New in version 2.0.
allows the addition, modification and deletion of ACL keys and associated rules in a consul cluster via the agent. For more details on using and configuring ACLs, see https://www.consul.io/docs/internals/acl.html.
| parameter | required | default | choices | comments |
|---|---|---|---|---|
| host | no | localhost | host of the consul agent defaults to localhost |
|
| mgmt_token | no | a management token is required to manipulate the acl lists |
||
| name | no | the name that should be associated with the acl key, this is opaque to Consul |
||
| port | no | 8500 | the port on which the consul agent is running |
|
| rules | no | an list of the rules that should be associated with a given token. |
||
| scheme (added in 2.1)
| no | http | the protocol scheme on which the consul agent is running |
|
| state | no | present |
| whether the ACL pair should be present or absent |
| token | no | the token key indentifying an ACL rule set. If generated by consul this will be a UUID. |
||
| token_type | no | client |
| the type of token that should be created, either management or client |
| validate_certs (added in 2.1)
| no | True | whether to verify the tls certificate of the consul agent |
- name: create an acl token with rules
consul_acl:
mgmt_token: 'some_management_acl'
host: 'consul1.mycluster.io'
name: 'Foo access'
rules:
- key: 'foo'
policy: read
- key: 'private/foo'
policy: deny
- name: create an acl with specific token with both key and serivce rules
consul_acl:
mgmt_token: 'some_management_acl'
name: 'Foo access'
token: 'some_client_token'
rules:
- key: 'foo'
policy: read
- service: ''
policy: write
- service: 'secret-'
policy: deny
- name: remove a token
consul_acl:
mgmt_token: 'some_management_acl'
host: 'consul1.mycluster.io'
token: '172bd5c8-9fe9-11e4-b1b0-3c15c2c9fd5e'
state: absent
For more information on what this means please read Extras Modules
For help in developing on modules, should you be so inclined, please read Community Information & Contributing, developing_test_pr and Developing Modules.
© 2012–2016 Michael DeHaan
© 2016 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/consul_acl_module.html