community.general.consul_binding_rule module – Manipulate Consul binding rules
Note
This module is part of the community.general collection (version 9.5.1).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.general
.
To use it in a playbook, specify: community.general.consul_binding_rule
.
New in community.general 8.3.0
Synopsis
Allows the addition, modification and deletion of binding rules in a consul cluster via the agent. For more details on using and configuring binding rules, see https://developer.hashicorp.com/consul/api-docs/acl/binding-rules.
Parameters
Parameter |
Comments |
---|---|
The name of the auth method that this rule applies to. |
|
The name to bind to a token at login-time. What it binds to can be adjusted with different values of the |
|
Specifies the way the binding rule affects a token created at login. Choices:
|
|
Specifies the templated policy variables when |
|
The CA bundle to use for https connections |
|
Free form human readable description of the binding rule. |
|
Host of the consul agent, defaults to Default: |
|
Specifies a name for the binding rule. Note: This is used to identify the binding rule. But since the API does not support a name, it is prefixed to the description. |
|
The port on which the consul agent is running. Default: |
|
The protocol scheme on which the consul agent is running. Defaults to Default: |
|
Specifies the expression used to match this rule against valid identities returned from an auth method validation. If empty this binding rule matches all valid identities returned from the auth method. |
|
Whether the binding rule should be present or absent. Choices:
|
|
The token to use for authorization. |
|
Whether to verify the TLS certificate of the consul agent. Choices:
|
Attributes
Attribute |
Support |
Description |
---|---|---|
Action group: community.general.consul |
Use |
|
Support: full |
Can run in |
|
Support: partial In check mode the diff will miss operational attributes. |
Will return details on what has changed (or possibly needs changing in |
Examples
- name: Create a binding rule
community.general.consul_binding_rule:
name: my_name
description: example rule
auth_method: minikube
bind_type: service
bind_name: "{{ serviceaccount.name }}"
token: "{{ consul_management_token }}"
- name: Remove a binding rule
community.general.consul_binding_rule:
name: my_name
auth_method: minikube
state: absent
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
The binding rule as returned by the consul HTTP API. Returned: always Sample: |
|
The operation performed. Returned: changed Sample: |