Try SpotterRemoved in 10.0.0
Reason:The legacy ACL system was removed from Consul. | Alternative:Use M(community.general.consul_token) and/or M(community.general.consul_policy) instead.
Manipulate Consul ACL keys and rules
Authors: Steve Gargan (@sgargan), Colin Nolan (@colin-nolan)
Install with ansible-galaxy collection install community.general:==8.5.0
collections:
- name: community.general
version: 8.5.0Allows the addition, modification and deletion of ACL keys and associated rules in a consul cluster via the agent. For more details on using and configuring ACLs, see https://www.consul.io/docs/guides/acl.html.
- name: Create an ACL with rules
community.general.consul_acl:
host: consul1.example.com
mgmt_token: some_management_acl
name: Foo access
rules:
- key: "foo"
policy: read
- key: "private/foo"
policy: deny
- name: Create an ACL with a specific token
community.general.consul_acl:
host: consul1.example.com
mgmt_token: some_management_acl
name: Foo access
token: my-token
rules:
- key: "foo"
policy: read
- name: Update the rules associated to an ACL token
community.general.consul_acl:
host: consul1.example.com
mgmt_token: some_management_acl
name: Foo access
token: some_client_token
rules:
- event: "bbq"
policy: write
- key: "foo"
policy: read
- key: "private"
policy: deny
- keyring: write
- node: "hgs4"
policy: write
- operator: read
- query: ""
policy: write
- service: "consul"
policy: write
- session: "standup"
policy: write
- name: Remove a token
community.general.consul_acl:
host: consul1.example.com
mgmt_token: some_management_acl
token: 172bd5c8-9fe9-11e4-b1b0-3c15c2c9fd5e
state: absent
host:
default: localhost
description:
- host of the consul agent defaults to localhost
required: false
type: str
name:
description:
- the name that should be associated with the acl key, this is opaque to Consul
required: false
type: str
port:
default: 8500
description:
- the port on which the consul agent is running
required: false
type: int
rules:
description:
- rules that should be associated with a given token
elements: dict
required: false
type: list
state:
choices:
- present
- absent
default: present
description:
- whether the ACL pair should be present or absent
required: false
type: str
token:
description:
- the token key identifying an ACL rule set. If generated by consul this will be a
UUID
required: false
type: str
scheme:
default: http
description:
- the protocol scheme on which the consul agent is running
required: false
type: str
mgmt_token:
description:
- a management token is required to manipulate the acl lists
required: true
type: str
token_type:
choices:
- client
- management
default: client
description:
- the type of token that should be created
type: str
validate_certs:
default: true
description:
- whether to verify the tls certificate of the consul agent
required: false
type: bool
operation:
description: the operation performed on the ACL
returned: changed
sample: update
type: str
rules:
description: the HCL JSON representation of the rules associated to the ACL, in
the format described in the Consul documentation (https://www.consul.io/docs/guides/acl.html#rule-specification).
returned: when O(state=present)
sample:
key:
bar:
policy: deny
foo:
policy: write
type: dict
token:
description: the token associated to the ACL (the ACL's ID)
returned: success
sample: a2ec332f-04cf-6fba-e8b8-acf62444d3da
type: str