W3cubDocs

/Ansible

consul_acl - manipulate consul acl keys and rules

New in version 2.0.

Synopsis
Requirements (on host that executes module)
Options
Examples
This is an Extras Module

Synopsis

allows the addition, modification and deletion of ACL keys and associated rules in a consul cluster via the agent. For more details on using and configuring ACLs, see https://www.consul.io/docs/internals/acl.html.

Requirements (on host that executes module)

python >= 2.6
python-consul
pyhcl
requests

Options

parameter	required	default	choices	comments
host	no	localhost		host of the consul agent defaults to localhost
mgmt_token	no			a management token is required to manipulate the acl lists
name	no			the name that should be associated with the acl key, this is opaque to Consul
port	no	8500		the port on which the consul agent is running
rules	no			an list of the rules that should be associated with a given token.
scheme (added in 2.1)	no	http		the protocol scheme on which the consul agent is running
state	no	present	present absent	whether the ACL pair should be present or absent
token	no			the token key indentifying an ACL rule set. If generated by consul this will be a UUID.
token_type	no	client	client management	the type of token that should be created, either management or client
validate_certs (added in 2.1)	no	True		whether to verify the tls certificate of the consul agent

Examples

- name: create an acl token with rules
  consul_acl:
    mgmt_token: 'some_management_acl'
    host: 'consul1.mycluster.io'
    name: 'Foo access'
    rules:
      - key: 'foo'
        policy: read
      - key: 'private/foo'
        policy: deny

- name: create an acl with specific token with both key and serivce rules
  consul_acl:
    mgmt_token: 'some_management_acl'
    name: 'Foo access'
    token: 'some_client_token'
    rules:
      - key: 'foo'
        policy: read
      - service: ''
        policy: write
      - service: 'secret-'
        policy: deny

- name: remove a token
  consul_acl:
    mgmt_token: 'some_management_acl'
    host: 'consul1.mycluster.io'
    token: '172bd5c8-9fe9-11e4-b1b0-3c15c2c9fd5e'
    state: absent

This is an Extras Module

For more information on what this means please read Extras Modules

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, developing_test_pr and Developing Modules.

© 2012–2016 Michael DeHaan
© 2016 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/consul_acl_module.html