community / community.general / 8.5.0 / module / consul_role Manipulate Consul roles | "added in version" 7.5.0 of community.general" Authors: Håkon Lerring (@Hakon)community.general.consul_role (8.5.0) — module
Install with ansible-galaxy collection install community.general:==8.5.0
collections: - name: community.general version: 8.5.0
Allows the addition, modification and deletion of roles in a consul cluster via the agent. For more details on using and configuring ACLs, see U(https://www.consul.io/docs/guides/acl.html).
- name: Create a role with 2 policies community.general.consul_role: host: consul1.example.com token: some_management_acl name: foo-role policies: - id: 783beef3-783f-f41f-7422-7087dc272765 - name: "policy-1"
- name: Create a role with service identity community.general.consul_role: host: consul1.example.com token: some_management_acl name: foo-role-2 service_identities: - name: web datacenters: - dc1
- name: Create a role with node identity community.general.consul_role: host: consul1.example.com token: some_management_acl name: foo-role-3 node_identities: - name: node-1 datacenter: dc2
- name: Remove a role community.general.consul_role: host: consul1.example.com token: some_management_acl name: foo-role-3 state: absent
host: default: localhost description: - Host of the consul agent, defaults to V(localhost). type: str name: description: - A name used to identify the role. required: true type: str port: default: 8500 description: - The port on which the consul agent is running. type: int state: choices: - present - absent default: present description: - whether the role should be present or absent. type: str token: description: - The token to use for authorization. type: str scheme: default: http description: - The protocol scheme on which the consul agent is running. Defaults to V(http) and can be set to V(https) for secure connections. type: str ca_path: description: - The CA bundle to use for https connections type: str policies: description: - List of policies to attach to the role. Each policy is a dict. - If the parameter is left blank, any policies currently assigned will not be changed. - Any empty array (V([])) will clear any policies previously set. elements: dict suboptions: id: description: - The ID of the policy to attach to this role; see M(community.general.consul_policy) for more info. - Either this or O(policies[].name) must be specified. type: str name: description: - The name of the policy to attach to this role; see M(community.general.consul_policy) for more info. - Either this or O(policies[].id) must be specified. type: str type: list description: description: - Description of the role. - If not specified, the assigned description will not be changed. type: str validate_certs: default: true description: - Whether to verify the TLS certificate of the consul agent. type: bool node_identities: description: - List of node identities to attach to the role. - If not specified, any node identities currently assigned will not be changed. - If the parameter is an empty array (V([])), any node identities assigned will be unassigned. elements: dict suboptions: datacenter: description: - The nodes datacenter. - This will result in effective policy only being valid in this datacenter. required: true type: str node_name: aliases: - name description: - The name of the node. - Must not be longer than 256 characters, must start and end with a lowercase alphanumeric character. - May only contain lowercase alphanumeric characters as well as - and _. - This suboption has been renamed from O(node_identities[].name) to O(node_identities[].node_name) in community.general 8.3.0. The old name can still be used. required: true type: str type: list service_identities: description: - List of service identities to attach to the role. - If not specified, any service identities currently assigned will not be changed. - If the parameter is an empty array (V([])), any node identities assigned will be unassigned. elements: dict suboptions: datacenters: description: - The datacenters the policies will be effective. - This will result in effective policy only being valid in this datacenter. - If an empty array (V([])) is specified, the policies will valid in all datacenters. - including those which do not yet exist but may in the future. elements: str type: list service_name: aliases: - name description: - The name of the node. - Must not be longer than 256 characters, must start and end with a lowercase alphanumeric character. - May only contain lowercase alphanumeric characters as well as - and _. - This suboption has been renamed from O(service_identities[].name) to O(service_identities[].service_name) in community.general 8.3.0. The old name can still be used. required: true type: str type: list templated_policies: description: - The list of templated policies that should be applied to the role. elements: dict suboptions: template_name: description: - The templated policy name. required: true type: str template_variables: description: - The templated policy variables. - Not all templated policies require variables. type: dict type: list version_added: 8.3.0 version_added_collection: community.general
operation: description: The operation performed on the role. returned: changed sample: update type: str role: description: The role object. returned: success sample: CreateIndex: 39 Description: '' Hash: Trt0QJtxVEfvTTIcdTUbIJRr6Dsi6E4EcwSFxx9tCYM= ID: 9a300b8d-48db-b720-8544-a37c0f5dafb5 ModifyIndex: 39 Name: foo-role Policies: - ID: b1a00172-d7a1-0e66-a12e-7a4045c4b774 Name: foo-access type: dict