consul/website/content/commands/acl/policy/create.mdx

92 lines
2.8 KiB
Markdown

---
layout: commands
page_title: 'Commands: ACL Policy Create'
description: |
The `consul acl policy create` command creates new ACL policies that authorize read and write access in the service mesh.
---
# Consul ACL Policy Create
Command: `consul acl policy create`
Corresponding HTTP API Endpoint: [\[PUT\] /v1/acl/policy](/consul/api-docs/acl/policies#create-a-policy)
The `acl policy create` command creates new policies.
The `-rules` parameter value allow loading the value from stdin, a file or the raw value.
To use stdin pass `-` as the value. To load the value from a file prefix the value with an `@`. Any other
values will be used directly.
The table below shows this command's [required ACLs](/consul/api-docs/api-structure#authentication). Configuration of
[blocking queries](/consul/api-docs/features/blocking) and [agent caching](/consul/api-docs/features/caching)
are not supported from commands, but may be from the corresponding HTTP endpoint.
| ACL Required |
| ------------ |
| `acl:write` |
## Usage
Usage: `consul acl policy create [options] [args]`
#### Command Options
- `-description=<string>` - A description of the policy.
- `-meta` - Indicates that policy metadata such as the content hash and raft
indices should be shown for each entry.
- `-name=<string>` - The new policy's name. This flag is required.
- `-rules=<string>` - The policy rules. May be prefixed with '@' to indicate that the
value is a file path to load the rules from. '-' may also be given
to indicate that the rules are available on stdin.
- `-valid-datacenter=<value>` - Datacenter that the policy should be valid within.
This flag may be specified multiple times.
- `-format={pretty|json}` - Command output format. The default value is `pretty`.
#### Enterprise Options
@include 'cli-http-api-partition-options.mdx'
@include 'http_api_namespace_options.mdx'
#### API Options
@include 'http_api_options_client.mdx'
@include 'http_api_options_server.mdx'
## Examples
Create a new policy that is valid in all datacenters:
```shell-session
$ consul acl policy create -name "acl-replication" -description "Policy capable of replicating ACL policies" -rules 'acl = "read"'
ID: 35b8ecb0-707c-ee18-2002-81b238b54b38
Name: acl-replication
Description: Policy capable of replicating ACL policies
Datacenters:
Rules:
acl = "read"
```
Create a new policy valid only in specific datacenters with rules read from a file:
```shell-session
$ consul acl policy create -name "replication" -description "Replication" -rules @rules.hcl -valid-datacenter dc1 -valid-datacenter dc2
ID: ca44555b-a2d8-94de-d763-88caffdaf11f
Name: replication
Description: Replication
Datacenters: dc1, dc2
Rules:
acl = "read"
service_prefix "" {
policy = "read"
intentions = "read"
}
```