Try SpotterManipulate Consul tokens
| "added in version" 8.3.0 of community.general"
Authors: Florian Apolloner (@apollo13)
Install with ansible-galaxy collection install community.general:==8.5.0
collections:
- name: community.general
version: 8.5.0Allows the addition, modification and deletion of tokens in a consul cluster via the agent. For more details on using and configuring ACLs, see U(https://www.consul.io/docs/guides/acl.html).
- name: Create / Update a token by accessor_id
community.general.consul_token:
state: present
accessor_id: 07a7de84-c9c7-448a-99cc-beaf682efd21
token: 8adddd91-0bd6-d41d-ae1a-3b49cfa9a0e8
roles:
- name: role1
- name: role2
service_identities:
- service_name: service1
datacenters: [dc1, dc2]
node_identities:
- node_name: node1
datacenter: dc1
expiration_ttl: 50m
- name: Delete a token
community.general.consul_token:
state: absent
accessor_id: 07a7de84-c9c7-448a-99cc-beaf682efd21
token: 8adddd91-0bd6-d41d-ae1a-3b49cfa9a0e8
host:
default: localhost
description:
- Host of the consul agent, defaults to V(localhost).
type: str
port:
default: 8500
description:
- The port on which the consul agent is running.
type: int
local:
description:
- If true, indicates that the token should not be replicated globally and instead
be local to the current datacenter.
type: bool
roles:
description:
- List of roles to attach to the token. Each role is a dict.
- If the parameter is left blank, any roles currently assigned will not be changed.
- Any empty array (V([])) will clear any roles previously set.
elements: dict
suboptions:
id:
description:
- The ID of the role to attach to this token; see M(community.general.consul_role)
for more info.
- Either this or O(roles[].name) must be specified.
type: str
name:
description:
- The name of the role to attach to this token; see M(community.general.consul_role)
for more info.
- Either this or O(roles[].id) must be specified.
type: str
type: list
state:
choices:
- present
- absent
default: present
description:
- Whether the token should be present or absent.
type: str
token:
description:
- The token to use for authorization.
type: str
scheme:
default: http
description:
- The protocol scheme on which the consul agent is running. Defaults to V(http) and
can be set to V(https) for secure connections.
type: str
ca_path:
description:
- The CA bundle to use for https connections
type: str
policies:
description:
- List of policies to attach to the token. Each policy is a dict.
- If the parameter is left blank, any policies currently assigned will not be changed.
- Any empty array (V([])) will clear any policies previously set.
elements: dict
suboptions:
id:
description:
- The ID of the policy to attach to this token; see M(community.general.consul_policy)
for more info.
- Either this or O(policies[].name) must be specified.
type: str
name:
description:
- The name of the policy to attach to this token; see M(community.general.consul_policy)
for more info.
- Either this or O(policies[].id) must be specified.
type: str
type: list
secret_id:
description:
- Specifies a UUID to use as the token's Secret ID. If not specified a UUID will be
generated for this field.
type: str
accessor_id:
description:
- Specifies a UUID to use as the token's Accessor ID. If not specified a UUID will
be generated for this field.
type: str
description:
description:
- Free form human readable description of the token.
type: str
expiration_ttl:
description:
- This is a convenience field and if set will initialize the C(expiration_time). Can
be specified in the form of V(60s) or V(5m) (that is, 60 seconds or 5 minutes, respectively).
Ingored when the token is updated!
type: str
validate_certs:
default: true
description:
- Whether to verify the TLS certificate of the consul agent.
type: bool
node_identities:
description:
- List of node identities to attach to the token.
- If not specified, any node identities currently assigned will not be changed.
- If the parameter is an empty array (V([])), any node identities assigned will be
unassigned.
elements: dict
suboptions:
datacenter:
description:
- The nodes datacenter.
- This will result in effective token only being valid in this datacenter.
required: true
type: str
node_name:
description:
- The name of the node.
- Must not be longer than 256 characters, must start and end with a lowercase
alphanumeric character.
- May only contain lowercase alphanumeric characters as well as V(-) and V(_).
required: true
type: str
type: list
service_identities:
description:
- List of service identities to attach to the token.
- If not specified, any service identities currently assigned will not be changed.
- If the parameter is an empty array (V([])), any node identities assigned will be
unassigned.
elements: dict
suboptions:
datacenters:
description:
- The datacenters the token will be effective.
- If an empty array (V([])) is specified, the token will valid in all datacenters.
- including those which do not yet exist but may in the future.
elements: str
type: list
service_name:
description:
- The name of the service.
- Must not be longer than 256 characters, must start and end with a lowercase
alphanumeric character.
- May only contain lowercase alphanumeric characters as well as V(-) and V(_).
required: true
type: str
type: list
templated_policies:
description:
- The list of templated policies that should be applied to the role.
elements: dict
suboptions:
template_name:
description:
- The templated policy name.
required: true
type: str
template_variables:
description:
- The templated policy variables.
- Not all templated policies require variables.
type: dict
type: list
operation:
description: The operation performed.
returned: changed
sample: update
type: str
token:
description: The token as returned by the consul HTTP API.
returned: always
sample:
AccessorID: 07a7de84-c9c7-448a-99cc-beaf682efd21
CreateIndex: 632
CreateTime: '2024-01-14T21:53:01.402749174+01:00'
Description: Testing
Hash: rj5PeDHddHslkpW7Ij4OD6N4bbSXiecXFmiw2SYXg2A=
Local: false
ModifyIndex: 633
SecretID: bd380fba-da17-7cee-8576-8d6427c6c930
ServiceIdentities:
- ServiceName: test
type: dict