community / community.general / 8.5.0 / module / consul_token Manipulate Consul tokens | "added in version" 8.3.0 of community.general" Authors: Florian Apolloner (@apollo13)community.general.consul_token (8.5.0) — module
Install with ansible-galaxy collection install community.general:==8.5.0
collections: - name: community.general version: 8.5.0
Allows the addition, modification and deletion of tokens in a consul cluster via the agent. For more details on using and configuring ACLs, see U(https://www.consul.io/docs/guides/acl.html).
- name: Create / Update a token by accessor_id community.general.consul_token: state: present accessor_id: 07a7de84-c9c7-448a-99cc-beaf682efd21 token: 8adddd91-0bd6-d41d-ae1a-3b49cfa9a0e8 roles: - name: role1 - name: role2 service_identities: - service_name: service1 datacenters: [dc1, dc2] node_identities: - node_name: node1 datacenter: dc1 expiration_ttl: 50m
- name: Delete a token community.general.consul_token: state: absent accessor_id: 07a7de84-c9c7-448a-99cc-beaf682efd21 token: 8adddd91-0bd6-d41d-ae1a-3b49cfa9a0e8
host: default: localhost description: - Host of the consul agent, defaults to V(localhost). type: str port: default: 8500 description: - The port on which the consul agent is running. type: int local: description: - If true, indicates that the token should not be replicated globally and instead be local to the current datacenter. type: bool roles: description: - List of roles to attach to the token. Each role is a dict. - If the parameter is left blank, any roles currently assigned will not be changed. - Any empty array (V([])) will clear any roles previously set. elements: dict suboptions: id: description: - The ID of the role to attach to this token; see M(community.general.consul_role) for more info. - Either this or O(roles[].name) must be specified. type: str name: description: - The name of the role to attach to this token; see M(community.general.consul_role) for more info. - Either this or O(roles[].id) must be specified. type: str type: list state: choices: - present - absent default: present description: - Whether the token should be present or absent. type: str token: description: - The token to use for authorization. type: str scheme: default: http description: - The protocol scheme on which the consul agent is running. Defaults to V(http) and can be set to V(https) for secure connections. type: str ca_path: description: - The CA bundle to use for https connections type: str policies: description: - List of policies to attach to the token. Each policy is a dict. - If the parameter is left blank, any policies currently assigned will not be changed. - Any empty array (V([])) will clear any policies previously set. elements: dict suboptions: id: description: - The ID of the policy to attach to this token; see M(community.general.consul_policy) for more info. - Either this or O(policies[].name) must be specified. type: str name: description: - The name of the policy to attach to this token; see M(community.general.consul_policy) for more info. - Either this or O(policies[].id) must be specified. type: str type: list secret_id: description: - Specifies a UUID to use as the token's Secret ID. If not specified a UUID will be generated for this field. type: str accessor_id: description: - Specifies a UUID to use as the token's Accessor ID. If not specified a UUID will be generated for this field. type: str description: description: - Free form human readable description of the token. type: str expiration_ttl: description: - This is a convenience field and if set will initialize the C(expiration_time). Can be specified in the form of V(60s) or V(5m) (that is, 60 seconds or 5 minutes, respectively). Ingored when the token is updated! type: str validate_certs: default: true description: - Whether to verify the TLS certificate of the consul agent. type: bool node_identities: description: - List of node identities to attach to the token. - If not specified, any node identities currently assigned will not be changed. - If the parameter is an empty array (V([])), any node identities assigned will be unassigned. elements: dict suboptions: datacenter: description: - The nodes datacenter. - This will result in effective token only being valid in this datacenter. required: true type: str node_name: description: - The name of the node. - Must not be longer than 256 characters, must start and end with a lowercase alphanumeric character. - May only contain lowercase alphanumeric characters as well as V(-) and V(_). required: true type: str type: list service_identities: description: - List of service identities to attach to the token. - If not specified, any service identities currently assigned will not be changed. - If the parameter is an empty array (V([])), any node identities assigned will be unassigned. elements: dict suboptions: datacenters: description: - The datacenters the token will be effective. - If an empty array (V([])) is specified, the token will valid in all datacenters. - including those which do not yet exist but may in the future. elements: str type: list service_name: description: - The name of the service. - Must not be longer than 256 characters, must start and end with a lowercase alphanumeric character. - May only contain lowercase alphanumeric characters as well as V(-) and V(_). required: true type: str type: list templated_policies: description: - The list of templated policies that should be applied to the role. elements: dict suboptions: template_name: description: - The templated policy name. required: true type: str template_variables: description: - The templated policy variables. - Not all templated policies require variables. type: dict type: list
operation: description: The operation performed. returned: changed sample: update type: str token: description: The token as returned by the consul HTTP API. returned: always sample: AccessorID: 07a7de84-c9c7-448a-99cc-beaf682efd21 CreateIndex: 632 CreateTime: '2024-01-14T21:53:01.402749174+01:00' Description: Testing Hash: rj5PeDHddHslkpW7Ij4OD6N4bbSXiecXFmiw2SYXg2A= Local: false ModifyIndex: 633 SecretID: bd380fba-da17-7cee-8576-8d6427c6c930 ServiceIdentities: - ServiceName: test type: dict