community.general.consul_role module – Manipulate Consul roles
Note
This module is part of the community.general collection (version 9.5.1).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.general
.
To use it in a playbook, specify: community.general.consul_role
.
New in community.general 7.5.0
Synopsis
Allows the addition, modification and deletion of roles in a consul cluster via the agent. For more details on using and configuring ACLs, see https://www.consul.io/docs/guides/acl.html.
Parameters
Parameter |
Comments |
---|---|
The CA bundle to use for https connections |
|
Description of the role. If not specified, the assigned description will not be changed. |
|
Host of the consul agent, defaults to Default: |
|
A name used to identify the role. |
|
List of node identities to attach to the role. If not specified, any node identities currently assigned will not be changed. If the parameter is an empty array ( |
|
The nodes datacenter. This will result in effective policy only being valid in this datacenter. |
|
The name of the node. Must not be longer than 256 characters, must start and end with a lowercase alphanumeric character. May only contain lowercase alphanumeric characters as well as - and _. This suboption has been renamed from |
|
List of policies to attach to the role. Each policy is a dict. If the parameter is left blank, any policies currently assigned will not be changed. Any empty array ( |
|
The ID of the policy to attach to this role; see community.general.consul_policy for more info. Either this or |
|
The name of the policy to attach to this role; see community.general.consul_policy for more info. Either this or |
|
The port on which the consul agent is running. Default: |
|
The protocol scheme on which the consul agent is running. Defaults to Default: |
|
List of service identities to attach to the role. If not specified, any service identities currently assigned will not be changed. If the parameter is an empty array ( |
|
The datacenters the policies will be effective. This will result in effective policy only being valid in this datacenter. If an empty array ( including those which do not yet exist but may in the future. |
|
The name of the node. Must not be longer than 256 characters, must start and end with a lowercase alphanumeric character. May only contain lowercase alphanumeric characters as well as - and _. This suboption has been renamed from |
|
whether the role should be present or absent. Choices:
|
|
The list of templated policies that should be applied to the role. |
|
The templated policy name. |
|
The templated policy variables. Not all templated policies require variables. |
|
The token to use for authorization. |
|
Whether to verify the TLS certificate of the consul agent. Choices:
|
Attributes
Attribute |
Support |
Description |
---|---|---|
Action group: community.general.consul added in community.general 8.3.0 |
Use |
|
Support: full |
Can run in |
|
Support: partial added in community.general 8.3.0 In check mode the diff will miss operational attributes. |
Will return details on what has changed (or possibly needs changing in |
Examples
- name: Create a role with 2 policies
community.general.consul_role:
host: consul1.example.com
token: some_management_acl
name: foo-role
policies:
- id: 783beef3-783f-f41f-7422-7087dc272765
- name: "policy-1"
- name: Create a role with service identity
community.general.consul_role:
host: consul1.example.com
token: some_management_acl
name: foo-role-2
service_identities:
- name: web
datacenters:
- dc1
- name: Create a role with node identity
community.general.consul_role:
host: consul1.example.com
token: some_management_acl
name: foo-role-3
node_identities:
- name: node-1
datacenter: dc2
- name: Remove a role
community.general.consul_role:
host: consul1.example.com
token: some_management_acl
name: foo-role-3
state: absent
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
The operation performed on the role. Returned: changed Sample: |
|
The role object. Returned: success Sample: |