community.general.consul_binding_rule module – Manipulate Consul binding rules

Note

This module is part of the community.general collection (version 9.4.0).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.consul_binding_rule.

New in community.general 8.3.0

Synopsis

Parameters

Parameter

Comments

auth_method

string / required

The name of the auth method that this rule applies to.

bind_name

string

The name to bind to a token at login-time.

What it binds to can be adjusted with different values of the bind_type parameter.

bind_type

string

Specifies the way the binding rule affects a token created at login.

Choices:

  • "service"

  • "node"

  • "role"

  • "templated-policy"

bind_vars

dictionary

Specifies the templated policy variables when bind_type is set to templated-policy.

ca_path

string

The CA bundle to use for https connections

description

string

Free form human readable description of the binding rule.

host

string

Host of the consul agent, defaults to localhost.

Default: "localhost"

name

string / required

Specifies a name for the binding rule.

Note: This is used to identify the binding rule. But since the API does not support a name, it is prefixed to the description.

port

integer

The port on which the consul agent is running.

Default: 8500

scheme

string

The protocol scheme on which the consul agent is running. Defaults to http and can be set to https for secure connections.

Default: "http"

selector

string

Specifies the expression used to match this rule against valid identities returned from an auth method validation.

If empty this binding rule matches all valid identities returned from the auth method.

state

string

Whether the binding rule should be present or absent.

Choices:

  • "present" ← (default)

  • "absent"

token

string

The token to use for authorization.

validate_certs

boolean

Whether to verify the TLS certificate of the consul agent.

Choices:

  • false

  • true ← (default)

Attributes

Attribute

Support

Description

action_group

Action group: community.general.consul

Use group/community.general.consul in module_defaults to set defaults for this module.

check_mode

Support: full

Can run in check_mode and return changed status prediction without modifying target.

diff_mode

Support: partial

In check mode the diff will miss operational attributes.

Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.

Examples

- name: Create a binding rule
  community.general.consul_binding_rule:
    name: my_name
    description: example rule
    auth_method: minikube
    bind_type: service
    bind_name: "{{ serviceaccount.name }}"
    token: "{{ consul_management_token }}"

- name: Remove a binding rule
  community.general.consul_binding_rule:
    name: my_name
    auth_method: minikube
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

binding_rule

dictionary

The binding rule as returned by the consul HTTP API.

Returned: always

Sample: {"AuthMethod": "minikube", "BindName": "{{ serviceaccount.name }}", "BindType": "service", "CreateIndex": 30, "Description": "my_name: example rule", "ID": "59c8a237-e481-4239-9202-45f117950c5f", "ModifyIndex": 33, "Selector": "serviceaccount.namespace==default"}

operation

string

The operation performed.

Returned: changed

Sample: "update"

Authors

  • Florian Apolloner (@apollo13)