Documentation

consul_acl - manipulate consul acl keys and rules

New in version 2.0.

Synopsis

allows the addition, modification and deletion of ACL keys and associated rules in a consul cluster via the agent. For more details on using and configuring ACLs, see https://www.consul.io/docs/internals/acl.html.

Requirements (on host that executes module)

  • python >= 2.6
  • python-consul
  • pyhcl
  • requests

Options

parameter required default choices comments
host
 no localhost
    host of the consul agent defaults to localhost
    mgmt_token
    		 no
      a management token is required to manipulate the acl lists
      name
      		 no
        the name that should be associated with the acl key, this is opaque to Consul
        port
        		 no 8500
          the port on which the consul agent is running
          rules
          		 no
            an list of the rules that should be associated with a given token.
            scheme
            (added in 2.1)
            		 no http
              the protocol scheme on which the consul agent is running
              state
              		 no
              • present
              • absent
              whether the ACL pair should be present or absent, defaults to present
              token
              		 no
                the token key indentifying an ACL rule set. If generated by consul this will be a UUID.
                type
                		 no
                • client
                • management
                the type of token that should be created, either management or client, defaults to client
                validate_certs
                (added in 2.1)
                		 no True
                  whether to verify the tls certificate of the consul agent

                  Examples

                  - name: create an acl token with rules
  consul_acl:
    mgmt_token: 'some_management_acl'
    host: 'consul1.mycluster.io'
    name: 'Foo access'
    rules:
      - key: 'foo'
        policy: read
      - key: 'private/foo'
        policy: deny

- name: create an acl with specific token with both key and serivce rules
  consul_acl:
    mgmt_token: 'some_management_acl'
    name: 'Foo access'
    token: 'some_client_token'
    rules:
      - key: 'foo'
        policy: read
      - service: ''
        policy: write
      - service: 'secret-'
        policy: deny

- name: remove a token
  consul_acl:
    mgmt_token: 'some_management_acl'
    host: 'consul1.mycluster.io'
    token: '172bd5c8-9fe9-11e4-b1b0-3c15c2c9fd5e'
    state: absent

                  This is an Extras Module

                  For more information on what this means please read Extras Modules

                  For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Helping Testing PRs and Developing Modules.