eagleusb / eagleusb.consul / 0.1.0 / module / consul_acl Manipulate Consul Tokens and Policies (ACL) | "added in version" 2.9 of eagleusb.consul" Authors: Leslie-Alexandre DENIS (@eagleusb) preview | supported by communityeagleusb.consul.consul_acl (0.1.0) — module
Install with ansible-galaxy collection install eagleusb.consul:==0.1.0
collections: - name: eagleusb.consul version: 0.1.0
Allows to create, modify and remove Tokens and Policies See https://www.consul.io/docs/guides/acl.html.
- name: create a token with policy rules consul_acl: host: consul1.example.com mgmt_token: 123-456-789-123-456 name: "foo-access" rules: key: "foo/bar": policy: "write"
- name: create a specific token with policy rules consul_acl: host: consul1.example.com mgmt_token: 123-456-789-123-456 name: "foo-access" token: 456-456-789-123-456 rules: key_prefix: "": policy: "read" "foo/private": policy: "deny" key: "foo/public": policy: "read" "foo/private": policy: "deny" node: "my-node": policy: "write"
- name: update the policy rules associated to a token consul_acl: host: consul1.example.com mgmt_token: 123-456-789-123-456 name: "foo-access" token: 456-456-789-123-456 rules: node: "my-node": policy: "write"
- name: remove a token consul_acl: host: consul1.example.com mgmt_token: 123-456-789-123-456 token: 456-456-789-123-456 state: absent
host: default: localhost description: - host of the consul api, defaults to localhost required: false name: description: - the name that should be associated with the token and its policy (alpha-numeric only) required: true port: default: 8500 description: - port of the consul api, default to 8500 required: false type: int rules: description: - rules definition associated to the given token through a policy required: false type: list state: choices: - present - absent default: present description: - add or remove the token and its policy required: false token: description: - the wanted uuid for the token. If not set, consul will generate it required: false scheme: default: http description: - protocol scheme of the consul api, default http required: false mgmt_token: description: - admin token to manipulate tokens and policies. validate_certs: default: true description: - whether to verify the tls certificate of the consul api required: false type: bool
operation: description: the operation performed on the ACL returned: changed sample: update type: str rules: description: the HCL JSON representation of the rules associated to the ACL, in the format described in the Consul documentation (https://www.consul.io/docs/guides/acl.html#rule-specification). returned: I(status) == "present" sample: key: bar: policy: deny foo: policy: write type: str token: description: the token associated to the ACL (the ACL's ID) returned: success sample: a2ec332f-04cf-6fba-e8b8-acf62444d3da type: str