community.general.consul_token module – Manipulate Consul tokens
Note
This module is part of the community.general collection (version 9.5.1).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.general
.
To use it in a playbook, specify: community.general.consul_token
.
New in community.general 8.3.0
Synopsis
Allows the addition, modification and deletion of tokens in a consul cluster via the agent. For more details on using and configuring ACLs, see https://www.consul.io/docs/guides/acl.html.
Parameters
Parameter |
Comments |
---|---|
Specifies a UUID to use as the token’s Accessor ID. If not specified a UUID will be generated for this field. |
|
The CA bundle to use for https connections |
|
Free form human readable description of the token. |
|
This is a convenience field and if set will initialize the |
|
Host of the consul agent, defaults to Default: |
|
If true, indicates that the token should not be replicated globally and instead be local to the current datacenter. Choices:
|
|
List of node identities to attach to the token. If not specified, any node identities currently assigned will not be changed. If the parameter is an empty array ( |
|
The nodes datacenter. This will result in effective token only being valid in this datacenter. |
|
The name of the node. Must not be longer than 256 characters, must start and end with a lowercase alphanumeric character. May only contain lowercase alphanumeric characters as well as |
|
List of policies to attach to the token. Each policy is a dict. If the parameter is left blank, any policies currently assigned will not be changed. Any empty array ( |
|
The ID of the policy to attach to this token; see community.general.consul_policy for more info. Either this or |
|
The name of the policy to attach to this token; see community.general.consul_policy for more info. Either this or |
|
The port on which the consul agent is running. Default: |
|
List of roles to attach to the token. Each role is a dict. If the parameter is left blank, any roles currently assigned will not be changed. Any empty array ( |
|
The ID of the role to attach to this token; see community.general.consul_role for more info. Either this or |
|
The name of the role to attach to this token; see community.general.consul_role for more info. Either this or |
|
The protocol scheme on which the consul agent is running. Defaults to Default: |
|
Specifies a UUID to use as the token’s Secret ID. If not specified a UUID will be generated for this field. |
|
List of service identities to attach to the token. If not specified, any service identities currently assigned will not be changed. If the parameter is an empty array ( |
|
The datacenters the token will be effective. If an empty array ( including those which do not yet exist but may in the future. |
|
The name of the service. Must not be longer than 256 characters, must start and end with a lowercase alphanumeric character. May only contain lowercase alphanumeric characters as well as |
|
Whether the token should be present or absent. Choices:
|
|
The list of templated policies that should be applied to the role. |
|
The templated policy name. |
|
The templated policy variables. Not all templated policies require variables. |
|
The token to use for authorization. |
|
Whether to verify the TLS certificate of the consul agent. Choices:
|
Attributes
Attribute |
Support |
Description |
---|---|---|
Action group: community.general.consul added in community.general 8.3.0 |
Use |
|
Support: full |
Can run in |
|
Support: partial In check mode the diff will miss operational attributes. |
Will return details on what has changed (or possibly needs changing in |
Examples
- name: Create / Update a token by accessor_id
community.general.consul_token:
state: present
accessor_id: 07a7de84-c9c7-448a-99cc-beaf682efd21
token: 8adddd91-0bd6-d41d-ae1a-3b49cfa9a0e8
roles:
- name: role1
- name: role2
service_identities:
- service_name: service1
datacenters: [dc1, dc2]
node_identities:
- node_name: node1
datacenter: dc1
expiration_ttl: 50m
- name: Delete a token
community.general.consul_token:
state: absent
accessor_id: 07a7de84-c9c7-448a-99cc-beaf682efd21
token: 8adddd91-0bd6-d41d-ae1a-3b49cfa9a0e8
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
The operation performed. Returned: changed Sample: |
|
The token as returned by the consul HTTP API. Returned: always Sample: |