community.general.consul_policy (8.5.0) — module

Install collection

Install with ansible-galaxy collection install community.general:==8.5.0

Add to requirements.yml

  collections:
    - name: community.general
      version: 8.5.0

Description

Allows the addition, modification and deletion of policies in a consul cluster via the agent. For more details on using and configuring ACLs, see U(https://www.consul.io/docs/guides/acl.html).

Usage examples

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Create a policy with rules
  community.general.consul_policy:
    host: consul1.example.com
    token: some_management_acl
    name: foo-access
    rules: |
        key "foo" {
            policy = "read"
        }
        key "private/foo" {
            policy = "deny"
        }

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Update the rules associated to a policy
  community.general.consul_policy:
    host: consul1.example.com
    token: some_management_acl
    name: foo-access
    rules: |
        key "foo" {
            policy = "read"
        }
        key "private/foo" {
            policy = "deny"
        }
        event "bbq" {
            policy = "write"
        }

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Remove a policy
  community.general.consul_policy:
    host: consul1.example.com
    token: some_management_acl
    name: foo-access
    state: absent

Inputs

    
host:
    default: localhost
    description:
    - Host of the consul agent, defaults to V(localhost).
    type: str

name:
    description:
    - The name that should be associated with the policy, this is opaque to Consul.
    required: true
    type: str

port:
    default: 8500
    description:
    - The port on which the consul agent is running.
    type: int

rules:
    description:
    - Rule document that should be associated with the current policy.
    type: str

state:
    choices:
    - present
    - absent
    default: present
    description:
    - Whether the policy should be present or absent.
    type: str

token:
    description:
    - The token to use for authorization.
    type: str

scheme:
    default: http
    description:
    - The protocol scheme on which the consul agent is running. Defaults to V(http) and
      can be set to V(https) for secure connections.
    type: str

ca_path:
    description:
    - The CA bundle to use for https connections
    type: str

description:
    description:
    - Description of the policy.
    type: str

validate_certs:
    default: true
    description:
    - Whether to verify the TLS certificate of the consul agent.
    type: bool

valid_datacenters:
    description:
    - Valid datacenters for the policy. All if list is empty.
    elements: str
    type: list

Outputs

operation:
  description: The operation performed.
  returned: changed
  sample: update
  type: str
policy:
  description: The policy as returned by the consul HTTP API.
  returned: always
  sample:
    CreateIndex: 632
    Description: Testing
    Hash: rj5PeDHddHslkpW7Ij4OD6N4bbSXiecXFmiw2SYXg2A=
    Name: foo-access
    Rules: "key \"foo\" {\n    policy = \"read\"\n}\nkey \"private/foo\" {\n    policy\
      \ = \"deny\"\n}"
  type: dict