mirror of https://github.com/hashicorp/consul
81 lines
2.2 KiB
Markdown
81 lines
2.2 KiB
Markdown
---
|
|
layout: commands
|
|
page_title: 'Commands: ACL Translate Rules'
|
|
---
|
|
|
|
-> **Deprecated:** This command exists only as a convenience to make legacy ACL migration easier.
|
|
It will be removed in a future major release when support for the legacy ACL system is removed.
|
|
|
|
# Consul ACL Translate Rules
|
|
|
|
Command: `consul acl translate-rules`
|
|
|
|
Corresponding HTTP API Endpoint: [\[GET\] /v1/acl/rules/translate/:accessor_id](/api-docs/acl#translate-a-legacy-token-s-rules)
|
|
|
|
This command translates the legacy ACL rule syntax into the new syntax.
|
|
|
|
The table below shows this command's [required ACLs](/api#authentication). Configuration of
|
|
[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching)
|
|
are not supported from commands, but may be from the corresponding HTTP endpoint.
|
|
|
|
| ACL Required |
|
|
| ------------ |
|
|
| `acl:read` |
|
|
|
|
### Usage
|
|
|
|
Usage: `consul acl translate-rules [options] TRANSLATE`
|
|
|
|
#### Command Options
|
|
|
|
- `TRANSLATE` - The rules to translate. If `-` is used, then
|
|
the rules will be read from stdin. If `@` is prefixed to
|
|
the value then the value is considered to be a file and
|
|
the rules will be read from that file.
|
|
|
|
- `-token-secret` - Specifies that what the `TRANSLATE` argument
|
|
holds is not a rule set but rather the token secret ID of a
|
|
legacy ACL token that holds the rule set.
|
|
|
|
- `-token-accessor` - Specifies that what the `TRANSLATE` argument
|
|
holds is not a rule set but rather the token accessor ID of a
|
|
legacy ACL token that holds the rule set.
|
|
|
|
#### API Options
|
|
|
|
@include 'http_api_options_client.mdx'
|
|
|
|
@include 'http_api_options_server.mdx'
|
|
|
|
### Examples
|
|
|
|
Translate rules within a file:
|
|
|
|
```shell-session
|
|
$ consul acl translate-rules @rules.hcl
|
|
```
|
|
|
|
Translate rules from stdin:
|
|
|
|
```shell-session
|
|
$ consul acl translate-rules -
|
|
```
|
|
|
|
Translate rules from a string argument:
|
|
|
|
```shell-session
|
|
$ consul acl translate-rules 'key "" { policy = "write"}'
|
|
```
|
|
|
|
Translate rules for a legacy ACL token using its SecretID passed from stdin:
|
|
|
|
```shell-session
|
|
$ consul acl translate-rules --token-secret -
|
|
```
|
|
|
|
Translate rules for a legacy ACL token using its AccessorID:
|
|
|
|
```shell-session
|
|
$ consul acl translate-rules 429cd746-03d5-4bbb-a83a-18b164171c89
|
|
```
|