community.general.consul_acl module – Manipulate Consul ACL keys and rules
Note
This module is part of the community.general collection (version 9.4.0).
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install community.general.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: community.general.consul_acl.
DEPRECATED
- Removed in:
version 10.0.0
- Why:
The legacy ACL system was removed from Consul.
- Alternative:
Use community.general.consul_token and/or community.general.consul_policy instead.
Synopsis
Allows the addition, modification and deletion of ACL keys and associated rules in a consul cluster via the agent. For more details on using and configuring ACLs, see https://www.consul.io/docs/guides/acl.html.
Requirements
The below requirements are needed on the host that executes this module.
python-consul
pyhcl
requests
Parameters
Parameter |
Comments |
|---|---|
host of the consul agent defaults to localhost Default: |
|
a management token is required to manipulate the acl lists |
|
the name that should be associated with the acl key, this is opaque to Consul |
|
the port on which the consul agent is running Default: |
|
rules that should be associated with a given token |
|
the protocol scheme on which the consul agent is running Default: |
|
whether the ACL pair should be present or absent Choices:
|
|
the token key identifying an ACL rule set. If generated by consul this will be a UUID |
|
the type of token that should be created Choices:
|
|
whether to verify the tls certificate of the consul agent Choices:
|
Attributes
Attribute |
Support |
Description |
|---|---|---|
Support: none |
Can run in |
|
Support: none |
Will return details on what has changed (or possibly needs changing in |
Examples
- name: Create an ACL with rules
community.general.consul_acl:
host: consul1.example.com
mgmt_token: some_management_acl
name: Foo access
rules:
- key: "foo"
policy: read
- key: "private/foo"
policy: deny
- name: Create an ACL with a specific token
community.general.consul_acl:
host: consul1.example.com
mgmt_token: some_management_acl
name: Foo access
token: my-token
rules:
- key: "foo"
policy: read
- name: Update the rules associated to an ACL token
community.general.consul_acl:
host: consul1.example.com
mgmt_token: some_management_acl
name: Foo access
token: some_client_token
rules:
- event: "bbq"
policy: write
- key: "foo"
policy: read
- key: "private"
policy: deny
- keyring: write
- node: "hgs4"
policy: write
- operator: read
- query: ""
policy: write
- service: "consul"
policy: write
- session: "standup"
policy: write
- name: Remove a token
community.general.consul_acl:
host: consul1.example.com
mgmt_token: some_management_acl
token: 172bd5c8-9fe9-11e4-b1b0-3c15c2c9fd5e
state: absent
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
the operation performed on the ACL Returned: changed Sample: |
|
the HCL JSON representation of the rules associated to the ACL, in the format described in the Consul documentation (https://www.consul.io/docs/guides/acl.html#rule-specification). Returned: when Sample: |
|
the token associated to the ACL (the ACL’s ID) Returned: success Sample: |
Status
This module will be removed in version 10.0.0. [deprecated]
For more information see DEPRECATED.