community.general.consul_policy module – Manipulate Consul policies

Note

This module is part of the community.general collection (version 10.1.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.consul_policy.

New in community.general 7.2.0

Synopsis

Parameters

Parameter

Comments

ca_path

string

The CA bundle to use for https connections

description

string

Description of the policy.

host

string

Host of the consul agent, defaults to localhost.

Default: "localhost"

name

string / required

The name that should be associated with the policy, this is opaque to Consul.

port

integer

The port on which the consul agent is running.

Default: 8500

rules

string

Rule document that should be associated with the current policy.

scheme

string

The protocol scheme on which the consul agent is running. Defaults to http and can be set to https for secure connections.

Default: "http"

state

string

Whether the policy should be present or absent.

Choices:

  • "present" ← (default)

  • "absent"

token

string

The token to use for authorization.

valid_datacenters

list / elements=string

Valid datacenters for the policy. All if list is empty.

validate_certs

boolean

Whether to verify the TLS certificate of the consul agent.

Choices:

  • false

  • true ← (default)

Attributes

Attribute

Support

Description

action_group

Action group: community.general.consul

added in community.general 8.3.0

Use group/community.general.consul in module_defaults to set defaults for this module.

check_mode

Support: full

added in community.general 8.3.0

Can run in check_mode and return changed status prediction without modifying target.

diff_mode

Support: partial

added in community.general 8.3.0

In check mode the diff will miss operational attributes.

Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.

Examples

- name: Create a policy with rules
  community.general.consul_policy:
    host: consul1.example.com
    token: some_management_acl
    name: foo-access
    rules: |
        key "foo" {
            policy = "read"
        }
        key "private/foo" {
            policy = "deny"
        }

- name: Update the rules associated to a policy
  community.general.consul_policy:
    host: consul1.example.com
    token: some_management_acl
    name: foo-access
    rules: |
        key "foo" {
            policy = "read"
        }
        key "private/foo" {
            policy = "deny"
        }
        event "bbq" {
            policy = "write"
        }

- name: Remove a policy
  community.general.consul_policy:
    host: consul1.example.com
    token: some_management_acl
    name: foo-access
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

operation

string

The operation performed.

Returned: changed

Sample: "update"

policy

dictionary

The policy as returned by the consul HTTP API.

Returned: always

Sample: {"CreateIndex": 632, "Description": "Testing", "Hash": "rj5PeDHddHslkpW7Ij4OD6N4bbSXiecXFmiw2SYXg2A=", "Name": "foo-access", "Rules": "key \"foo\" {\n    policy = \"read\"\n}\nkey \"private/foo\" {\n    policy = \"deny\"\n}"}

Authors

  • Håkon Lerring (@Hakon)