community.general.consul_policy module – Manipulate Consul policies

Note

This module is part of the community.general collection (version 9.4.0).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.consul_policy.

New in community.general 7.2.0

Synopsis

• Allows the addition, modification and deletion of policies in a consul cluster via the agent. For more details on using and configuring ACLs, see https://www.consul.io/docs/guides/acl.html.

Parameters

Parameter	Comments
ca_path string	The CA bundle to use for https connections
description string	Description of the policy.
host string	Host of the consul agent, defaults to localhost. Default: "localhost"
name string / required	The name that should be associated with the policy, this is opaque to Consul.
port integer	The port on which the consul agent is running. Default: 8500
rules string	Rule document that should be associated with the current policy.
scheme string	The protocol scheme on which the consul agent is running. Defaults to http and can be set to https for secure connections. Default: "http"
state string	Whether the policy should be present or absent. Choices: "present" ← (default) "absent"
token string	The token to use for authorization.
valid_datacenters list / elements=string	Valid datacenters for the policy. All if list is empty.
validate_certs boolean	Whether to verify the TLS certificate of the consul agent. Choices: false true ← (default)

Attributes

Attribute	Support	Description
action_group	Action group: community.general.consul added in community.general 8.3.0	Use group/community.general.consul in module_defaults to set defaults for this module.
check_mode	Support: full added in community.general 8.3.0	Can run in check_mode and return changed status prediction without modifying target.
diff_mode	Support: partial added in community.general 8.3.0 In check mode the diff will miss operational attributes.	Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.

Examples

- name: Create a policy with rules
  community.general.consul_policy:
    host: consul1.example.com
    token: some_management_acl
    name: foo-access
    rules: |
        key "foo" {
            policy = "read"
        }
        key "private/foo" {
            policy = "deny"
        }

- name: Update the rules associated to a policy
  community.general.consul_policy:
    host: consul1.example.com
    token: some_management_acl
    name: foo-access
    rules: |
        key "foo" {
            policy = "read"
        }
        key "private/foo" {
            policy = "deny"
        }
        event "bbq" {
            policy = "write"
        }

- name: Remove a policy
  community.general.consul_policy:
    host: consul1.example.com
    token: some_management_acl
    name: foo-access
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Description
operation string	The operation performed. Returned: changed Sample: "update"
policy dictionary	The policy as returned by the consul HTTP API. Returned: always Sample: {"CreateIndex": 632, "Description": "Testing", "Hash": "rj5PeDHddHslkpW7Ij4OD6N4bbSXiecXFmiw2SYXg2A=", "Name": "foo-access", "Rules": "key \"foo\" {\n    policy = \"read\"\n}\nkey \"private/foo\" {\n    policy = \"deny\"\n}"}

Authors

• Håkon Lerring (@Hakon)

Collection links

• Issue Tracker
• Repository (Sources)
• Ask for help
• Submit a bug report
• Request a feature
• Communication