New in version 2.0.
allows the addition, modification and deletion of ACL keys and associated rules in a consul cluster via the agent. For more details on using and configuring ACLs, see https://www.consul.io/docs/internals/acl.html.
- python >= 2.6
- python-consul
- pyhcl
- requests
parameter | required | default | choices | comments |
---|---|---|---|---|
host |
no | localhost | host of the consul agent defaults to localhost | |
mgmt_token |
no | a management token is required to manipulate the acl lists | ||
name |
no | the name that should be associated with the acl key, this is opaque to Consul | ||
port |
no | 8500 | the port on which the consul agent is running | |
rules |
no | an list of the rules that should be associated with a given token. | ||
scheme (added in 2.1) |
no | http | the protocol scheme on which the consul agent is running | |
state |
no |
|
whether the ACL pair should be present or absent, defaults to present | |
token |
no | the token key indentifying an ACL rule set. If generated by consul this will be a UUID. | ||
type |
no |
|
the type of token that should be created, either management or client, defaults to client | |
validate_certs (added in 2.1) |
no | True | whether to verify the tls certificate of the consul agent |
- name: create an acl token with rules consul_acl: mgmt_token: 'some_management_acl' host: 'consul1.mycluster.io' name: 'Foo access' rules: - key: 'foo' policy: read - key: 'private/foo' policy: deny - name: create an acl with specific token with both key and serivce rules consul_acl: mgmt_token: 'some_management_acl' name: 'Foo access' token: 'some_client_token' rules: - key: 'foo' policy: read - service: '' policy: write - service: 'secret-' policy: deny - name: remove a token consul_acl: mgmt_token: 'some_management_acl' host: 'consul1.mycluster.io' token: '172bd5c8-9fe9-11e4-b1b0-3c15c2c9fd5e' state: absent
For more information on what this means please read Extras Modules
For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Helping Testing PRs and Developing Modules.