community.general.consul_policy module – Manipulate Consul policies
Note
This module is part of the community.general collection (version 10.1.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.general
.
To use it in a playbook, specify: community.general.consul_policy
.
New in community.general 7.2.0
Synopsis
Allows the addition, modification and deletion of policies in a consul cluster via the agent. For more details on using and configuring ACLs, see https://www.consul.io/docs/guides/acl.html.
Parameters
Parameter |
Comments |
---|---|
The CA bundle to use for https connections |
|
Description of the policy. |
|
Host of the consul agent, defaults to Default: |
|
The name that should be associated with the policy, this is opaque to Consul. |
|
The port on which the consul agent is running. Default: |
|
Rule document that should be associated with the current policy. |
|
The protocol scheme on which the consul agent is running. Defaults to Default: |
|
Whether the policy should be present or absent. Choices:
|
|
The token to use for authorization. |
|
Valid datacenters for the policy. All if list is empty. |
|
Whether to verify the TLS certificate of the consul agent. Choices:
|
Attributes
Attribute |
Support |
Description |
---|---|---|
Action group: community.general.consul added in community.general 8.3.0 |
Use |
|
Support: full added in community.general 8.3.0 |
Can run in |
|
Support: partial added in community.general 8.3.0 In check mode the diff will miss operational attributes. |
Will return details on what has changed (or possibly needs changing in |
Examples
- name: Create a policy with rules
community.general.consul_policy:
host: consul1.example.com
token: some_management_acl
name: foo-access
rules: |
key "foo" {
policy = "read"
}
key "private/foo" {
policy = "deny"
}
- name: Update the rules associated to a policy
community.general.consul_policy:
host: consul1.example.com
token: some_management_acl
name: foo-access
rules: |
key "foo" {
policy = "read"
}
key "private/foo" {
policy = "deny"
}
event "bbq" {
policy = "write"
}
- name: Remove a policy
community.general.consul_policy:
host: consul1.example.com
token: some_management_acl
name: foo-access
state: absent
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
The operation performed. Returned: changed Sample: |
|
The policy as returned by the consul HTTP API. Returned: always Sample: |