mirror of
https://github.com/status-im/consul.git
synced 2025-02-08 20:05:09 +00:00
cc1aa3f973
Roles are named and can express the same bundle of permissions that can currently be assigned to a Token (lists of Policies and Service Identities). The difference with a Role is that it not itself a bearer token, but just another entity that can be tied to a Token. This lets an operator potentially curate a set of smaller reusable Policies and compose them together into reusable Roles, rather than always exploding that same list of Policies on any Token that needs similar permissions. This also refactors the acl replication code to be semi-generic to avoid 3x copypasta.
57 lines
1.2 KiB
Go
57 lines
1.2 KiB
Go
package role
|
|
|
|
import (
|
|
"github.com/hashicorp/consul/command/flags"
|
|
"github.com/mitchellh/cli"
|
|
)
|
|
|
|
func New() *cmd {
|
|
return &cmd{}
|
|
}
|
|
|
|
type cmd struct{}
|
|
|
|
func (c *cmd) Run(args []string) int {
|
|
return cli.RunResultHelp
|
|
}
|
|
|
|
func (c *cmd) Synopsis() string {
|
|
return synopsis
|
|
}
|
|
|
|
func (c *cmd) Help() string {
|
|
return flags.Usage(help, nil)
|
|
}
|
|
|
|
const synopsis = "Manage Consul's ACL Roles"
|
|
const help = `
|
|
Usage: consul acl role <subcommand> [options] [args]
|
|
|
|
This command has subcommands for managing Consul's ACL Roles.
|
|
Here are some simple examples, and more detailed examples are available
|
|
in the subcommands or the documentation.
|
|
|
|
Create a new ACL Role:
|
|
|
|
$ consul acl role create -name "new-role" \
|
|
-description "This is an example role" \
|
|
-policy-id 06acc965
|
|
List all roles:
|
|
|
|
$ consul acl role list
|
|
|
|
Update a role:
|
|
|
|
$ consul acl role update -name "other-role" -datacenter "dc1"
|
|
|
|
Read a role:
|
|
|
|
$ consul acl role read -id 0479e93e-091c-4475-9b06-79a004765c24
|
|
|
|
Delete a role
|
|
|
|
$ consul acl role delete -name "my-role"
|
|
|
|
For more examples, ask for subcommand help or view the documentation.
|
|
`
|