mirror of
https://github.com/status-im/consul.git
synced 2025-01-13 15:26:48 +00:00
a9df6ac50b
- moved and renamed files/folders based on new structure - updated docs navigation based on new structure - moved CLI to top nav (created commands.jsx and commands-navigation.js) - updated and added redirects - updating to be consistent with standalone categories - changing "overview" link in top nav to lead to where intro was moved (docs/intro) - adding redirects for intro content - deleting old intro folders - format all data/navigation files - deleting old commands folder - reverting changes to glossary page - adjust intro navigation for removal of 'vs' paths - add helm page redirect - fix more redirects - add a missing redirect - fix broken anchor links and formatting mistakes - deleted duplicate section, added redirect, changed link - removed duplicate glossary page
80 lines
2.2 KiB
Plaintext
80 lines
2.2 KiB
Plaintext
---
|
|
layout: commands
|
|
page_title: 'Commands: ACL Binding Rule Create'
|
|
sidebar_title: create
|
|
---
|
|
|
|
# Consul ACL Binding Rule Create
|
|
|
|
Command: `consul acl binding-rule create`
|
|
|
|
The `acl binding-rule create` command creates new binding rules.
|
|
|
|
## Usage
|
|
|
|
Usage: `consul acl binding-rule create [options] [args]`
|
|
|
|
#### API Options
|
|
|
|
@include 'http_api_options_client.mdx'
|
|
|
|
@include 'http_api_options_server.mdx'
|
|
|
|
#### Command Options
|
|
|
|
- `-bind-name=<string>` - Name to bind on match. Can use `${var}`
|
|
interpolation. This flag is required.
|
|
|
|
- `-bind-type=<string>` - Type of binding to perform (`"service"` or `"role"`).
|
|
|
|
- `-description=<string>` - A description of the binding rule.
|
|
|
|
- `-meta` - Indicates that binding rule metadata such as the raft
|
|
indices should be shown for each entry.
|
|
|
|
- `-method=<string>` - The auth method's name for which this binding rule
|
|
applies. This flag is required.
|
|
|
|
- `-selector=<string>` - Selector is an expression that matches against
|
|
verified identity attributes returned from the auth method during login.
|
|
|
|
- `-format={pretty|json}` - Command output format. The default value is `pretty`.
|
|
|
|
#### Enterprise Options
|
|
|
|
@include 'http_api_namespace_options.mdx'
|
|
|
|
## Examples
|
|
|
|
Create a new binding rule that binds to a service identity:
|
|
|
|
```shell-session
|
|
$ consul acl binding-rule create -method 'minikube' \
|
|
-description 'wildcard service' \
|
|
-bind-type 'service' \
|
|
-bind-name 'k8s-${serviceaccount.name}' \
|
|
-selector 'serviceaccount.namespace==default and serviceaccount.name!=vault'
|
|
ID: 0ec1bd2f-1d3b-bafb-d9bf-90ef04ab1890
|
|
AuthMethod: minikube
|
|
Description: wildcard service
|
|
BindType: service
|
|
BindName: k8s-${serviceaccount.name}
|
|
Selector: serviceaccount.namespace==default and serviceaccount.name!=vault
|
|
```
|
|
|
|
Create a new binding rule that binds to a role:
|
|
|
|
```shell-session
|
|
$ consul acl binding-rule create -method 'minikube' \
|
|
-description 'just vault role' \
|
|
-bind-type 'role' \
|
|
-bind-name 'vault' \
|
|
-selector 'serviceaccount.namespace==default and serviceaccount.name==vault'
|
|
ID: e21ae868-7b13-a230-0235-f8e83510642c
|
|
AuthMethod: minikube
|
|
Description: just vault role
|
|
BindType: role
|
|
BindName: vault
|
|
Selector: serviceaccount.namespace==default and serviceaccount.name==vault
|
|
```
|