XLAB Steampunk logo Try Spotter
 / home / ansible / ansible.builtin / v2.3.0.0-1 / module / consul_acl

ansible.builtin.consul_acl (v2.3.0.0-1) — module

manipulate consul acl keys and rules

| "added in version" 2.0 of ansible.builtin"

Authors: Steve Gargan (@sgargan)

preview | supported by community

Install Ansible via pip | Description | Requirements | Usage examples | Inputs

Install Ansible via pip

Install with pip install ansible==2.3.0.0.post1

Description

allows the addition, modification and deletion of ACL keys and associated rules in a consul cluster via the agent. For more details on using and configuring ACLs, see https://www.consul.io/docs/internals/acl.html.


Requirements

Usage examples

Scanned by Steampunk Spotter
  • Success
    Steampunk Spotter scan finished with no errors, warnings or hints.
    - name: create an acl token with rules
      consul_acl:
        mgmt_token: 'some_management_acl'
        host: 'consul1.mycluster.io'
        name: 'Foo access'
        rules:
          - key: 'foo'
            policy: read
          - key: 'private/foo'
            policy: deny
Scanned by Steampunk Spotter
  • Success
    Steampunk Spotter scan finished with no errors, warnings or hints.
    - name: create an acl with specific token with both key and service rules
      consul_acl:
        mgmt_token: 'some_management_acl'
        name: 'Foo access'
        token: 'some_client_token'
        rules:
          - key: 'foo'
            policy: read
          - service: ''
            policy: write
          - service: 'secret-'
            policy: deny
Scanned by Steampunk Spotter
  • Success
    Steampunk Spotter scan finished with no errors, warnings or hints.
    - name: remove a token
      consul_acl:
        mgmt_token: 'some_management_acl'
        host: 'consul1.mycluster.io'
        token: '172bd5c8-9fe9-11e4-b1b0-3c15c2c9fd5e'
        state: absent

Inputs

    
host:
    default: localhost
    description:
    - host of the consul agent defaults to localhost
    required: false

name:
    description:
    - the name that should be associated with the acl key, this is opaque to Consul
    required: false

port:
    default: 8500
    description:
    - the port on which the consul agent is running
    required: false

rules:
    description:
    - an list of the rules that should be associated with a given token.
    required: false

state:
    choices:
    - present
    - absent
    default: present
    description:
    - whether the ACL pair should be present or absent
    required: false

token:
    description:
    - the token key indentifying an ACL rule set. If generated by consul this will be
      a UUID.
    required: false

scheme:
    default: http
    description:
    - the protocol scheme on which the consul agent is running
    required: false
    version_added: '2.1'
    version_added_collection: ansible.builtin

mgmt_token:
    description:
    - a management token is required to manipulate the acl lists

token_type:
    choices:
    - client
    - management
    default: client
    description:
    - the type of token that should be created, either management or client

validate_certs:
    default: true
    description:
    - whether to verify the tls certificate of the consul agent
    required: false
    version_added: '2.1'
    version_added_collection: ansible.builtin
Got feedback? steampunk@xlab.si | © 2024. All rights reserved.
Cookie policy-Privacy policy-Terms of use-Security policy