New in version 2.0.
- python >= 2.6
- python-consul
- pyhcl
- requests
parameter | required | default | choices | comments |
---|---|---|---|---|
host |
no | localhost | host of the consul agent defaults to localhost | |
mgmt_token |
no | a management token is required to manipulate the acl lists | ||
name |
no | the name that should be associated with the acl key, this is opaque to Consul | ||
port |
no | 8500 | the port on which the consul agent is running | |
rules |
no | an list of the rules that should be associated with a given token. | ||
scheme (added in 2.1) |
no | http | the protocol scheme on which the consul agent is running | |
state |
no | present |
|
whether the ACL pair should be present or absent |
token |
no | the token key indentifying an ACL rule set. If generated by consul this will be a UUID. | ||
token_type |
no | client |
|
the type of token that should be created, either management or client |
validate_certs (added in 2.1) |
no | True | whether to verify the tls certificate of the consul agent |
- name: create an acl token with rules consul_acl: mgmt_token: 'some_management_acl' host: 'consul1.mycluster.io' name: 'Foo access' rules: - key: 'foo' policy: read - key: 'private/foo' policy: deny - name: create an acl with specific token with both key and service rules consul_acl: mgmt_token: 'some_management_acl' name: 'Foo access' token: 'some_client_token' rules: - key: 'foo' policy: read - service: '' policy: write - service: 'secret-' policy: deny - name: remove a token consul_acl: mgmt_token: 'some_management_acl' host: 'consul1.mycluster.io' token: '172bd5c8-9fe9-11e4-b1b0-3c15c2c9fd5e' state: absent
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
This module is community maintained without core committer oversight.
For more information on what this means please read Module Support
For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Helping Testing PRs and Developing Modules.