community.general.consul_auth_method module – Manipulate Consul auth methods

Note

This module is part of the community.general collection (version 9.5.1).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.consul_auth_method.

New in community.general 8.3.0

Synopsis

Parameters

Parameter

Comments

ca_path

string

The CA bundle to use for https connections

config

dictionary

The raw configuration to use for the chosen auth method.

Contents will vary depending upon the type chosen.

Required when the auth method is created.

description

string

Free form human readable description of the auth method.

display_name

string

An optional name to use instead of name when displaying information about this auth method.

host

string

Host of the consul agent, defaults to localhost.

Default: "localhost"

max_token_ttl

string

This specifies the maximum life of any token created by this auth method.

Can be specified in the form of 60s or 5m (that is, 60 seconds or 5 minutes, respectively).

name

string / required

Specifies a name for the ACL auth method.

The name can contain alphanumeric characters, dashes -, and underscores _.

port

integer

The port on which the consul agent is running.

Default: 8500

scheme

string

The protocol scheme on which the consul agent is running. Defaults to http and can be set to https for secure connections.

Default: "http"

state

string

Whether the token should be present or absent.

Choices:

  • "present" ← (default)

  • "absent"

token

string

The token to use for authorization.

token_locality

string

Defines the kind of token that this auth method should produce.

Choices:

  • "local"

  • "global"

type

string

The type of auth method being configured.

This field is immutable.

Required when the auth method is created.

Choices:

  • "kubernetes"

  • "jwt"

  • "oidc"

  • "aws-iam"

validate_certs

boolean

Whether to verify the TLS certificate of the consul agent.

Choices:

  • false

  • true ← (default)

Attributes

Attribute

Support

Description

action_group

Action group: community.general.consul

Use group/community.general.consul in module_defaults to set defaults for this module.

check_mode

Support: full

Can run in check_mode and return changed status prediction without modifying target.

diff_mode

Support: partial

In check mode the diff will miss operational attributes.

Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.

Examples

- name: Create an auth method
  community.general.consul_auth_method:
    name: test
    type: jwt
    config:
      jwt_validation_pubkeys:
        - |
          -----BEGIN PUBLIC KEY-----
          MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1SU1LfVLPHCozMxH2Mo
          4lgOEePzNm0tRgeLezV6ffAt0gunVTLw7onLRnrq0/IzW7yWR7QkrmBL7jTKEn5u
          +qKhbwKfBstIs+bMY2Zkp18gnTxKLxoS2tFczGkPLPgizskuemMghRniWaoLcyeh
          kd3qqGElvW/VDL5AaWTg0nLVkjRo9z+40RQzuVaE8AkAFmxZzow3x+VJYKdjykkJ
          0iT9wCS0DRTXu269V264Vf/3jvredZiKRkgwlL9xNAwxXFg0x/XFw005UWVRIkdg
          cKWTjpBP2dPwVZ4WWC+9aGVd+Gyn1o0CLelf4rEjGoXbAAEgAqeGUxrcIlbjXfbc
          mwIDAQAB
          -----END PUBLIC KEY-----
    token: "{{ consul_management_token }}"

- name: Delete auth method
  community.general.consul_auth_method:
    name: test
    state: absent
    token: "{{ consul_management_token }}"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

auth_method

dictionary

The auth method as returned by the consul HTTP API.

Returned: always

Sample: {"Config": {"JWTValidationPubkeys": ["-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1SU1LfVLPHCozMxH2Mo\n4lgOEePzNm0tRgeLezV6ffAt0gunVTLw7onLRnrq0/IzW7yWR7QkrmBL7jTKEn5u\n+qKhbwKfBstIs+bMY2Zkp18gnTxKLxoS2tFczGkPLPgizskuemMghRniWaoLcyeh\nkd3qqGElvW/VDL5AaWTg0nLVkjRo9z+40RQzuVaE8AkAFmxZzow3x+VJYKdjykkJ\n0iT9wCS0DRTXu269V264Vf/3jvredZiKRkgwlL9xNAwxXFg0x/XFw005UWVRIkdg\ncKWTjpBP2dPwVZ4WWC+9aGVd+Gyn1o0CLelf4rEjGoXbAAEgAqeGUxrcIlbjXfbc\nmwIDAQAB\n-----END PUBLIC KEY-----"]}, "CreateIndex": 416, "ModifyIndex": 487, "Name": "test", "Type": "jwt"}

operation

string

The operation performed.

Returned: changed

Sample: "update"

Authors

  • Florian Apolloner (@apollo13)