Service Intentions Source Args] - List of configurations that define intention sources and the authorization granted to the sources.
- jwts List<Property Map>
- Specifies a JSON Web Token provider configured in a JWT provider configuration entry, as well as additional configurations for verifying a service's JWT before authorizing communication between services
- meta Map<String>
- Specifies key-value pairs to add to the KV store.
- name String
- Specifies a name of the destination service for all intentions defined in the configuration entry.
- namespace String
- Specifies the namespace to apply the configuration entry.
- partition String
- Specifies the admin partition to apply the configuration entry.
- sources List<Property Map>
- List of configurations that define intention sources and the authorization granted to the sources.
Supporting Types
ConfigEntryServiceIntentionsJwt, ConfigEntryServiceIntentionsJwtArgs
- Providers
List<Config
Entry Service Intentions Jwt Provider> - Specifies the names of one or more previously configured JWT provider configuration entries, which include the information necessary to validate a JSON web token.
- Providers
[]Config
Entry Service Intentions Jwt Provider - Specifies the names of one or more previously configured JWT provider configuration entries, which include the information necessary to validate a JSON web token.
- providers
List<Config
Entry Service Intentions Jwt Provider> - Specifies the names of one or more previously configured JWT provider configuration entries, which include the information necessary to validate a JSON web token.
- providers
Config
Entry Service Intentions Jwt Provider[] - Specifies the names of one or more previously configured JWT provider configuration entries, which include the information necessary to validate a JSON web token.
- providers
Sequence[Config
Entry Service Intentions Jwt Provider] - Specifies the names of one or more previously configured JWT provider configuration entries, which include the information necessary to validate a JSON web token.
- providers List<Property Map>
- Specifies the names of one or more previously configured JWT provider configuration entries, which include the information necessary to validate a JSON web token.
ConfigEntryServiceIntentionsJwtProvider, ConfigEntryServiceIntentionsJwtProviderArgs
- Name string
- Specifies the name of a JWT provider defined in the Name field of the jwt-provider configuration entry.
- Verify
Claims List<ConfigEntry Service Intentions Jwt Provider Verify Claim> - Specifies additional token information to verify beyond what is configured in the JWT provider configuration entry.
- Name string
- Specifies the name of a JWT provider defined in the Name field of the jwt-provider configuration entry.
- Verify
Claims []ConfigEntry Service Intentions Jwt Provider Verify Claim - Specifies additional token information to verify beyond what is configured in the JWT provider configuration entry.
- name String
- Specifies the name of a JWT provider defined in the Name field of the jwt-provider configuration entry.
- verify
Claims List<ConfigEntry Service Intentions Jwt Provider Verify Claim> - Specifies additional token information to verify beyond what is configured in the JWT provider configuration entry.
- name string
- Specifies the name of a JWT provider defined in the Name field of the jwt-provider configuration entry.
- verify
Claims ConfigEntry Service Intentions Jwt Provider Verify Claim[] - Specifies additional token information to verify beyond what is configured in the JWT provider configuration entry.
- name str
- Specifies the name of a JWT provider defined in the Name field of the jwt-provider configuration entry.
- verify_
claims Sequence[ConfigEntry Service Intentions Jwt Provider Verify Claim] - Specifies additional token information to verify beyond what is configured in the JWT provider configuration entry.
- name String
- Specifies the name of a JWT provider defined in the Name field of the jwt-provider configuration entry.
- verify
Claims List<Property Map> - Specifies additional token information to verify beyond what is configured in the JWT provider configuration entry.
ConfigEntryServiceIntentionsJwtProviderVerifyClaim, ConfigEntryServiceIntentionsJwtProviderVerifyClaimArgs
ConfigEntryServiceIntentionsSource, ConfigEntryServiceIntentionsSourceArgs
- Action string
- Specifies the action to take when the source sends traffic to the destination service.
- Description string
- Specifies a description of the intention.
- Name string
- Specifies the name of the source that the intention allows or denies traffic from.
- Namespace string
- Specifies the traffic source namespace that the intention allows or denies traffic from.
- Partition string
- Specifies the name of an admin partition that the intention allows or denies traffic from.
- Peer string
- Specifies the name of a peered Consul cluster that the intention allows or denies traffic from
- Permissions
List<Config
Entry Service Intentions Source Permission> - Specifies a list of permissions for L7 traffic sources. The list contains one or more actions and a set of match criteria for each action.
- Precedence int
- The Precedence field contains a read-only integer. Consul generates the value based on name configurations for the source and destination services.
- Sameness
Group string - Specifies the name of a sameness group that the intention allows or denies traffic from.
- Type string
- Specifies the type of destination service that the configuration entry applies to.
- Action string
- Specifies the action to take when the source sends traffic to the destination service.
- Description string
- Specifies a description of the intention.
- Name string
- Specifies the name of the source that the intention allows or denies traffic from.
- Namespace string
- Specifies the traffic source namespace that the intention allows or denies traffic from.
- Partition string
- Specifies the name of an admin partition that the intention allows or denies traffic from.
- Peer string
- Specifies the name of a peered Consul cluster that the intention allows or denies traffic from
- Permissions
[]Config
Entry Service Intentions Source Permission - Specifies a list of permissions for L7 traffic sources. The list contains one or more actions and a set of match criteria for each action.
- Precedence int
- The Precedence field contains a read-only integer. Consul generates the value based on name configurations for the source and destination services.
- Sameness
Group string - Specifies the name of a sameness group that the intention allows or denies traffic from.
- Type string
- Specifies the type of destination service that the configuration entry applies to.
- action String
- Specifies the action to take when the source sends traffic to the destination service.
- description String
- Specifies a description of the intention.
- name String
- Specifies the name of the source that the intention allows or denies traffic from.
- namespace String
- Specifies the traffic source namespace that the intention allows or denies traffic from.
- partition String
- Specifies the name of an admin partition that the intention allows or denies traffic from.
- peer String
- Specifies the name of a peered Consul cluster that the intention allows or denies traffic from
- permissions
List<Config
Entry Service Intentions Source Permission> - Specifies a list of permissions for L7 traffic sources. The list contains one or more actions and a set of match criteria for each action.
- precedence Integer
- The Precedence field contains a read-only integer. Consul generates the value based on name configurations for the source and destination services.
- sameness
Group String - Specifies the name of a sameness group that the intention allows or denies traffic from.
- type String
- Specifies the type of destination service that the configuration entry applies to.
- action string
- Specifies the action to take when the source sends traffic to the destination service.
- description string
- Specifies a description of the intention.
- name string
- Specifies the name of the source that the intention allows or denies traffic from.
- namespace string
- Specifies the traffic source namespace that the intention allows or denies traffic from.
- partition string
- Specifies the name of an admin partition that the intention allows or denies traffic from.
- peer string
- Specifies the name of a peered Consul cluster that the intention allows or denies traffic from
- permissions
Config
Entry Service Intentions Source Permission[] - Specifies a list of permissions for L7 traffic sources. The list contains one or more actions and a set of match criteria for each action.
- precedence number
- The Precedence field contains a read-only integer. Consul generates the value based on name configurations for the source and destination services.
- sameness
Group string - Specifies the name of a sameness group that the intention allows or denies traffic from.
- type string
- Specifies the type of destination service that the configuration entry applies to.
- action str
- Specifies the action to take when the source sends traffic to the destination service.
- description str
- Specifies a description of the intention.
- name str
- Specifies the name of the source that the intention allows or denies traffic from.
- namespace str
- Specifies the traffic source namespace that the intention allows or denies traffic from.
- partition str
- Specifies the name of an admin partition that the intention allows or denies traffic from.
- peer str
- Specifies the name of a peered Consul cluster that the intention allows or denies traffic from
- permissions
Sequence[Config
Entry Service Intentions Source Permission] - Specifies a list of permissions for L7 traffic sources. The list contains one or more actions and a set of match criteria for each action.
- precedence int
- The Precedence field contains a read-only integer. Consul generates the value based on name configurations for the source and destination services.
- sameness_
group str - Specifies the name of a sameness group that the intention allows or denies traffic from.
- type str
- Specifies the type of destination service that the configuration entry applies to.
- action String
- Specifies the action to take when the source sends traffic to the destination service.
- description String
- Specifies a description of the intention.
- name String
- Specifies the name of the source that the intention allows or denies traffic from.
- namespace String
- Specifies the traffic source namespace that the intention allows or denies traffic from.
- partition String
- Specifies the name of an admin partition that the intention allows or denies traffic from.
- peer String
- Specifies the name of a peered Consul cluster that the intention allows or denies traffic from
- permissions List<Property Map>
- Specifies a list of permissions for L7 traffic sources. The list contains one or more actions and a set of match criteria for each action.
- precedence Number
- The Precedence field contains a read-only integer. Consul generates the value based on name configurations for the source and destination services.
- sameness
Group String - Specifies the name of a sameness group that the intention allows or denies traffic from.
- type String
- Specifies the type of destination service that the configuration entry applies to.
ConfigEntryServiceIntentionsSourcePermission, ConfigEntryServiceIntentionsSourcePermissionArgs
- Action string
- Specifies the action to take when the source sends traffic to the destination service. The value is either allow or deny.
- Https
List<Config
Entry Service Intentions Source Permission Http> - Specifies a set of HTTP-specific match criteria.
- Action string
- Specifies the action to take when the source sends traffic to the destination service. The value is either allow or deny.
- Https
[]Config
Entry Service Intentions Source Permission Http - Specifies a set of HTTP-specific match criteria.
- action String
- Specifies the action to take when the source sends traffic to the destination service. The value is either allow or deny.
- https
List<Config
Entry Service Intentions Source Permission Http> - Specifies a set of HTTP-specific match criteria.
- action string
- Specifies the action to take when the source sends traffic to the destination service. The value is either allow or deny.
- https
Config
Entry Service Intentions Source Permission Http[] - Specifies a set of HTTP-specific match criteria.
- action str
- Specifies the action to take when the source sends traffic to the destination service. The value is either allow or deny.
- https
Sequence[Config
Entry Service Intentions Source Permission Http] - Specifies a set of HTTP-specific match criteria.
- action String
- Specifies the action to take when the source sends traffic to the destination service. The value is either allow or deny.
- https List<Property Map>
- Specifies a set of HTTP-specific match criteria.
ConfigEntryServiceIntentionsSourcePermissionHttp, ConfigEntryServiceIntentionsSourcePermissionHttpArgs
- Headers
List<Config
Entry Service Intentions Source Permission Http Header> - Specifies a header name and matching criteria for HTTP request headers.
- Methods List<string>
- Specifies a list of HTTP methods.
- Path
Exact string - Specifies an exact path to match on the HTTP request path.
- Path
Prefix string - Specifies a path prefix to match on the HTTP request path.
- Path
Regex string - Defines a regular expression to match on the HTTP request path.
- Headers
[]Config
Entry Service Intentions Source Permission Http Header - Specifies a header name and matching criteria for HTTP request headers.
- Methods []string
- Specifies a list of HTTP methods.
- Path
Exact string - Specifies an exact path to match on the HTTP request path.
- Path
Prefix string - Specifies a path prefix to match on the HTTP request path.
- Path
Regex string - Defines a regular expression to match on the HTTP request path.
- headers
List<Config
Entry Service Intentions Source Permission Http Header> - Specifies a header name and matching criteria for HTTP request headers.
- methods List<String>
- Specifies a list of HTTP methods.
- path
Exact String - Specifies an exact path to match on the HTTP request path.
- path
Prefix String - Specifies a path prefix to match on the HTTP request path.
- path
Regex String - Defines a regular expression to match on the HTTP request path.
- headers
Config
Entry Service Intentions Source Permission Http Header[] - Specifies a header name and matching criteria for HTTP request headers.
- methods string[]
- Specifies a list of HTTP methods.
- path
Exact string - Specifies an exact path to match on the HTTP request path.
- path
Prefix string - Specifies a path prefix to match on the HTTP request path.
- path
Regex string - Defines a regular expression to match on the HTTP request path.
- headers
Sequence[Config
Entry Service Intentions Source Permission Http Header] - Specifies a header name and matching criteria for HTTP request headers.
- methods Sequence[str]
- Specifies a list of HTTP methods.
- path_
exact str - Specifies an exact path to match on the HTTP request path.
- path_
prefix str - Specifies a path prefix to match on the HTTP request path.
- path_
regex str - Defines a regular expression to match on the HTTP request path.
- headers List<Property Map>
- Specifies a header name and matching criteria for HTTP request headers.
- methods List<String>
- Specifies a list of HTTP methods.
- path
Exact String - Specifies an exact path to match on the HTTP request path.
- path
Prefix String - Specifies a path prefix to match on the HTTP request path.
- path
Regex String - Defines a regular expression to match on the HTTP request path.
ConfigEntryServiceIntentionsSourcePermissionHttpHeader, ConfigEntryServiceIntentionsSourcePermissionHttpHeaderArgs
- Name string
- Specifies the name of the header to match.
- Exact string
- Specifies a value for the header key set in the Name field. If the request header value matches the Exact value, Consul applies the permission.
- Invert bool
- Inverts the matching logic configured in the Header.
- Prefix string
- Specifies a prefix value for the header key set in the Name field.
- Present bool
- Enables a match if the header configured in the Name field appears in the request. Consul matches on any value as long as the header key appears in the request.
- Regex string
- Specifies a regular expression pattern as the value for the header key set in the Name field.
- Suffix string
- Specifies a suffix value for the header key set in the Name field.
- Name string
- Specifies the name of the header to match.
- Exact string
- Specifies a value for the header key set in the Name field. If the request header value matches the Exact value, Consul applies the permission.
- Invert bool
- Inverts the matching logic configured in the Header.
- Prefix string
- Specifies a prefix value for the header key set in the Name field.
- Present bool
- Enables a match if the header configured in the Name field appears in the request. Consul matches on any value as long as the header key appears in the request.
- Regex string
- Specifies a regular expression pattern as the value for the header key set in the Name field.
- Suffix string
- Specifies a suffix value for the header key set in the Name field.
- name String
- Specifies the name of the header to match.
- exact String
- Specifies a value for the header key set in the Name field. If the request header value matches the Exact value, Consul applies the permission.
- invert Boolean
- Inverts the matching logic configured in the Header.
- prefix String
- Specifies a prefix value for the header key set in the Name field.
- present Boolean
- Enables a match if the header configured in the Name field appears in the request. Consul matches on any value as long as the header key appears in the request.
- regex String
- Specifies a regular expression pattern as the value for the header key set in the Name field.
- suffix String
- Specifies a suffix value for the header key set in the Name field.
- name string
- Specifies the name of the header to match.
- exact string
- Specifies a value for the header key set in the Name field. If the request header value matches the Exact value, Consul applies the permission.
- invert boolean
- Inverts the matching logic configured in the Header.
- prefix string
- Specifies a prefix value for the header key set in the Name field.
- present boolean
- Enables a match if the header configured in the Name field appears in the request. Consul matches on any value as long as the header key appears in the request.
- regex string
- Specifies a regular expression pattern as the value for the header key set in the Name field.
- suffix string
- Specifies a suffix value for the header key set in the Name field.
- name str
- Specifies the name of the header to match.
- exact str
- Specifies a value for the header key set in the Name field. If the request header value matches the Exact value, Consul applies the permission.
- invert bool
- Inverts the matching logic configured in the Header.
- prefix str
- Specifies a prefix value for the header key set in the Name field.
- present bool
- Enables a match if the header configured in the Name field appears in the request. Consul matches on any value as long as the header key appears in the request.
- regex str
- Specifies a regular expression pattern as the value for the header key set in the Name field.
- suffix str
- Specifies a suffix value for the header key set in the Name field.
- name String
- Specifies the name of the header to match.
- exact String
- Specifies a value for the header key set in the Name field. If the request header value matches the Exact value, Consul applies the permission.
- invert Boolean
- Inverts the matching logic configured in the Header.
- prefix String
- Specifies a prefix value for the header key set in the Name field.
- present Boolean
- Enables a match if the header configured in the Name field appears in the request. Consul matches on any value as long as the header key appears in the request.
- regex String
- Specifies a regular expression pattern as the value for the header key set in the Name field.
- suffix String
- Specifies a suffix value for the header key set in the Name field.
Package Details
- Repository
- HashiCorp Consul pulumi/pulumi-consul
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
consulTerraform Provider.