ansible / ansible.builtin / v2.3.0.0-1 / module / consul_acl manipulate consul acl keys and rules | "added in version" 2.0 of ansible.builtin" Authors: Steve Gargan (@sgargan) preview | supported by communityansible.builtin.consul_acl (v2.3.0.0-1) — module
pip
Install with pip install ansible==2.3.0.0.post1
allows the addition, modification and deletion of ACL keys and associated rules in a consul cluster via the agent. For more details on using and configuring ACLs, see https://www.consul.io/docs/internals/acl.html.
- name: create an acl token with rules consul_acl: mgmt_token: 'some_management_acl' host: 'consul1.mycluster.io' name: 'Foo access' rules: - key: 'foo' policy: read - key: 'private/foo' policy: deny
- name: create an acl with specific token with both key and service rules consul_acl: mgmt_token: 'some_management_acl' name: 'Foo access' token: 'some_client_token' rules: - key: 'foo' policy: read - service: '' policy: write - service: 'secret-' policy: deny
- name: remove a token consul_acl: mgmt_token: 'some_management_acl' host: 'consul1.mycluster.io' token: '172bd5c8-9fe9-11e4-b1b0-3c15c2c9fd5e' state: absent
host: default: localhost description: - host of the consul agent defaults to localhost required: false name: description: - the name that should be associated with the acl key, this is opaque to Consul required: false port: default: 8500 description: - the port on which the consul agent is running required: false rules: description: - an list of the rules that should be associated with a given token. required: false state: choices: - present - absent default: present description: - whether the ACL pair should be present or absent required: false token: description: - the token key indentifying an ACL rule set. If generated by consul this will be a UUID. required: false scheme: default: http description: - the protocol scheme on which the consul agent is running required: false version_added: '2.1' version_added_collection: ansible.builtin mgmt_token: description: - a management token is required to manipulate the acl lists token_type: choices: - client - management default: client description: - the type of token that should be created, either management or client validate_certs: default: true description: - whether to verify the tls certificate of the consul agent required: false version_added: '2.1' version_added_collection: ansible.builtin