mirror of
https://github.com/status-im/consul.git
synced 2025-01-19 02:03:00 +00:00
abfdc35fc7
* ACL * ACL * Catalog * consul config * consul connect * top-level updates * consul intention * consul kv * consul namespace * consul peering * consul peering delete * consul services * consul snapshot * consul tls * consul acl auth-method * acl binding-rule * acl policy * acl role * acl token * fix * standardization * Update website/content/commands/snapshot/save.mdx Co-authored-by: Bryce Kalow <bkalow@hashicorp.com> * consul debug consul keyring Co-authored-by: Bryce Kalow <bkalow@hashicorp.com> Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
68 lines
1.9 KiB
Plaintext
68 lines
1.9 KiB
Plaintext
---
|
|
layout: commands
|
|
page_title: 'Commands: Intention Match'
|
|
description: >-
|
|
The `consul intention match` command returns inbound and outbound service intentions for a specific service.
|
|
---
|
|
|
|
# Consul Intention Match
|
|
|
|
Command: `consul intention match`
|
|
|
|
Corresponding HTTP API Endpoint: [\[GET\] /v1/connect/intentions/match](/consul/api-docs/connect/intentions#list-matching-intentions)
|
|
|
|
The `intention match` command shows the list of intentions that match
|
|
a given source or destination. The list of intentions is listed in evaluation
|
|
order: the first intention that matches a request would be evaluated.
|
|
|
|
The [check](/consul/commands/intention/check) command can be used to
|
|
check whether an L4 connection would be authorized between any two services.
|
|
|
|
The table below shows this command's [required ACLs](/consul/api-docs/api-structure#authentication). Configuration of
|
|
[blocking queries](/consul/api-docs/features/blocking) and [agent caching](/consul/api-docs/features/caching)
|
|
are not supported from commands, but may be from the corresponding HTTP endpoint.
|
|
|
|
| ACL Required |
|
|
| ----------------------------- |
|
|
| `intentions:read`<sup>1</sup> |
|
|
|
|
<p>
|
|
<sup>1</sup> Intention ACL rules are specified as part of a{' '}
|
|
<code>service</code> rule. See{' '}
|
|
<a href="/docs/connect/intentions#intention-management-permissions">
|
|
Intention Management Permissions
|
|
</a>{' '}
|
|
for more details.
|
|
</p>
|
|
|
|
## Usage
|
|
|
|
Usage: `consul intention match [options] SRC_OR_DST`
|
|
|
|
`SRC` and `DST` can both take [several forms](/consul/commands/intention#source-and-destination-naming).
|
|
|
|
#### Command Options
|
|
|
|
- `-destination` - Match by destination.
|
|
|
|
- `-source` - Match by source.
|
|
|
|
#### Enterprise Options
|
|
|
|
@include 'http_api_partition_options.mdx'
|
|
|
|
@include 'http_api_namespace_options.mdx'
|
|
|
|
#### API Options
|
|
|
|
@include 'http_api_options_client.mdx'
|
|
|
|
## Examples
|
|
|
|
```shell-session
|
|
$ consul intention match -source web
|
|
web => db (deny)
|
|
web => api (2 permissions)
|
|
web => * (allow)
|
|
```
|