Try SpotterManipulate Consul roles
| "added in version" 7.5.0 of community.general"
Authors: Håkon Lerring (@Hakon)
Install with ansible-galaxy collection install community.general:==8.5.0
collections:
- name: community.general
version: 8.5.0Allows the addition, modification and deletion of roles in a consul cluster via the agent. For more details on using and configuring ACLs, see U(https://www.consul.io/docs/guides/acl.html).
- name: Create a role with 2 policies
community.general.consul_role:
host: consul1.example.com
token: some_management_acl
name: foo-role
policies:
- id: 783beef3-783f-f41f-7422-7087dc272765
- name: "policy-1"
- name: Create a role with service identity
community.general.consul_role:
host: consul1.example.com
token: some_management_acl
name: foo-role-2
service_identities:
- name: web
datacenters:
- dc1
- name: Create a role with node identity
community.general.consul_role:
host: consul1.example.com
token: some_management_acl
name: foo-role-3
node_identities:
- name: node-1
datacenter: dc2
- name: Remove a role
community.general.consul_role:
host: consul1.example.com
token: some_management_acl
name: foo-role-3
state: absent
host:
default: localhost
description:
- Host of the consul agent, defaults to V(localhost).
type: str
name:
description:
- A name used to identify the role.
required: true
type: str
port:
default: 8500
description:
- The port on which the consul agent is running.
type: int
state:
choices:
- present
- absent
default: present
description:
- whether the role should be present or absent.
type: str
token:
description:
- The token to use for authorization.
type: str
scheme:
default: http
description:
- The protocol scheme on which the consul agent is running. Defaults to V(http) and
can be set to V(https) for secure connections.
type: str
ca_path:
description:
- The CA bundle to use for https connections
type: str
policies:
description:
- List of policies to attach to the role. Each policy is a dict.
- If the parameter is left blank, any policies currently assigned will not be changed.
- Any empty array (V([])) will clear any policies previously set.
elements: dict
suboptions:
id:
description:
- The ID of the policy to attach to this role; see M(community.general.consul_policy)
for more info.
- Either this or O(policies[].name) must be specified.
type: str
name:
description:
- The name of the policy to attach to this role; see M(community.general.consul_policy)
for more info.
- Either this or O(policies[].id) must be specified.
type: str
type: list
description:
description:
- Description of the role.
- If not specified, the assigned description will not be changed.
type: str
validate_certs:
default: true
description:
- Whether to verify the TLS certificate of the consul agent.
type: bool
node_identities:
description:
- List of node identities to attach to the role.
- If not specified, any node identities currently assigned will not be changed.
- If the parameter is an empty array (V([])), any node identities assigned will be
unassigned.
elements: dict
suboptions:
datacenter:
description:
- The nodes datacenter.
- This will result in effective policy only being valid in this datacenter.
required: true
type: str
node_name:
aliases:
- name
description:
- The name of the node.
- Must not be longer than 256 characters, must start and end with a lowercase
alphanumeric character.
- May only contain lowercase alphanumeric characters as well as - and _.
- This suboption has been renamed from O(node_identities[].name) to O(node_identities[].node_name)
in community.general 8.3.0. The old name can still be used.
required: true
type: str
type: list
service_identities:
description:
- List of service identities to attach to the role.
- If not specified, any service identities currently assigned will not be changed.
- If the parameter is an empty array (V([])), any node identities assigned will be
unassigned.
elements: dict
suboptions:
datacenters:
description:
- The datacenters the policies will be effective.
- This will result in effective policy only being valid in this datacenter.
- If an empty array (V([])) is specified, the policies will valid in all datacenters.
- including those which do not yet exist but may in the future.
elements: str
type: list
service_name:
aliases:
- name
description:
- The name of the node.
- Must not be longer than 256 characters, must start and end with a lowercase
alphanumeric character.
- May only contain lowercase alphanumeric characters as well as - and _.
- This suboption has been renamed from O(service_identities[].name) to O(service_identities[].service_name)
in community.general 8.3.0. The old name can still be used.
required: true
type: str
type: list
templated_policies:
description:
- The list of templated policies that should be applied to the role.
elements: dict
suboptions:
template_name:
description:
- The templated policy name.
required: true
type: str
template_variables:
description:
- The templated policy variables.
- Not all templated policies require variables.
type: dict
type: list
version_added: 8.3.0
version_added_collection: community.general
operation:
description: The operation performed on the role.
returned: changed
sample: update
type: str
role:
description: The role object.
returned: success
sample:
CreateIndex: 39
Description: ''
Hash: Trt0QJtxVEfvTTIcdTUbIJRr6Dsi6E4EcwSFxx9tCYM=
ID: 9a300b8d-48db-b720-8544-a37c0f5dafb5
ModifyIndex: 39
Name: foo-role
Policies:
- ID: b1a00172-d7a1-0e66-a12e-7a4045c4b774
Name: foo-access
type: dict