mirror of https://github.com/hashicorp/consul
38 lines
941 B
Plaintext
38 lines
941 B
Plaintext
|
---
|
||
|
layout: "docs"
|
||
|
page_title: "Commands: Intention Check"
|
||
|
sidebar_current: "docs-commands-intention-check"
|
||
|
---
|
||
|
|
||
|
# Consul Intention Check
|
||
|
|
||
|
Command: `consul intention check`
|
||
|
|
||
|
The `intention check` command checks whether a connection attempt between
|
||
|
two services would be authorized given the current set of intentions and
|
||
|
Consul configuration.
|
||
|
|
||
|
This command requires less ACL permissions than other intention-related
|
||
|
tasks because no information about the intention is revealed. Therefore,
|
||
|
callers only need to have `service:read` access for the destination. Richer
|
||
|
commands like [match](/docs/commands/intention/match.html) require full
|
||
|
intention read permissions and don't evaluate the result.
|
||
|
|
||
|
## Usage
|
||
|
|
||
|
Usage: `consul intention check [options] SRC DST`
|
||
|
|
||
|
#### API Options
|
||
|
|
||
|
<%= partial "docs/commands/http_api_options_client" %>
|
||
|
|
||
|
## Examples
|
||
|
|
||
|
```text
|
||
|
$ consul intention check web db
|
||
|
Denied
|
||
|
|
||
|
$ consul intention check web billing
|
||
|
Allowed
|
||
|
```
|