consul/website/content/commands/acl/binding-rule/update.mdx

82 lines
2.8 KiB
Markdown

---
layout: commands
page_title: 'Commands: ACL Binding Rule Update'
description: |
The `consul acl binding-rule update` command updates existing ACL binding rules. These rules bind auth methods to specific services or roles.
---
# Consul ACL Binding Rule Update
Command: `consul acl binding-rule update`
Corresponding HTTP API Endpoint: [\[PUT\] /v1/acl/binding-rule/:id](/consul/api-docs/acl/binding-rules#update-a-binding-rule)
The `acl binding-rule update` command is used to update a binding rule. The
default operations is to merge the current binding rule with those values
provided to the command invocation. Therefore to update just one field, only
the `-id` option and the option to modify must be provided.
The table below shows this command's [required ACLs](/consul/api-docs/api-structure#authentication). Configuration of
[blocking queries](/consul/api-docs/features/blocking) and [agent caching](/consul/api-docs/features/caching)
are not supported from commands, but may be from the corresponding HTTP endpoint.
| ACL Required |
| ------------ |
| `acl:write` |
## Usage
Usage: `consul acl binding-rule update [options] [args]`
#### Command Options
- `-bind-name=<string>` - Name to bind on match. Can use `${var}`
interpolation. This flag is required.
- `-bind-type=<string>` - Type of binding to perform (`"service"`, `"node"`, `"templated-policy"`, `"policy"` or `"role"`).
- `-description=<string>` - A description of the binding rule.
- `-id=<string>` - The ID of the binding rule to update. It may be specified as a
unique ID prefix but will error if the prefix matches multiple binding rule IDs
- `-meta` - Indicates that binding rule metadata such as the raft
indices should be shown for each entry.
- `-no-merge` - Do not merge the current binding rule information with what is
provided to the command. Instead overwrite all fields with the exception of the
binding rule ID which is immutable.
- `-selector=<string>` - Selector is an expression that matches against
verified identity attributes returned from the auth method during login.
- `-format={pretty|json}` - Command output format. The default value is `pretty`.
#### Enterprise Options
@include 'http_api_partition_options.mdx'
@include 'http_api_namespace_options.mdx'
#### API Options
@include 'http_api_options_client.mdx'
@include 'http_api_options_server.mdx'
## Examples
Update a binding rule:
```shell-session
$ consul acl binding-rule update -id '0ec1bd2f-1d3b-bafb-d9bf-90ef04ab1890' \
-selector 'serviceaccount.namespace==default'
Binding rule updated successfully
ID: 0ec1bd2f-1d3b-bafb-d9bf-90ef04ab1890
AuthMethod: minikube
Description: wildcard service
BindType: service
BindName: k8s-${serviceaccount.name}
Selector: serviceaccount.namespace==default
```