mirror of https://github.com/hashicorp/consul
98 lines
2.6 KiB
Plaintext
98 lines
2.6 KiB
Plaintext
|
---
|
||
|
layout: "docs"
|
||
|
page_title: "Commands: ACL Policy"
|
||
|
sidebar_current: "docs-commands-acl-policy"
|
||
|
---
|
||
|
|
||
|
# Consul ACL Policies
|
||
|
|
||
|
Command: `consul acl policy`
|
||
|
|
||
|
The `acl policy` command is used to manage Consul's ACL policies.
|
||
|
It exposes commands for creating, updating, reading, deleting, and listing policies.
|
||
|
This command is available in Consul 1.4.0 and newer.
|
||
|
|
||
|
ACL policies may also be managed via the [HTTP API](/api/acl/policies.html).
|
||
|
|
||
|
-> **Note:** All of the example subcommands in this document will require a valid
|
||
|
Consul token with the appropriate permissions. Either set the
|
||
|
`CONSUL_HTTP_TOKEN` environment variable to the token's secret ID or pass the
|
||
|
secret ID as the value of the `-token` parameter.
|
||
|
|
||
|
## Usage
|
||
|
|
||
|
Usage: `consul acl policy <subcommand>`
|
||
|
|
||
|
For the exact documentation for your Consul version, run `consul acl
|
||
|
policy -h` to view the complete list of subcommands.
|
||
|
|
||
|
```text
|
||
|
Usage: consul acl policy <subcommand> [options] [args]
|
||
|
|
||
|
...
|
||
|
|
||
|
Subcommands:
|
||
|
create Create an ACL policy
|
||
|
delete Delete an ACL policy
|
||
|
list Lists ACL policies
|
||
|
read Read an ACL policy
|
||
|
update Update an ACL policy
|
||
|
```
|
||
|
|
||
|
For more information, examples, and usage about a subcommand, click on the name
|
||
|
of the subcommand in the sidebar.
|
||
|
|
||
|
## Identifying Policies
|
||
|
|
||
|
Several of the subcommands need to operate on a specific policy. Those
|
||
|
subcommands support specifying the policy by its ID using the `-id` parameter
|
||
|
or by name using the `-name` parameter.
|
||
|
|
||
|
When specifying the policy by its ID a unique policy ID prefix may be specified
|
||
|
instead of the entire UUID. As long as it is unique it will be resolved to the
|
||
|
full UUID and used. Additionally builtin policy names will be accepted as the
|
||
|
value to the `-id` parameter. Even if the builtin policies are renamed their
|
||
|
original name can be used to operate on them.
|
||
|
|
||
|
Builtin policies:
|
||
|
|
||
|
| Policy UUID | Policy Name |
|
||
|
| ------------------------------------ | ----------------- |
|
||
|
| 00000000-0000-0000-0000-000000000001 | global-management |
|
||
|
|
||
|
## Basic Examples
|
||
|
|
||
|
Create a new ACL policy:
|
||
|
|
||
|
```sh
|
||
|
$ consul acl policy create -name "new-policy" \
|
||
|
-description "This is an example policy" \
|
||
|
-datacenter "dc1" \
|
||
|
-datacenter "dc2" \
|
||
|
-rules @rules.hcl
|
||
|
```
|
||
|
|
||
|
List all policies:
|
||
|
|
||
|
```sh
|
||
|
$ consul acl policy list
|
||
|
```
|
||
|
|
||
|
Update a policy:
|
||
|
|
||
|
```sh
|
||
|
$ consul acl policy update -name "other-policy" -datacenter "dc1"
|
||
|
```
|
||
|
|
||
|
Read a policy:
|
||
|
|
||
|
```sh
|
||
|
$ consul acl policy read -id 0479e93e-091c-4475-9b06-79a004765c24
|
||
|
```
|
||
|
|
||
|
Delete a policy
|
||
|
|
||
|
```sh
|
||
|
$ consul acl policy delete -name "my-policy"
|
||
|
```
|