community.general.consul_acl – Manipulate Consul ACL keys and rules
Note
This plugin is part of the community.general collection (version 3.8.3).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.general
.
To use it in a playbook, specify: community.general.consul_acl
.
Synopsis
Allows the addition, modification and deletion of ACL keys and associated rules in a consul cluster via the agent. For more details on using and configuring ACLs, see https://www.consul.io/docs/guides/acl.html.
Requirements
The below requirements are needed on the host that executes this module.
python-consul
pyhcl
requests
Parameters
Parameter |
Comments |
---|---|
host of the consul agent defaults to localhost Default: “localhost” |
|
a management token is required to manipulate the acl lists |
|
the name that should be associated with the acl key, this is opaque to Consul |
|
the port on which the consul agent is running Default: 8500 |
|
rules that should be associated with a given token |
|
the protocol scheme on which the consul agent is running Default: “http” |
|
whether the ACL pair should be present or absent Choices:
|
|
the token key identifying an ACL rule set. If generated by consul this will be a UUID |
|
the type of token that should be created Choices:
|
|
whether to verify the tls certificate of the consul agent Choices:
|
Examples
- name: Create an ACL with rules
community.general.consul_acl:
host: consul1.example.com
mgmt_token: some_management_acl
name: Foo access
rules:
- key: "foo"
policy: read
- key: "private/foo"
policy: deny
- name: Create an ACL with a specific token
community.general.consul_acl:
host: consul1.example.com
mgmt_token: some_management_acl
name: Foo access
token: my-token
rules:
- key: "foo"
policy: read
- name: Update the rules associated to an ACL token
community.general.consul_acl:
host: consul1.example.com
mgmt_token: some_management_acl
name: Foo access
token: some_client_token
rules:
- event: "bbq"
policy: write
- key: "foo"
policy: read
- key: "private"
policy: deny
- keyring: write
- node: "hgs4"
policy: write
- operator: read
- query: ""
policy: write
- service: "consul"
policy: write
- session: "standup"
policy: write
- name: Remove a token
community.general.consul_acl:
host: consul1.example.com
mgmt_token: some_management_acl
token: 172bd5c8-9fe9-11e4-b1b0-3c15c2c9fd5e
state: absent
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
the operation performed on the ACL Returned: changed Sample: “update” |
|
the HCL JSON representation of the rules associated to the ACL, in the format described in the Consul documentation (https://www.consul.io/docs/guides/acl.html#rule-specification). Returned: status == “present” Sample: {“key”: {“bar”: {“policy”: “deny”}, “foo”: {“policy”: “write”}}} |
|
the token associated to the ACL (the ACL’s ID) Returned: success Sample: “a2ec332f-04cf-6fba-e8b8-acf62444d3da” |
Authors
Steve Gargan (@sgargan)
Colin Nolan (@colin-nolan)