mirror of https://github.com/status-im/consul.git
Added some missing ACL info, updated details around some permissions, added missing HTTP API refs
This commit is contained in:
parent
f7b1208fc3
commit
565bfce4ac
|
@ -7,7 +7,7 @@ page_title: 'Commands: ACL Policy Read'
|
||||||
|
|
||||||
Command: `consul acl policy read`
|
Command: `consul acl policy read`
|
||||||
|
|
||||||
Corresponding HTTP API Endpoint: [\[GET\] /v1/acl/policy/:id](/api-docs/acl/policies#read-a-policy)
|
Corresponding HTTP API Endpoints: [\[GET\] /v1/acl/policy/:id](/api-docs/acl/policies#read-a-policy), [\[GET\] /v1/acl/policy/name/:name](/api-docs/acl/policies#read-a-policy-by-name)
|
||||||
|
|
||||||
The `acl policy read` command reads and displays a policies details.
|
The `acl policy read` command reads and displays a policies details.
|
||||||
|
|
||||||
|
|
|
@ -17,9 +17,22 @@ The table below shows this command's [required ACLs](/api#authentication). Confi
|
||||||
[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching)
|
[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching)
|
||||||
are not supported from commands, but may be from the corresponding HTTP endpoint.
|
are not supported from commands, but may be from the corresponding HTTP endpoint.
|
||||||
|
|
||||||
| ACL Required |
|
| ACL Required<sup>1</sup> |
|
||||||
| ----------------------------------- |
|
| ------------------------------------------------------------- |
|
||||||
| `service:write` or `operator:write` |
|
| `service:write`<br />`operator:write`<br />`intentions:write` |
|
||||||
|
|
||||||
|
<sup>1</sup> The ACL required depends on the config entry kind being deleted:
|
||||||
|
|
||||||
|
| Config Entry Kind | Required ACL |
|
||||||
|
| ------------------- | ------------------ |
|
||||||
|
| ingress-gateway | `operator:write` |
|
||||||
|
| proxy-defaults | `operator:write` |
|
||||||
|
| service-defaults | `service:write` |
|
||||||
|
| service-intentions | `intentions:write` |
|
||||||
|
| service-resolver | `service:write` |
|
||||||
|
| service-router | `service:write` |
|
||||||
|
| service-splitter | `service:write` |
|
||||||
|
| terminating-gateway | `operator:write ` |
|
||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
|
|
||||||
|
|
|
@ -17,9 +17,22 @@ The table below shows this command's [required ACLs](/api#authentication). Confi
|
||||||
[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching)
|
[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching)
|
||||||
are not supported from commands, but may be from the corresponding HTTP endpoint.
|
are not supported from commands, but may be from the corresponding HTTP endpoint.
|
||||||
|
|
||||||
| ACL Required |
|
| ACL Required<sup>1</sup> |
|
||||||
| -------------- |
|
| ------------------------------------- |
|
||||||
| `service:read` |
|
| `service:read`<br />`intentions:read` |
|
||||||
|
|
||||||
|
<sup>1</sup> The ACL required depends on the config entry kind being read:
|
||||||
|
|
||||||
|
| Config Entry Kind | Required ACL |
|
||||||
|
| ------------------- | ----------------- |
|
||||||
|
| ingress-gateway | `service:read` |
|
||||||
|
| proxy-defaults | `<none>` |
|
||||||
|
| service-defaults | `service:read` |
|
||||||
|
| service-intentions | `intentions:read` |
|
||||||
|
| service-resolver | `service:read` |
|
||||||
|
| service-router | `service:read` |
|
||||||
|
| service-splitter | `service:read` |
|
||||||
|
| terminating-gateway | `service:read` |
|
||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
|
|
||||||
|
|
|
@ -18,9 +18,22 @@ The table below shows this command's [required ACLs](/api#authentication). Confi
|
||||||
[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching)
|
[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching)
|
||||||
are not supported from commands, but may be from the corresponding HTTP endpoint.
|
are not supported from commands, but may be from the corresponding HTTP endpoint.
|
||||||
|
|
||||||
| ACL Required |
|
| ACL Required<sup>1</sup> |
|
||||||
| -------------- |
|
| ------------------------------------- |
|
||||||
| `service:read` |
|
| `service:read`<br />`intentions:read` |
|
||||||
|
|
||||||
|
<sup>1</sup> The ACL required depends on the config entry kind being read:
|
||||||
|
|
||||||
|
| Config Entry Kind | Required ACL |
|
||||||
|
| ------------------- | ----------------- |
|
||||||
|
| ingress-gateway | `service:read` |
|
||||||
|
| proxy-defaults | `<none>` |
|
||||||
|
| service-defaults | `service:read` |
|
||||||
|
| service-intentions | `intentions:read` |
|
||||||
|
| service-resolver | `service:read` |
|
||||||
|
| service-router | `service:read` |
|
||||||
|
| service-splitter | `service:read` |
|
||||||
|
| terminating-gateway | `service:read` |
|
||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
|
|
||||||
|
|
|
@ -17,9 +17,25 @@ The table below shows this command's [required ACLs](/api#authentication). Confi
|
||||||
[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching)
|
[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching)
|
||||||
are not supported from commands, but may be from the corresponding HTTP endpoint.
|
are not supported from commands, but may be from the corresponding HTTP endpoint.
|
||||||
|
|
||||||
| ACL Required |
|
| ACL Required<sup>1</sup> |
|
||||||
| ----------------------------------- |
|
| ------------------------------------------------------------- |
|
||||||
| `service:write` or `operator:write` |
|
| `service:write`<br />`operator:write`<br />`intentions:write` |
|
||||||
|
|
||||||
|
<p>
|
||||||
|
<sup>1</sup> The actual ACL required depends on the config entry kind being
|
||||||
|
updated:
|
||||||
|
</p>
|
||||||
|
|
||||||
|
| Config Entry Kind | Required ACL |
|
||||||
|
| ------------------- | ------------------ |
|
||||||
|
| ingress-gateway | `operator:write` |
|
||||||
|
| proxy-defaults | `operator:write` |
|
||||||
|
| service-defaults | `service:write` |
|
||||||
|
| service-intentions | `intentions:write` |
|
||||||
|
| service-resolver | `service:write` |
|
||||||
|
| service-router | `service:write` |
|
||||||
|
| service-splitter | `service:write` |
|
||||||
|
| terminating-gateway | `operator:write` |
|
||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
|
|
||||||
|
|
|
@ -23,6 +23,23 @@ intention read permissions and don't evaluate the result.
|
||||||
defined as _deny_ intentions during evaluation, as this endpoint is only suited
|
defined as _deny_ intentions during evaluation, as this endpoint is only suited
|
||||||
for networking layer 4 (e.g. TCP) integration.
|
for networking layer 4 (e.g. TCP) integration.
|
||||||
|
|
||||||
|
The table below shows this command's [required ACLs](/api#authentication). Configuration of
|
||||||
|
[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching)
|
||||||
|
are not supported from commands, but may be from the corresponding HTTP endpoint.
|
||||||
|
|
||||||
|
| ACL Required |
|
||||||
|
| ----------------------------- |
|
||||||
|
| `intentions:read`<sup>1</sup> |
|
||||||
|
|
||||||
|
<p>
|
||||||
|
<sup>1</sup> Intention ACL rules are specified as part of a{' '}
|
||||||
|
<code>service</code> rule. See{' '}
|
||||||
|
<a href="/docs/connect/intentions#intention-management-permissions">
|
||||||
|
Intention Management Permissions
|
||||||
|
</a>{' '}
|
||||||
|
for more details.
|
||||||
|
</p>
|
||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
|
|
||||||
Usage: `consul intention check [options] SRC DST`
|
Usage: `consul intention check [options] SRC DST`
|
||||||
|
|
|
@ -21,9 +21,18 @@ The table below shows this command's [required ACLs](/api#authentication). Confi
|
||||||
[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching)
|
[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching)
|
||||||
are not supported from commands, but may be from the corresponding HTTP endpoint.
|
are not supported from commands, but may be from the corresponding HTTP endpoint.
|
||||||
|
|
||||||
| ACL Required |
|
| ACL Required |
|
||||||
| ------------------ |
|
| ------------------------------ |
|
||||||
| `intentions:write` |
|
| `intentions:write`<sup>1</sup> |
|
||||||
|
|
||||||
|
<p>
|
||||||
|
<sup>1</sup> Intention ACL rules are specified as part of a{' '}
|
||||||
|
<code>service</code> rule. See{' '}
|
||||||
|
<a href="/docs/connect/intentions#intention-management-permissions">
|
||||||
|
Intention Management Permissions
|
||||||
|
</a>{' '}
|
||||||
|
for more details.
|
||||||
|
</p>
|
||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
|
|
||||||
|
|
|
@ -7,7 +7,7 @@ page_title: 'Commands: Intention Delete'
|
||||||
|
|
||||||
Command: `consul intention delete`
|
Command: `consul intention delete`
|
||||||
|
|
||||||
Corresponding HTTP API Endpoint: [\[DELETE\] /v1/connect/intentions/exact](/api-docs/connect/intentions#delete-intention-by-name)
|
Corresponding HTTP API Endpoints: [\[DELETE\] /v1/connect/intentions/exact](/api-docs/connect/intentions#delete-intention-by-name), [\[DELETE\] /v1/connect/intentions/:uuid](/api-docs/connect/intentions#delete-intention-by-id)
|
||||||
|
|
||||||
The `intention delete` command deletes a matching intention.
|
The `intention delete` command deletes a matching intention.
|
||||||
|
|
||||||
|
@ -15,9 +15,18 @@ The table below shows this command's [required ACLs](/api#authentication). Confi
|
||||||
[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching)
|
[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching)
|
||||||
are not supported from commands, but may be from the corresponding HTTP endpoint.
|
are not supported from commands, but may be from the corresponding HTTP endpoint.
|
||||||
|
|
||||||
| ACL Required |
|
| ACL Required |
|
||||||
| ------------------ |
|
| ------------------------------ |
|
||||||
| `intentions:write` |
|
| `intentions:write`<sup>1</sup> |
|
||||||
|
|
||||||
|
<p>
|
||||||
|
<sup>1</sup> Intention ACL rules are specified as part of a{' '}
|
||||||
|
<code>service</code> rule. See{' '}
|
||||||
|
<a href="/docs/connect/intentions#intention-management-permissions">
|
||||||
|
Intention Management Permissions
|
||||||
|
</a>{' '}
|
||||||
|
for more details.
|
||||||
|
</p>
|
||||||
|
|
||||||
-> **Deprecated** - The one argument form of this command is deprecated in
|
-> **Deprecated** - The one argument form of this command is deprecated in
|
||||||
Consul 1.9.0. Intentions no longer need IDs when represented as
|
Consul 1.9.0. Intentions no longer need IDs when represented as
|
||||||
|
|
|
@ -7,7 +7,7 @@ page_title: 'Commands: Intention Get'
|
||||||
|
|
||||||
Command: `consul intention get`
|
Command: `consul intention get`
|
||||||
|
|
||||||
Corresponding HTTP API Endpoint: [\[GET\] /v1/connect/intentions/exact](/api-docs/connect/intentions##read-specific-intention-by-name)
|
Corresponding HTTP API Endpoints: [\[GET\] /v1/connect/intentions/exact](/api-docs/connect/intentions#read-specific-intention-by-name), [\[GET\] /v1/connect/intentions/:uuid](/api-docs/connect/intentions#read-specific-intention-by-id)
|
||||||
|
|
||||||
The `intention get` command shows a single intention.
|
The `intention get` command shows a single intention.
|
||||||
|
|
||||||
|
@ -20,9 +20,18 @@ The table below shows this command's [required ACLs](/api#authentication). Confi
|
||||||
[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching)
|
[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching)
|
||||||
are not supported from commands, but may be from the corresponding HTTP endpoint.
|
are not supported from commands, but may be from the corresponding HTTP endpoint.
|
||||||
|
|
||||||
| ACL Required |
|
| ACL Required |
|
||||||
| ----------------- |
|
| ----------------------------- |
|
||||||
| `intentions:read` |
|
| `intentions:read`<sup>1</sup> |
|
||||||
|
|
||||||
|
<p>
|
||||||
|
<sup>1</sup> Intention ACL rules are specified as part of a{' '}
|
||||||
|
<code>service</code> rule. See{' '}
|
||||||
|
<a href="/docs/connect/intentions#intention-management-permissions">
|
||||||
|
Intention Management Permissions
|
||||||
|
</a>{' '}
|
||||||
|
for more details.
|
||||||
|
</p>
|
||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
|
|
||||||
|
|
|
@ -11,6 +11,23 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/connect/intentions](/api-docs/conn
|
||||||
|
|
||||||
The `intention list` command shows all intentions including ID and precedence.
|
The `intention list` command shows all intentions including ID and precedence.
|
||||||
|
|
||||||
|
The table below shows this command's [required ACLs](/api#authentication). Configuration of
|
||||||
|
[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching)
|
||||||
|
are not supported from commands, but may be from the corresponding HTTP endpoint.
|
||||||
|
|
||||||
|
| ACL Required |
|
||||||
|
| ----------------------------- |
|
||||||
|
| `intentions:read`<sup>1</sup> |
|
||||||
|
|
||||||
|
<p>
|
||||||
|
<sup>1</sup> Intention ACL rules are specified as part of a{' '}
|
||||||
|
<code>service</code> rule. See{' '}
|
||||||
|
<a href="/docs/connect/intentions#intention-management-permissions">
|
||||||
|
Intention Management Permissions
|
||||||
|
</a>{' '}
|
||||||
|
for more details.
|
||||||
|
</p>
|
||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
|
|
||||||
Usage:
|
Usage:
|
||||||
|
|
|
@ -20,9 +20,18 @@ The table below shows this command's [required ACLs](/api#authentication). Confi
|
||||||
[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching)
|
[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching)
|
||||||
are not supported from commands, but may be from the corresponding HTTP endpoint.
|
are not supported from commands, but may be from the corresponding HTTP endpoint.
|
||||||
|
|
||||||
| ACL Required |
|
| ACL Required |
|
||||||
| ----------------- |
|
| ----------------------------- |
|
||||||
| `intentions:read` |
|
| `intentions:read`<sup>1</sup> |
|
||||||
|
|
||||||
|
<p>
|
||||||
|
<sup>1</sup> Intention ACL rules are specified as part of a{' '}
|
||||||
|
<code>service</code> rule. See{' '}
|
||||||
|
<a href="/docs/connect/intentions#intention-management-permissions">
|
||||||
|
Intention Management Permissions
|
||||||
|
</a>{' '}
|
||||||
|
for more details.
|
||||||
|
</p>
|
||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
|
|
||||||
|
|
|
@ -29,6 +29,19 @@ All variations of the `keyring` command return 0 if all nodes reply and there
|
||||||
are no errors. If any node fails to reply or reports failure, the exit code
|
are no errors. If any node fails to reply or reports failure, the exit code
|
||||||
will be 1.
|
will be 1.
|
||||||
|
|
||||||
|
The table below shows this command's [required ACLs](/api#authentication). Configuration of
|
||||||
|
[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching)
|
||||||
|
are not supported from commands, but may be from the corresponding HTTP endpoint.
|
||||||
|
|
||||||
|
| ACL Required<sup>1</sup> |
|
||||||
|
| ----------------------------------- |
|
||||||
|
| `keyring:read`<br />`keyring:write` |
|
||||||
|
|
||||||
|
<p>
|
||||||
|
<sup>1</sup> The actual ACL required depends on the flags being used in the
|
||||||
|
command.
|
||||||
|
</p>
|
||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
|
|
||||||
Usage: `consul keyring [options]`
|
Usage: `consul keyring [options]`
|
||||||
|
|
|
@ -12,6 +12,14 @@ prefix from Consul's KV store, and write a JSON representation to
|
||||||
stdout. This can be used with the command "consul kv import" to move entire
|
stdout. This can be used with the command "consul kv import" to move entire
|
||||||
trees between Consul clusters.
|
trees between Consul clusters.
|
||||||
|
|
||||||
|
The table below shows this command's [required ACLs](/api#authentication). Configuration of
|
||||||
|
[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching)
|
||||||
|
are not supported from commands, but may be from the corresponding HTTP endpoint.
|
||||||
|
|
||||||
|
| ACL Required |
|
||||||
|
| ------------ |
|
||||||
|
| `key:read` |
|
||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
|
|
||||||
Usage: `consul kv export [options] [PREFIX]`
|
Usage: `consul kv export [options] [PREFIX]`
|
||||||
|
|
|
@ -10,6 +10,14 @@ Command: `consul kv import`
|
||||||
The `kv import` command is used to import KV pairs from the JSON representation
|
The `kv import` command is used to import KV pairs from the JSON representation
|
||||||
generated by the `kv export` command.
|
generated by the `kv export` command.
|
||||||
|
|
||||||
|
The table below shows this command's [required ACLs](/api#authentication). Configuration of
|
||||||
|
[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching)
|
||||||
|
are not supported from commands, but may be from the corresponding HTTP endpoint.
|
||||||
|
|
||||||
|
| ACL Required |
|
||||||
|
| ------------ |
|
||||||
|
| `key:write` |
|
||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
|
|
||||||
Usage: `consul kv import [options] [DATA]`
|
Usage: `consul kv import [options] [DATA]`
|
||||||
|
|
|
@ -20,9 +20,12 @@ The table below shows this command's [required ACLs](/api#authentication). Confi
|
||||||
[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching)
|
[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching)
|
||||||
are not supported from commands, but may be from the corresponding HTTP endpoint.
|
are not supported from commands, but may be from the corresponding HTTP endpoint.
|
||||||
|
|
||||||
| ACL Required |
|
| ACL Required |
|
||||||
| ------------------------------------- |
|
| ------------------------------------------------- |
|
||||||
| `operator:read` or `namespace:* read` |
|
| `operator:read` or `namespace:*:read`<sup>1</sup> |
|
||||||
|
|
||||||
|
<sup>1</sup> Access can be granted to list the Namespace if the token used when making
|
||||||
|
the request has been granted any access in the namespace (read, list or write).
|
||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
|
|
||||||
|
|
|
@ -19,9 +19,12 @@ The table below shows this command's [required ACLs](/api#authentication). Confi
|
||||||
[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching)
|
[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching)
|
||||||
are not supported from commands, but may be from the corresponding HTTP endpoint.
|
are not supported from commands, but may be from the corresponding HTTP endpoint.
|
||||||
|
|
||||||
| ACL Required |
|
| ACL Required |
|
||||||
| ------------------------------------- |
|
| ------------------------------------------------- |
|
||||||
| `operator:read` or `namespace:* read` |
|
| `operator:read` or `namespace:*:read`<sup>1</sup> |
|
||||||
|
|
||||||
|
<sup>1</sup> Access can be granted to list the Namespace if the token used when making
|
||||||
|
the request has been granted any access in the namespace (read, list or write).
|
||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
|
|
||||||
|
|
|
@ -13,6 +13,14 @@ Corresponding HTTP API Endpoint: [\[PUT\] /v1/namespace/:name](/api-docs/namespa
|
||||||
|
|
||||||
This `namespace write` command creates or updates a namespace's configuration from its full definition. This was added in Consul Enterprise 1.7.0.
|
This `namespace write` command creates or updates a namespace's configuration from its full definition. This was added in Consul Enterprise 1.7.0.
|
||||||
|
|
||||||
|
The table below shows this command's [required ACLs](/api#authentication). Configuration of
|
||||||
|
[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching)
|
||||||
|
are not supported from commands, but may be from the corresponding HTTP endpoint.
|
||||||
|
|
||||||
|
| ACL Required |
|
||||||
|
| ---------------- |
|
||||||
|
| `operator:write` |
|
||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
|
|
||||||
Usage: `consul namespace write <namespace definition>`
|
Usage: `consul namespace write <namespace definition>`
|
||||||
|
|
|
@ -21,9 +21,13 @@ The table below shows this command's [required ACLs](/api#authentication). Confi
|
||||||
[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching)
|
[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching)
|
||||||
are not supported from commands, but may be from the corresponding HTTP endpoint.
|
are not supported from commands, but may be from the corresponding HTTP endpoint.
|
||||||
|
|
||||||
| ACL Required |
|
| ACL Required |
|
||||||
| ------------ |
|
| ----------------------- |
|
||||||
| `node:read` |
|
| `node:read`<sup>1</sup> |
|
||||||
|
|
||||||
|
<p>
|
||||||
|
<sup>1</sup> When referencing WAN coordinates, no ACL permission is needed.
|
||||||
|
</p>
|
||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue