Updated version, added acl profile exceptions example

VERSION

@@ -1 +1 @@
-0.1.0-rc.1
+0.1.0-rc.2

examples/acl-profile-exceptions/README.md

@@ -0,0 +1,78 @@
+# ACL Profile Exceptions Configuration Example
+
+Configuration in this directory demonstrates configuring [ACL profile exceptions](https://docs.solace.com/Security/Managing-Access-Control-Lists.htm) on the PubSub+ event broker, leveraging the Client Terraform module.
+
+One set of use cases is if the assigned ACL profile is restrictive (the default value is "disallow") and individual permissions are added as exceptions. Other cases need individual exceptions to a permissive profile. Both serve the configuration of specific requirements of the client being provisioned.
+
+The following ACL profile exceptions are supported:
+* Publish topic exception
+* Subscribe topic exception
+* Subscribe share name exception
+* Client connect exception
+
+Also note that topic exceptions may use [substitution variables](https://docs.solace.com/Security/Granting-Clients-Access.htm#Using), which will also be demonstrated.
+
+## Module Configuration in the Example
+
+### Required Inputs
+
+* `msg_vpn_name` - set to `default` in the example
+* `client_identifier_type` - set to `client_username`
+* `client_identifier_name` - set to `myclient` in the example.
+* `client_profile_name` - `default`, in the example
+* `acl_profile_name` - `default`, in the example. The "default" ACL profile's default actions are "allow", so all exceptions defined will be denied.
+
+### Optional Inputs
+
+* `acl_profile_publish_topic_exceptions`, `acl_profile_subscribe_share_name_exceptions`, `acl_profile_subscribe_topic_exceptions`, `acl_profile_client_connect_exceptions` - examples show how to define them in a list form.
+
+Optional module input variables have the same name as the attributes of the underlying provider resource. If omitted then the default for the related resource attribute will be configured on the broker. For attributes and defaults, refer to the [documentation of "solacebroker_msg_vpn_client_username"](https://registry.terraform.io/providers/SolaceProducts/solacebroker/latest/docs/resources/msg_vpn_client_username#optional).
+
+The module default for the `enabled` variable is true, which enables both the RDP and the REST consumer resources.
+
+### Output
+
+The module `client_username` output refers to the created client username.
+
+## Created resources
+
+This example will create following resources:
+
+* `solacebroker_msg_vpn_client_username`
+
+## Running the Example
+
+### Access to a PubSub+ broker
+
+If you don't already have access to a broker, refer to the [Developers page](https://www.solace.dev/) for options to get started.
+
+### Sample source code
+
+The sample is available from the module GitHub repo:
+
+```bash
+git clone https://github.com/SolaceProducts/terraform-solacebroker-rest-delivery.git
+cd examples/adding-headers
+```
+
+### Adjust Provider Configuration
+
+Adjust the [provider parameters](https://registry.terraform.io/providers/SolaceProducts/solacebroker/latest/docs#schema) in `main.tf` according to your broker. The example configuration shows settings for a local broker running in Docker.
+
+### Create the resource
+
+Hint: You can verify configuration changes on the broker, before and after, using the [PubSub+ Broker Manager Web UI](https://docs.solace.com/Admin/Broker-Manager/PubSub-Manager-Overview.htm)
+
+Execute from this folder:
+
+```bash
+terraform init
+terraform plan
+terraform apply
+```
+
+Run `terraform destroy` to clean up created resources when no longer needed.
+
+## Additional Documentation
+
+Refer to the [Configuring Client Authorization](https://docs.solace.com/Security/Configuring-Client-Authorization.htm) section in the PubSub+ documentation.

examples/acl-profile-exceptions/main.tf

@@ -21,23 +21,24 @@ provider "solacebroker" {
 module "testclient" {
   source = "../.."
 
-  msg_vpn_name           = "default"
-  client_identifier_type = "client_username"
-  client_identifier_name = "myclient"
-  client_profile_name    = "default"
-  acl_profile_name       = "default"
+  msg_vpn_name             = "default"
+  client_identifier_type   = "client_username"
+  client_identifier_name   = "myclient"
+  client_profile_name      = "default"
+  acl_profile_name         = "default"
 
-  // The "default" ACL profile, used in the example, default actions are "allow", exceptions are "deny"
+  // The "default" ACL profile, used in the example, has default actions "allow", so exceptions are "deny"
 
   // example of multiple publish topic exceptions
   acl_profile_publish_topic_exceptions = [
     {
-      publish_topic_exception        = "a/b/c* d/e/f",
+      publish_topic_exception = "a/b/c*",
       publish_topic_exception_syntax = "smf"
     },
     {
-      publish_topic_exception        = "g/h/i",
-      publish_topic_exception_syntax = "mqtt"
+      // example of using substitution variable - no need to escape the $ character here
+      publish_topic_exception = "g/$client-username",
+      publish_topic_exception_syntax = "smf"
     }
   ]