community / community.general / 8.5.0 / module / consul_acl
Removed in 10.0.0
Reason:The legacy ACL system was removed from Consul. | Alternative:Use M(community.general.consul_token) and/or M(community.general.consul_policy) instead.
Manipulate Consul ACL keys and rules
Authors: Steve Gargan (@sgargan), Colin Nolan (@colin-nolan)
Install with ansible-galaxy collection install community.general:==8.5.0
collections: - name: community.general version: 8.5.0
Allows the addition, modification and deletion of ACL keys and associated rules in a consul cluster via the agent. For more details on using and configuring ACLs, see https://www.consul.io/docs/guides/acl.html.
- name: Create an ACL with rules community.general.consul_acl: host: consul1.example.com mgmt_token: some_management_acl name: Foo access rules: - key: "foo" policy: read - key: "private/foo" policy: deny
- name: Create an ACL with a specific token community.general.consul_acl: host: consul1.example.com mgmt_token: some_management_acl name: Foo access token: my-token rules: - key: "foo" policy: read
- name: Update the rules associated to an ACL token community.general.consul_acl: host: consul1.example.com mgmt_token: some_management_acl name: Foo access token: some_client_token rules: - event: "bbq" policy: write - key: "foo" policy: read - key: "private" policy: deny - keyring: write - node: "hgs4" policy: write - operator: read - query: "" policy: write - service: "consul" policy: write - session: "standup" policy: write
- name: Remove a token community.general.consul_acl: host: consul1.example.com mgmt_token: some_management_acl token: 172bd5c8-9fe9-11e4-b1b0-3c15c2c9fd5e state: absent
host: default: localhost description: - host of the consul agent defaults to localhost required: false type: str name: description: - the name that should be associated with the acl key, this is opaque to Consul required: false type: str port: default: 8500 description: - the port on which the consul agent is running required: false type: int rules: description: - rules that should be associated with a given token elements: dict required: false type: list state: choices: - present - absent default: present description: - whether the ACL pair should be present or absent required: false type: str token: description: - the token key identifying an ACL rule set. If generated by consul this will be a UUID required: false type: str scheme: default: http description: - the protocol scheme on which the consul agent is running required: false type: str mgmt_token: description: - a management token is required to manipulate the acl lists required: true type: str token_type: choices: - client - management default: client description: - the type of token that should be created type: str validate_certs: default: true description: - whether to verify the tls certificate of the consul agent required: false type: bool
operation: description: the operation performed on the ACL returned: changed sample: update type: str rules: description: the HCL JSON representation of the rules associated to the ACL, in the format described in the Consul documentation (https://www.consul.io/docs/guides/acl.html#rule-specification). returned: when O(state=present) sample: key: bar: policy: deny foo: policy: write type: dict token: description: the token associated to the ACL (the ACL's ID) returned: success sample: a2ec332f-04cf-6fba-e8b8-acf62444d3da type: str