community.general.consul_token module – Manipulate Consul tokens
Note
This module is part of the community.general collection (version 9.4.0).
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install community.general.
To use it in a playbook, specify: community.general.consul_token.
New in community.general 8.3.0
Synopsis
Allows the addition, modification and deletion of tokens in a consul cluster via the agent. For more details on using and configuring ACLs, see https://www.consul.io/docs/guides/acl.html.
Parameters
Parameter |
Comments |
|---|---|
Specifies a UUID to use as the token’s Accessor ID. If not specified a UUID will be generated for this field. |
|
The CA bundle to use for https connections |
|
Free form human readable description of the token. |
|
This is a convenience field and if set will initialize the |
|
Host of the consul agent, defaults to Default: |
|
If true, indicates that the token should not be replicated globally and instead be local to the current datacenter. Choices:
|
|
List of node identities to attach to the token. If not specified, any node identities currently assigned will not be changed. If the parameter is an empty array ( |
|
The nodes datacenter. This will result in effective token only being valid in this datacenter. |
|
The name of the node. Must not be longer than 256 characters, must start and end with a lowercase alphanumeric character. May only contain lowercase alphanumeric characters as well as |
|
List of policies to attach to the token. Each policy is a dict. If the parameter is left blank, any policies currently assigned will not be changed. Any empty array ( |
|
The ID of the policy to attach to this token; see community.general.consul_policy for more info. Either this or |
|
The name of the policy to attach to this token; see community.general.consul_policy for more info. Either this or |
|
The port on which the consul agent is running. Default: |
|
List of roles to attach to the token. Each role is a dict. If the parameter is left blank, any roles currently assigned will not be changed. Any empty array ( |
|
The ID of the role to attach to this token; see community.general.consul_role for more info. Either this or |
|
The name of the role to attach to this token; see community.general.consul_role for more info. Either this or |
|
The protocol scheme on which the consul agent is running. Defaults to Default: |
|
Specifies a UUID to use as the token’s Secret ID. If not specified a UUID will be generated for this field. |
|
List of service identities to attach to the token. If not specified, any service identities currently assigned will not be changed. If the parameter is an empty array ( |
|
The datacenters the token will be effective. If an empty array ( including those which do not yet exist but may in the future. |
|
The name of the service. Must not be longer than 256 characters, must start and end with a lowercase alphanumeric character. May only contain lowercase alphanumeric characters as well as |
|
Whether the token should be present or absent. Choices:
|
|
The list of templated policies that should be applied to the role. |
|
The templated policy name. |
|
The templated policy variables. Not all templated policies require variables. |
|
The token to use for authorization. |
|
Whether to verify the TLS certificate of the consul agent. Choices:
|
Attributes
Attribute |
Support |
Description |
|---|---|---|
Action group: community.general.consul added in community.general 8.3.0 |
Use |
|
Support: full |
Can run in |
|
Support: partial In check mode the diff will miss operational attributes. |
Will return details on what has changed (or possibly needs changing in |
Examples
- name: Create / Update a token by accessor_id
community.general.consul_token:
state: present
accessor_id: 07a7de84-c9c7-448a-99cc-beaf682efd21
token: 8adddd91-0bd6-d41d-ae1a-3b49cfa9a0e8
roles:
- name: role1
- name: role2
service_identities:
- service_name: service1
datacenters: [dc1, dc2]
node_identities:
- node_name: node1
datacenter: dc1
expiration_ttl: 50m
- name: Delete a token
community.general.consul_token:
state: absent
accessor_id: 07a7de84-c9c7-448a-99cc-beaf682efd21
token: 8adddd91-0bd6-d41d-ae1a-3b49cfa9a0e8
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
The operation performed. Returned: changed Sample: |
|
The token as returned by the consul HTTP API. Returned: always Sample: |