Documentation

consul_acl - manipulate consul acl keys and rules

New in version 2.0.

Synopsis

Requirements (on host that executes module)

  • python >= 2.6
  • python-consul
  • pyhcl
  • requests

Options

parameter required default choices comments
host
no localhost
host of the consul agent defaults to localhost
mgmt_token
no
a management token is required to manipulate the acl lists
name
no
the name that should be associated with the acl key, this is opaque to Consul
port
no 8500
the port on which the consul agent is running
rules
no
an list of the rules that should be associated with a given token.
scheme
(added in 2.1)
no http
the protocol scheme on which the consul agent is running
state
no present
  • present
  • absent
whether the ACL pair should be present or absent
token
no
the token key indentifying an ACL rule set. If generated by consul this will be a UUID.
token_type
no client
  • client
  • management
the type of token that should be created, either management or client
validate_certs
(added in 2.1)
no True
whether to verify the tls certificate of the consul agent

Examples

- name: create an acl token with rules
  consul_acl:
    mgmt_token: 'some_management_acl'
    host: 'consul1.mycluster.io'
    name: 'Foo access'
    rules:
      - key: 'foo'
        policy: read
      - key: 'private/foo'
        policy: deny

- name: create an acl with specific token with both key and service rules
  consul_acl:
    mgmt_token: 'some_management_acl'
    name: 'Foo access'
    token: 'some_client_token'
    rules:
      - key: 'foo'
        policy: read
      - service: ''
        policy: write
      - service: 'secret-'
        policy: deny

- name: remove a token
  consul_acl:
    mgmt_token: 'some_management_acl'
    host: 'consul1.mycluster.io'
    token: '172bd5c8-9fe9-11e4-b1b0-3c15c2c9fd5e'
    state: absent

Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

Support

This module is community maintained without core committer oversight.

For more information on what this means please read Module Support

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Helping Testing PRs and Developing Modules.