mirror of https://github.com/hashicorp/consul
82 lines
2.8 KiB
Markdown
82 lines
2.8 KiB
Markdown
---
|
|
layout: commands
|
|
page_title: 'Commands: ACL Binding Rule Update'
|
|
description: |
|
|
The `consul acl binding-rule update` command updates existing ACL binding rules. These rules bind auth methods to specific services or roles.
|
|
---
|
|
|
|
# Consul ACL Binding Rule Update
|
|
|
|
Command: `consul acl binding-rule update`
|
|
|
|
Corresponding HTTP API Endpoint: [\[PUT\] /v1/acl/binding-rule/:id](/consul/api-docs/acl/binding-rules#update-a-binding-rule)
|
|
|
|
The `acl binding-rule update` command is used to update a binding rule. The
|
|
default operations is to merge the current binding rule with those values
|
|
provided to the command invocation. Therefore to update just one field, only
|
|
the `-id` option and the option to modify must be provided.
|
|
|
|
The table below shows this command's [required ACLs](/consul/api-docs/api-structure#authentication). Configuration of
|
|
[blocking queries](/consul/api-docs/features/blocking) and [agent caching](/consul/api-docs/features/caching)
|
|
are not supported from commands, but may be from the corresponding HTTP endpoint.
|
|
|
|
| ACL Required |
|
|
| ------------ |
|
|
| `acl:write` |
|
|
|
|
## Usage
|
|
|
|
Usage: `consul acl binding-rule update [options] [args]`
|
|
|
|
#### Command Options
|
|
|
|
- `-bind-name=<string>` - Name to bind on match. Can use `${var}`
|
|
interpolation. This flag is required.
|
|
|
|
- `-bind-type=<string>` - Type of binding to perform (`"service"`, `"node"`, `"templated-policy"`, `"policy"` or `"role"`).
|
|
|
|
- `-description=<string>` - A description of the binding rule.
|
|
|
|
- `-id=<string>` - The ID of the binding rule to update. It may be specified as a
|
|
unique ID prefix but will error if the prefix matches multiple binding rule IDs
|
|
|
|
- `-meta` - Indicates that binding rule metadata such as the raft
|
|
indices should be shown for each entry.
|
|
|
|
- `-no-merge` - Do not merge the current binding rule information with what is
|
|
provided to the command. Instead overwrite all fields with the exception of the
|
|
binding rule ID which is immutable.
|
|
|
|
- `-selector=<string>` - Selector is an expression that matches against
|
|
verified identity attributes returned from the auth method during login.
|
|
|
|
- `-format={pretty|json}` - Command output format. The default value is `pretty`.
|
|
|
|
#### Enterprise Options
|
|
|
|
@include 'http_api_partition_options.mdx'
|
|
|
|
@include 'http_api_namespace_options.mdx'
|
|
|
|
#### API Options
|
|
|
|
@include 'http_api_options_client.mdx'
|
|
|
|
@include 'http_api_options_server.mdx'
|
|
|
|
## Examples
|
|
|
|
Update a binding rule:
|
|
|
|
```shell-session
|
|
$ consul acl binding-rule update -id '0ec1bd2f-1d3b-bafb-d9bf-90ef04ab1890' \
|
|
-selector 'serviceaccount.namespace==default'
|
|
Binding rule updated successfully
|
|
ID: 0ec1bd2f-1d3b-bafb-d9bf-90ef04ab1890
|
|
AuthMethod: minikube
|
|
Description: wildcard service
|
|
BindType: service
|
|
BindName: k8s-${serviceaccount.name}
|
|
Selector: serviceaccount.namespace==default
|
|
```
|