mirror of
https://github.com/status-im/consul.git
synced 2025-01-09 21:35:52 +00:00
9ade056d98
This PR is based on the previous work by @snuggie12 in PR #6825. It adds the command consul intention list to list all available intentions. The list functionality for intentions seems a bit overdue as it's just very handy. The web UI cannot list intentions outside of the default namespace, and using the API is sometimes not the friendliest option. ;) I cherry picked snuggie12's commits who did most of the heavy lifting (thanks again @snuggie12 for your great work!). The changes in the original commit mostly still worked on the current HEAD. On top of that I added support for namespaces and fixed the docs as they are managed differently today. Also the requested changes related to the "Connect" references in the original PRs have been addressed. Fixes #5652 Co-authored-by: Matt Hoey <mhoey05@jcu.edu>
90 lines
2.7 KiB
Plaintext
90 lines
2.7 KiB
Plaintext
---
|
|
layout: commands
|
|
page_title: 'Commands: Intention'
|
|
sidebar_title: intention
|
|
---
|
|
|
|
# Consul Intention
|
|
|
|
Command: `consul intention`
|
|
|
|
The `intention` command is used to interact with Connect
|
|
[intentions](/docs/connect/intentions). It exposes commands for
|
|
creating, updating, reading, deleting, checking, and managing intentions.
|
|
This command is available in Consul 1.2 and later.
|
|
|
|
Intentions are managed primarily via
|
|
[`service-intentions`](/docs/agent/config-entries/service-intentions) config
|
|
entries after Consul 1.9. Intentions may also be managed via the [HTTP
|
|
API](/api/connect/intentions).
|
|
|
|
## Usage
|
|
|
|
Usage: `consul intention <subcommand>`
|
|
|
|
For the exact documentation for your Consul version, run `consul intention -h`
|
|
to view the complete list of subcommands.
|
|
|
|
```text
|
|
Usage: consul intention <subcommand> [options] [args]
|
|
|
|
...
|
|
|
|
Subcommands:
|
|
check Check whether a connection between two services is allowed.
|
|
create Create intentions for service connections.
|
|
delete Delete an intention.
|
|
list Lists all intentions.
|
|
get Show information about an intention.
|
|
match Show intentions that match a source or destination.
|
|
```
|
|
|
|
For more information, examples, and usage about a subcommand, click on the name
|
|
of the subcommand in the sidebar.
|
|
|
|
## Basic Examples
|
|
|
|
Create an intention to allow "web" to talk to "db":
|
|
|
|
```shell-session
|
|
$ consul intention create web db
|
|
```
|
|
|
|
Create an intention to deny "db" from initiating connections to _any_ service:
|
|
|
|
```shell-session
|
|
$ consul intention create -deny db '*'
|
|
Created: db => * (deny)
|
|
```
|
|
|
|
Test whether a "web" is allowed to connect to "db":
|
|
|
|
```shell-session
|
|
$ consul intention check web db
|
|
```
|
|
|
|
List all intentions:
|
|
|
|
```shell-session
|
|
$ consul intention list
|
|
```
|
|
|
|
Find all intentions for communicating to the "db" service:
|
|
|
|
```shell-session
|
|
$ consul intention match db
|
|
```
|
|
|
|
## Source and Destination Naming
|
|
|
|
Intention commands commonly take positional arguments referred to as `SRC` and
|
|
`DST` in the command documentation. These can take several forms:
|
|
|
|
| Format | Meaning |
|
|
| ----------------------- | -------------------------------------------------------------------- |
|
|
| `<service>` | the named service in the current namespace |
|
|
| `*` | any service in the current namespace |
|
|
| `<namespace>/<service>` | <EnterpriseAlert inline /> the named service in a specific namespace |
|
|
| `<namespace>/*` | <EnterpriseAlert inline /> any service in the specified namespace |
|
|
| `*/*` | <EnterpriseAlert inline /> any service in any namespace |
|