» consul_intention

Intentions are used to define rules for which services may connect to one another when using Consul Connect.

It is appropriate to either reference existing services or specify non-existent services that will be created in the future when creating intentions. This resource can be used in conjunction with the consul_service datasource when referencing services registered on nodes that have a running Consul agent.

» Example Usage

Create a simplest intention with static service names:

resource "consul_intention" "database" {
  source_name      = "api"
  destination_name = "db"
  action           = "allow"
}

Referencing a known service via a datasource:

resource "consul_intention" "database" {
  source_name      = "api"
  destination_name = "${consul_service.pg.name}"
  action           = "allow"
}

data "consul_service" "pg" {
  name = "postgresql"
}

» Argument Reference

The following arguments are supported:

  • source_name - (Required, string) The name of the source service for the intention. This service does not have to exist.

  • destination_name - (Required, string) The name of the destination service for the intention. This service does not have to exist.

  • action - (Required, string) The intention action. Must be one of allow or deny.

  • meta - (Optional, map) Key/value pairs that are opaque to Consul and are associated with the intention.

  • description - (Optional, string) Optional description that can be used by Consul tooling, but is not used internally.

  • datacenter - (Optional) The datacenter to use. This overrides the datacenter in the provider setup and the agent's default datacenter.

» Attributes Reference

The following attributes are exported:

  • id - The ID of the intention.
  • source_name - The source for the intention.
  • destination_name - The destination for the intention.
  • description - A description of the intention.
  • meta - Key/value pairs associated with the intention.