abaez / abaez.hashicluster / 1.2.3 / module / nomad_acl_policy Nomad ACL policy management for v0.7+ | "added in version" N/A of abaez.hashicluster" Authors: Alejandro Baez (@abaez) preview | supported by communityabaez.hashicluster.nomad_acl_policy (1.2.3) — module
Install with ansible-galaxy collection install abaez.hashicluster:==1.2.3
collections: - name: abaez.hashicluster version: 1.2.3
The module is to allow the ability to add an acl policy for nomad.
Uses the format introduced to nomad on v0.7.0.
For more information over nomad's acl, go here: https://nomadproject.io/guides/security/acl/
# Create a policy - name: Create a new policy consul_acl_policy: address: '127.0.0.1:8500' management_token: 85e55057-a260-44ed-961b-e05eaff181fc state: present description: Nice policy to give no access name: hello world rules: '{{ rules | to_json }}' vars: rules: agent_prefix: '': policy: read register: create_new_policy_result
# Read an existing policy - name: Read an exising policy consul_acl_policy: address: '127.0.0.1:8500' management_token: 85e55057-a260-44ed-961b-e05eaff181fc state: present policy_id: 19577e59-4928-4ff0-9be4-cf4c2fa44e71 register: read_policy_result
# Update an exisitng policy - name: Update an exising policy consul_acl_policy: address: '127.0.0.1:8500' management_token: 85e55057-a260-44ed-961b-e05eaff181fc state: present policy_id: 19577e59-4928-4ff0-9be4-cf4c2fa44e71 name: 'magical_unique_policy' rules: '{{ rules | to_json }}' vars: rules: agent_prefix: '': policy: deny agent: 'foo': policy: write register: update_policy_result
# Delete an existing policy - name: Update an exising policy consul_acl_policy: address: '127.0.0.1:8500' management_token: 85e55057-a260-44ed-961b-e05eaff181fc state: absent policy_id: 19577e59-4928-4ff0-9be4-cf4c2fa44e71 register: delete_policy_result
name: description: - A unique name of the policy you wish to create or modify. - Required when C(state=present) required: false type: str rules: description: - A json string with ACL rules as defined in consul's guide here - https://www.consul.io/docs/acl/acl-rules.html - Required when C(state=present) required: false type: str state: choices: - present - absent default: present description: - Whether the policy should be present or absent from consul required: false type: str address: default: The environment variable CONSUL_HTTP_ADDR description: - The url to connect to consul. Using '<schema>//<domain>:<port>'. - For a unix domain socket, give 'unix:' with literal location. - 'Example: ''unix:///var/run/consul/http.sock''.' required: true type: str policy_id: description: - A UUID of an already existing policy. - You must define when modifying an existing policy. required: false type: str datacenters: default: [] description: - Limits what datacenters the policy can be used towards. required: false type: list() description: description: - A readable short description of the policy. required: false type: str management_token: default: The environment variable CONSUL_HTTP_TOKEN description: - A token with permissions to create or modify the policy. required: true type: str
changed: description: Whether the policy has been created or modified. returned: always type: bool datacenters: description: A list of datacenters to filter the policy. returned: changed sample: - us-east-1 type: list() description: description: A short description of the policy. returned: success and I(status) != "absent type: str policy_id: description: A UUID for the given policy. returned: success sample: a2ec332f-04cf-6fba-e8b8-acf62444d3da type: str rules: description: A jsont object of rules for the policy. returned: success sample: key: bar: policy: deny foo: policy: write