New in version 2.0.
allows the addition, modification and deletion of ACL keys and associated rules in a consul cluster via the agent. For more details on using and configuring ACLs, see https://www.consul.io/docs/internals/acl.html.
- python >= 2.6
host of the consul agent defaults to localhost
a management token is required to manipulate the acl lists
the name that should be associated with the acl key, this is opaque to Consul
the port on which the consul agent is running
an list of the rules that should be associated with a given token.
(added in 2.1)
the protocol scheme on which the consul agent is running
whether the ACL pair should be present or absent, defaults to present
the token key indentifying an ACL rule set. If generated by consul this will be a UUID.
the type of token that should be created, either management or client, defaults to client
(added in 2.1)
whether to verify the tls certificate of the consul agent
- name: create an acl token with rules consul_acl: mgmt_token: 'some_management_acl' host: 'consul1.mycluster.io' name: 'Foo access' rules: - key: 'foo' policy: read - key: 'private/foo' policy: deny - name: create an acl with specific token with both key and serivce rules consul_acl: mgmt_token: 'some_management_acl' name: 'Foo access' token: 'some_client_token' rules: - key: 'foo' policy: read - service: '' policy: write - service: 'secret-' policy: deny - name: remove a token consul_acl: mgmt_token: 'some_management_acl' host: 'consul1.mycluster.io' token: '172bd5c8-9fe9-11e4-b1b0-3c15c2c9fd5e' state: absent