2018-05-29 14:07:40 -07:00
|
|
|
---
|
2020-09-01 10:14:13 -05:00
|
|
|
layout: commands
|
2020-04-06 16:27:35 -04:00
|
|
|
page_title: 'Commands: Intention'
|
2018-05-29 14:07:40 -07:00
|
|
|
---
|
|
|
|
|
|
|
|
# Consul Intention
|
|
|
|
|
|
|
|
Command: `consul intention`
|
|
|
|
|
|
|
|
The `intention` command is used to interact with Connect
|
2020-04-09 19:46:54 -04:00
|
|
|
[intentions](/docs/connect/intentions). It exposes commands for
|
2018-05-29 14:07:40 -07:00
|
|
|
creating, updating, reading, deleting, checking, and managing intentions.
|
|
|
|
This command is available in Consul 1.2 and later.
|
|
|
|
|
2020-10-14 10:23:05 -05:00
|
|
|
Intentions are managed primarily via
|
2021-01-13 12:48:48 -08:00
|
|
|
[`service-intentions`](/docs/connect/config-entries/service-intentions) config
|
2020-10-14 10:23:05 -05:00
|
|
|
entries after Consul 1.9. Intentions may also be managed via the [HTTP
|
2022-03-30 16:16:26 -05:00
|
|
|
API](/api-docs/connect/intentions).
|
2018-05-29 14:07:40 -07:00
|
|
|
|
2021-10-21 10:29:23 -07:00
|
|
|
~> **Deprecated** - This command is deprecated in Consul 1.9.0 in favor of
|
|
|
|
using the [config entry CLI command](/commands/config/write). To create an
|
|
|
|
intention, create or modify a
|
|
|
|
[`service-intentions`](/docs/connect/config-entries/service-intentions) config
|
|
|
|
entry for the destination.
|
|
|
|
|
2018-05-29 14:07:40 -07:00
|
|
|
## Usage
|
|
|
|
|
|
|
|
Usage: `consul intention <subcommand>`
|
|
|
|
|
2021-01-12 21:14:31 +01:00
|
|
|
For the exact documentation for your Consul version, run `consul intention -h`
|
|
|
|
to view the complete list of subcommands.
|
2018-05-29 14:07:40 -07:00
|
|
|
|
|
|
|
```text
|
|
|
|
Usage: consul intention <subcommand> [options] [args]
|
|
|
|
|
|
|
|
...
|
|
|
|
|
|
|
|
Subcommands:
|
|
|
|
check Check whether a connection between two services is allowed.
|
|
|
|
create Create intentions for service connections.
|
|
|
|
delete Delete an intention.
|
2021-01-12 21:14:31 +01:00
|
|
|
list Lists all intentions.
|
2018-05-29 14:07:40 -07:00
|
|
|
get Show information about an intention.
|
|
|
|
match Show intentions that match a source or destination.
|
|
|
|
```
|
|
|
|
|
|
|
|
For more information, examples, and usage about a subcommand, click on the name
|
|
|
|
of the subcommand in the sidebar.
|
|
|
|
|
|
|
|
## Basic Examples
|
|
|
|
|
|
|
|
Create an intention to allow "web" to talk to "db":
|
|
|
|
|
2020-05-19 14:32:38 -04:00
|
|
|
```shell-session
|
2020-04-07 19:56:08 -04:00
|
|
|
$ consul intention create web db
|
|
|
|
```
|
2018-05-29 14:07:40 -07:00
|
|
|
|
2020-05-13 16:29:40 -05:00
|
|
|
Create an intention to deny "db" from initiating connections to _any_ service:
|
|
|
|
|
2020-05-19 14:32:38 -04:00
|
|
|
```shell-session
|
2020-05-13 16:29:40 -05:00
|
|
|
$ consul intention create -deny db '*'
|
|
|
|
Created: db => * (deny)
|
|
|
|
```
|
|
|
|
|
2018-05-29 14:07:40 -07:00
|
|
|
Test whether a "web" is allowed to connect to "db":
|
|
|
|
|
2020-05-19 14:32:38 -04:00
|
|
|
```shell-session
|
2020-04-07 19:56:08 -04:00
|
|
|
$ consul intention check web db
|
|
|
|
```
|
2018-05-29 14:07:40 -07:00
|
|
|
|
2021-01-12 21:14:31 +01:00
|
|
|
List all intentions:
|
|
|
|
|
|
|
|
```shell-session
|
|
|
|
$ consul intention list
|
|
|
|
```
|
|
|
|
|
2018-05-29 14:07:40 -07:00
|
|
|
Find all intentions for communicating to the "db" service:
|
|
|
|
|
2020-05-19 14:32:38 -04:00
|
|
|
```shell-session
|
2020-04-07 19:56:08 -04:00
|
|
|
$ consul intention match db
|
|
|
|
```
|
2020-06-26 16:59:15 -05:00
|
|
|
|
|
|
|
## Source and Destination Naming
|
|
|
|
|
|
|
|
Intention commands commonly take positional arguments referred to as `SRC` and
|
|
|
|
`DST` in the command documentation. These can take several forms:
|
|
|
|
|
2021-12-14 17:55:21 -08:00
|
|
|
| Format | Meaning |
|
|
|
|
| ----------------------------------- | --------------------------------------------------------------------------------------------- |
|
|
|
|
| `<service>` | the named service in the current namespace |
|
|
|
|
| `*` | any service in the current namespace |
|
|
|
|
| `<namespace>/<service>` | <EnterpriseAlert inline /> the named service in a specific namespace in the default partition |
|
|
|
|
| `<namespace>/*` | <EnterpriseAlert inline /> any service in the specified namespace in the default partition |
|
|
|
|
| `*/*` | <EnterpriseAlert inline /> any service in any namespace in the default partition |
|
|
|
|
| `<partition>/<namespace>/<service>` | <EnterpriseAlert inline /> the named service in a specific namespace |
|
|
|
|
| `<partition>/<namespace>/*` | <EnterpriseAlert inline /> any service in the specified namespace in a specific partition |
|
|
|
|
| `<partition>/*/*` | <EnterpriseAlert inline /> any service in any namespace in the a specific partition |
|