2019-05-01 16:11:23 -05:00
|
|
|
---
|
2020-09-01 10:14:13 -05:00
|
|
|
layout: commands
|
2020-04-07 14:55:19 -04:00
|
|
|
page_title: 'Commands: ACL Policy'
|
2019-05-01 16:11:23 -05:00
|
|
|
---
|
|
|
|
|
|
|
|
# Consul ACL Policies
|
|
|
|
|
|
|
|
Command: `consul acl policy`
|
|
|
|
|
2020-04-07 14:55:19 -04:00
|
|
|
The `acl policy` command is used to manage Consul's ACL policies.
|
2019-05-01 16:11:23 -05:00
|
|
|
It exposes commands for creating, updating, reading, deleting, and listing policies.
|
|
|
|
This command is available in Consul 1.4.0 and newer.
|
|
|
|
|
2022-03-30 16:16:26 -05:00
|
|
|
ACL policies may also be managed via the [HTTP API](/api-docs/acl/policies).
|
2019-05-01 16:11:23 -05:00
|
|
|
|
|
|
|
-> **Note:** All of the example subcommands in this document will require a valid
|
2020-04-07 14:55:19 -04:00
|
|
|
Consul token with the appropriate permissions. Either set the
|
2019-05-01 16:11:23 -05:00
|
|
|
`CONSUL_HTTP_TOKEN` environment variable to the token's secret ID or pass the
|
|
|
|
secret ID as the value of the `-token` parameter.
|
|
|
|
|
|
|
|
## Usage
|
|
|
|
|
|
|
|
Usage: `consul acl policy <subcommand>`
|
|
|
|
|
2020-04-07 14:55:19 -04:00
|
|
|
For the exact documentation for your Consul version, run `consul acl policy -h` to view the complete list of subcommands.
|
2019-05-01 16:11:23 -05:00
|
|
|
|
|
|
|
```text
|
|
|
|
Usage: consul acl policy <subcommand> [options] [args]
|
|
|
|
|
|
|
|
...
|
|
|
|
|
|
|
|
Subcommands:
|
|
|
|
create Create an ACL policy
|
|
|
|
delete Delete an ACL policy
|
|
|
|
list Lists ACL policies
|
|
|
|
read Read an ACL policy
|
|
|
|
update Update an ACL policy
|
|
|
|
```
|
|
|
|
|
|
|
|
For more information, examples, and usage about a subcommand, click on the name
|
|
|
|
of the subcommand in the sidebar.
|
|
|
|
|
|
|
|
## Identifying Policies
|
|
|
|
|
|
|
|
Several of the subcommands need to operate on a specific policy. Those
|
|
|
|
subcommands support specifying the policy by its ID using the `-id` parameter
|
|
|
|
or by name using the `-name` parameter.
|
|
|
|
|
|
|
|
When specifying the policy by its ID a unique policy ID prefix may be specified
|
|
|
|
instead of the entire UUID. As long as it is unique it will be resolved to the
|
|
|
|
full UUID and used. Additionally builtin policy names will be accepted as the
|
|
|
|
value to the `-id` parameter. Even if the builtin policies are renamed their
|
|
|
|
original name can be used to operate on them.
|
|
|
|
|
|
|
|
Builtin policies:
|
|
|
|
|
|
|
|
| Policy UUID | Policy Name |
|
|
|
|
| ------------------------------------ | ----------------- |
|
|
|
|
| 00000000-0000-0000-0000-000000000001 | global-management |
|
|
|
|
|
|
|
|
## Basic Examples
|
|
|
|
|
|
|
|
Create a new ACL policy:
|
|
|
|
|
2020-05-19 14:32:38 -04:00
|
|
|
```shell-session
|
2019-05-01 16:11:23 -05:00
|
|
|
$ consul acl policy create -name "new-policy" \
|
|
|
|
-description "This is an example policy" \
|
|
|
|
-datacenter "dc1" \
|
|
|
|
-datacenter "dc2" \
|
|
|
|
-rules @rules.hcl
|
|
|
|
```
|
|
|
|
|
|
|
|
List all policies:
|
|
|
|
|
2020-05-19 14:32:38 -04:00
|
|
|
```shell-session
|
2019-05-01 16:11:23 -05:00
|
|
|
$ consul acl policy list
|
|
|
|
```
|
|
|
|
|
|
|
|
Update a policy:
|
|
|
|
|
2020-05-19 14:32:38 -04:00
|
|
|
```shell-session
|
2019-05-01 16:11:23 -05:00
|
|
|
$ consul acl policy update -name "other-policy" -datacenter "dc1"
|
|
|
|
```
|
|
|
|
|
|
|
|
Read a policy:
|
|
|
|
|
2020-05-19 14:32:38 -04:00
|
|
|
```shell-session
|
2019-05-01 16:11:23 -05:00
|
|
|
$ consul acl policy read -id 0479e93e-091c-4475-9b06-79a004765c24
|
|
|
|
```
|
|
|
|
|
|
|
|
Delete a policy
|
|
|
|
|
2020-05-19 14:32:38 -04:00
|
|
|
```shell-session
|
2019-05-01 16:11:23 -05:00
|
|
|
$ consul acl policy delete -name "my-policy"
|
|
|
|
```
|