/ home / eagleusb / eagleusb.consul / 0.1.0 / module / consul_acl

eagleusb.consul.consul_acl (0.1.0) — module

Manipulate Consul Tokens and Policies (ACL)

| "added in version" 2.9 of eagleusb.consul"

Authors: Leslie-Alexandre DENIS (@eagleusb)

preview | supported by community

Install collection

Install with ansible-galaxy collection install eagleusb.consul:==0.1.0

Add to requirements.yml

  collections:
    - name: eagleusb.consul
      version: 0.1.0

Description

Allows to create, modify and remove Tokens and Policies See https://www.consul.io/docs/guides/acl.html.

Requirements

python-consul2
pyhcl
requests
json
uuid

Usage examples

Scanned by Steampunk Spotter

- name: create a token with policy rules
  consul_acl:
    host: consul1.example.com
    mgmt_token: 123-456-789-123-456
    name: "foo-access"
    rules:
      key:
        "foo/bar":
            policy: "write"

Scanned by Steampunk Spotter

- name: create a specific token with policy rules
  consul_acl:
    host: consul1.example.com
    mgmt_token: 123-456-789-123-456
    name: "foo-access"
    token: 456-456-789-123-456
    rules:
      key_prefix:
        "":
          policy: "read"
        "foo/private":
          policy: "deny"
      key:
        "foo/public":
          policy: "read"
        "foo/private":
          policy: "deny"
      node:
        "my-node":
          policy: "write"

Scanned by Steampunk Spotter

- name: update the policy rules associated to a token
  consul_acl:
    host: consul1.example.com
    mgmt_token: 123-456-789-123-456
    name: "foo-access"
    token: 456-456-789-123-456
    rules:
      node:
        "my-node":
          policy: "write"

Scanned by Steampunk Spotter

- name: remove a token
  consul_acl:
    host: consul1.example.com
    mgmt_token: 123-456-789-123-456
    token: 456-456-789-123-456
    state: absent

Inputs

    
host:
    default: localhost
    description:
    - host of the consul api, defaults to localhost
    required: false

name:
    description:
    - the name that should be associated with the token and its policy (alpha-numeric
      only)
    required: true

port:
    default: 8500
    description:
    - port of the consul api, default to 8500
    required: false
    type: int

rules:
    description:
    - rules definition associated to the given token through a policy
    required: false
    type: list

state:
    choices:
    - present
    - absent
    default: present
    description:
    - add or remove the token and its policy
    required: false

token:
    description:
    - the wanted uuid for the token. If not set, consul will generate it
    required: false

scheme:
    default: http
    description:
    - protocol scheme of the consul api, default http
    required: false

mgmt_token:
    description:
    - admin token to manipulate tokens and policies.

validate_certs:
    default: true
    description:
    - whether to verify the tls certificate of the consul api
    required: false
    type: bool

Outputs

operation:
  description: the operation performed on the ACL
  returned: changed
  sample: update
  type: str
rules:
  description: the HCL JSON representation of the rules associated to the ACL, in
    the format described in the Consul documentation (https://www.consul.io/docs/guides/acl.html#rule-specification).
  returned: I(status) == "present"
  sample:
    key:
      bar:
        policy: deny
      foo:
        policy: write
  type: str
token:
  description: the token associated to the ACL (the ACL's ID)
  returned: success
  sample: a2ec332f-04cf-6fba-e8b8-acf62444d3da
  type: str