Intentions are used to define rules for which services may connect to one another when using Consul Connect.
It is appropriate to either reference existing services or specify non-existent services that will be created in the future when creating intentions. This resource can be used in conjunction with the consul_service datasource when referencing services registered on nodes that have a running Consul agent.
Create a simplest intention with static service names:
resource "consul_intention" "database" {
source_name = "api"
destination_name = "db"
action = "allow"
}
Referencing a known service via a datasource:
resource "consul_intention" "database" {
source_name = "api"
destination_name = "${consul_catalog_service.pg.name}"
action = "allow"
}
data "consul_service" "pg" {
name = "postgresql"
}
The following arguments are supported:
source_name - (Required, string) The name of the source service for the intention. This service does not have to exist.
destination_name - (Required, string) The name of the destination service for the intention. This service does not have to exist.
action - (Required, string) The intention action. Must be one of allow or deny.
meta - (Optional, map) Key/value pairs that are opaque to Consul and are associated with the intention.
description - (Optional, string) Optional description that can be used by Consul tooling, but is not used internally.
datacenter - (Optional) The datacenter to use. This overrides the datacenter in the provider setup and the agent's default datacenter.
The following attributes are exported:
id - The ID of the intention. source_name - The source for the intention. destination_name - The destination for the intention. description - A description of the intention. meta - Key/value pairs associated with the intention.
© 2018 HashiCorpLicensed under the MPL 2.0 License.
https://www.terraform.io/docs/providers/consul/r/intention.html