consul/website/content/commands/acl/binding-rule/index.mdx

91 lines
2.6 KiB
Plaintext

---
layout: commands
page_title: 'Commands: ACL Binding Rule'
description: |
The `consul acl binding-rule` command interacts with Consul's ACL binding rules. It exposes commands for creating, updating, reading, deleting, and listing rules that bind auth methods to a specific service or role.
---
# Consul ACL Binding Rules
Command: `consul acl binding-rule`
The `acl binding-rule` command is used to manage Consul's ACL binding rules.
It exposes commands for creating, updating, reading, deleting, and listing binding rules.
This command is available in Consul 1.5.0 and newer.
ACL binding rules may also be managed via the [HTTP API](/consul/api-docs/acl/binding-rules).
-> **Note:** All of the example subcommands in this document will require a valid
Consul token with the appropriate permissions. Either set the
`CONSUL_HTTP_TOKEN` environment variable to the token's secret ID or pass the
secret ID as the value of the `-token` parameter.
## Usage
Usage: `consul acl binding-rule <subcommand>`
For the exact documentation for your Consul version, run `consul acl binding-rule -h` to view the complete list of subcommands.
```text
Usage: consul acl binding-rule <subcommand> [options] [args]
...
Subcommands:
create Create an ACL binding rule
delete Delete an ACL binding rule
list Lists ACL binding rules
read Read an ACL binding rule
update Update an ACL binding rule
```
For more information, examples, and usage about a subcommand, click on the name
of the subcommand in the sidebar.
## Identifying Binding Rules
Several of the subcommands need to operate on a specific binding rule. Those
subcommands support specifying the binding rule by its ID using the `-id`
parameter.
When specifying the binding rule by its ID a unique binding rule ID prefix may
be specified instead of the entire UUID. As long as it is unique it will be
resolved to the full UUID and used.
## Basic Examples
Create a new binding rule:
```shell-session
$ consul acl binding-rule create \
-method=minikube \
-bind-type=service \
-bind-name='k8s-${serviceaccount.name}' \
-selector='serviceaccount.namespace==default and serviceaccount.name==web'
```
List all binding rules:
```shell-session
$ consul acl binding-rule list
```
Update a binding rule:
```shell-session
$ consul acl binding-rule update -id=43cb72df-9c6f-4315-ac8a-01a9d98155ef \
-bind-name='k8s-${serviceaccount.name}'
```
Read a binding rule:
```shell-session
$ consul acl binding-rule read -id fdabbcb5-9de5-4b1a-961f-77214ae88cba
```
Delete a binding rule:
```shell-session
$ consul acl binding-rule delete -id b6b856da-5193-4e78-845a-7d61ca8371ba
```