/ home / community / community.general / 8.5.0 / module / consul_binding_rule

community.general.consul_binding_rule (8.5.0) — module

Manipulate Consul binding rules

| "added in version" 8.3.0 of community.general"

Authors: Florian Apolloner (@apollo13)

Install collection

Install with ansible-galaxy collection install community.general:==8.5.0

Add to requirements.yml

  collections:
    - name: community.general
      version: 8.5.0

Description

Allows the addition, modification and deletion of binding rules in a consul cluster via the agent. For more details on using and configuring binding rules, see U(https://developer.hashicorp.com/consul/api-docs/acl/binding-rules).

Usage examples

Scanned by Steampunk Spotter

- name: Create a binding rule
  community.general.consul_binding_rule:
    name: my_name
    description: example rule
    auth_method: minikube
    bind_type: service
    bind_name: "{{ serviceaccount.name }}"
    token: "{{ consul_management_token }}"

Scanned by Steampunk Spotter

- name: Remove a binding rule
  community.general.consul_binding_rule:
    name: my_name
    auth_method: minikube
    state: absent

Inputs

host:
default: localhost
description:
- Host of the consul agent, defaults to V(localhost).
type: str

name:
description:
- Specifies a name for the binding rule.
- 'Note: This is used to identify the binding rule. But since the API does not support
a name, it is prefixed to the description.'
required: true
type: str

port:
default: 8500
description:
- The port on which the consul agent is running.
type: int

state:
choices:
- present
- absent
default: present
description:
- Whether the binding rule should be present or absent.
type: str

token:
description:
- The token to use for authorization.
type: str

scheme:
default: http
description:
- The protocol scheme on which the consul agent is running. Defaults to V(http) and
can be set to V(https) for secure connections.
type: str

ca_path:
description:
- The CA bundle to use for https connections
type: str

selector:
description:
- Specifies the expression used to match this rule against valid identities returned
from an auth method validation.
- If empty this binding rule matches all valid identities returned from the auth method.
type: str

bind_name:
description:
- The name to bind to a token at login-time.
- What it binds to can be adjusted with different values of the O(bind_type) parameter.
type: str

bind_type:
choices:
- service
- node
- role
- templated-policy
description:
- Specifies the way the binding rule affects a token created at login.
type: str

bind_vars:
description:
- Specifies the templated policy variables when O(bind_type) is set to V(templated-policy).
type: dict

auth_method:
description:
- The name of the auth method that this rule applies to.
required: true
type: str

description:
description:
- Free form human readable description of the binding rule.
type: str

validate_certs:
default: true
description:
- Whether to verify the TLS certificate of the consul agent.
type: bool

Outputs

binding_rule:
  description: The binding rule as returned by the consul HTTP API.
  returned: always
  sample:
    AuthMethod: minikube
    BindName: '{{ serviceaccount.name }}'
    BindType: service
    CreateIndex: 30
    Description: 'my_name: example rule'
    ID: 59c8a237-e481-4239-9202-45f117950c5f
    ModifyIndex: 33
    Selector: serviceaccount.namespace==default
  type: dict
operation:
  description: The operation performed.
  returned: changed
  sample: update
  type: str