--- - name: create an ACL with rules consul_acl: host: "{{ acl_host }}" mgmt_token: "{{ mgmt_token }}" name: "{{ test_consul_acl_token_name }}" rules: - event: "bbq" policy: write - key: "foo" policy: read - key: "private" policy: deny - keyring: write - node: "hgs4" policy: write - operator: read - query: "" policy: write - service: "consul" policy: write - session: "standup" policy: write register: created_acl - name: verify created ACL's rules assert: that: - created_acl.changed - created_acl.operation == "create" - created_acl.token | length == 36 - (created_acl.rules | json_query("event.bbq.policy")) == "write" - (created_acl.rules | json_query("key.foo.policy")) == "read" - (created_acl.rules | json_query("key.private.policy")) == "deny" - (created_acl.rules | json_query("keyring")) == "write" - (created_acl.rules | json_query("node.hgs4.policy")) == "write" - (created_acl.rules | json_query("operator")) == "read" - (created_acl.rules | json_query('query."".policy')) == "write" - (created_acl.rules | json_query("service.consul.policy")) == "write" - (created_acl.rules | json_query("session.standup.policy")) == "write" - name: create same ACL consul_acl: host: "{{ acl_host }}" mgmt_token: "{{ mgmt_token }}" name: "{{ test_consul_acl_token_name }}" rules: - event: "bbq" policy: write - key: "foo" policy: read - key: "private" policy: deny - keyring: write - node: "hgs4" policy: write - operator: read - query: "" policy: write - service: "consul" policy: write - session: "standup" policy: write register: doubly_created_acl - name: verify idempotence when creating ACL assert: that: - not doubly_created_acl.changed - name: clean up consul_acl: host: "{{ acl_host }}" mgmt_token: "{{ mgmt_token }}" token: "{{ doubly_created_acl.token }}" state: absent