Consul
Consul ACL Policies
Command: consul acl policy
The acl policy
command is used to manage Consul's ACL policies.
It exposes commands for creating, updating, reading, deleting, and listing policies.
This command is available in Consul 1.4.0 and newer.
ACL policies may also be managed via the HTTP API.
Note: All of the example subcommands in this document will require a valid
Consul token with the appropriate permissions. Either set the
CONSUL_HTTP_TOKEN
environment variable to the token's secret ID or pass the
secret ID as the value of the -token
parameter.
Usage
Usage: consul acl policy <subcommand>
For the exact documentation for your Consul version, run consul acl policy -h
to view the complete list of subcommands.
Usage: consul acl policy <subcommand> [options] [args]
...
Subcommands:
create Create an ACL policy
delete Delete an ACL policy
list Lists ACL policies
read Read an ACL policy
update Update an ACL policy
For more information, examples, and usage about a subcommand, click on the name of the subcommand in the sidebar.
Identifying Policies
Several of the subcommands need to operate on a specific policy. Those
subcommands support specifying the policy by its ID using the -id
parameter
or by name using the -name
parameter.
When specifying the policy by its ID a unique policy ID prefix may be specified
instead of the entire UUID. As long as it is unique it will be resolved to the
full UUID and used. Additionally builtin policy names will be accepted as the
value to the -id
parameter. Even if the builtin policies are renamed their
original name can be used to operate on them.
Builtin policies:
Policy UUID | Policy Name |
---|---|
00000000-0000-0000-0000-000000000001 | global-management |
Basic Examples
Create a new ACL policy:
$ consul acl policy create -name "new-policy" \
-description "This is an example policy" \
-datacenter "dc1" \
-datacenter "dc2" \
-rules @rules.hcl
List all policies:
$ consul acl policy list
Update a policy:
$ consul acl policy update -name "other-policy" -datacenter "dc1"
Read a policy:
$ consul acl policy read -id 0479e93e-091c-4475-9b06-79a004765c24
Delete a policy
$ consul acl policy delete -name "my-policy"