Manage roles¶
Note
In the Juju ecosystem, roles are supported only when using JAAS.
Reference an externally managed role¶
To reference a role you’ve created outside of the current Terraform plan, in your Terraform plan add a data source of the juju_jaas_role type, specifying the name of the role. Optionally, you may also output the role’s UUID so you can later reference it in other resources. For example:
data "juju_jaas_role" "test" {
name = "role-0"
}
output "role_uuid" {
value = data.juju_jaas_role.test.uuid
}
See more:
juju_jaas_role(data source)
Add a role¶
To add a role, in your Terraform plan create a resource of the juju_jaas_role type, specifying its name. For example:
resource "juju_jaas_role" "development" {
name = "model-reader"
}
See more:
juju_jaas_role(resource)
Manage access to a role¶
When using Juju with JAAS, to grant access to a role, in your Terraform plan add a resource type juju_jaas_access_role. Access can be granted to one or more users, service accounts, and/or groups. You must specify the role, the JAAS role access level, and the list of desired users, service accounts, and/or groups. For example:
Note
At present, the only valid JAAS role access level is assignee, so granting an entity access to a role effectively means giving them a particular role.
resource "juju_jaas_access_role" "development" {
role_id = juju_jaas_role.target-role.uuid
roles = [juju_jaas_role.development.uuid]
access = "assignee"
users = ["[email protected]"]
service_accounts = ["Client-ID-1", "Client-ID-2"]
}
See more:
juju_jaas_access_role, JAAS | Role access levels