mirror of https://github.com/hashicorp/consul
129 lines
3.7 KiB
Markdown
129 lines
3.7 KiB
Markdown
---
|
|
layout: commands
|
|
page_title: 'Commands: ACL Token Read'
|
|
---
|
|
|
|
# Consul ACL Token Read
|
|
|
|
Command: `consul acl token read`
|
|
|
|
Corresponding HTTP API Endpoint: [\[GET\] /v1/acl/token/:AccessorID](/consul/api-docs/acl/tokens#read-a-token)
|
|
|
|
The `acl token read` command reads and displays a token details.
|
|
|
|
The table below shows this command's [required ACLs](/consul/api-docs/api-structure#authentication). Configuration of
|
|
[blocking queries](/consul/api-docs/features/blocking) and [agent caching](/consul/api-docs/features/caching)
|
|
are not supported from commands, but may be from the corresponding HTTP endpoint.
|
|
|
|
| ACL Required |
|
|
| ------------ |
|
|
| `acl:read` |
|
|
|
|
## Usage
|
|
|
|
Usage: `consul acl token read [options] [args]`
|
|
|
|
#### Command Options
|
|
|
|
- `-id=<string>` - The ID of the policy to read. It may be specified as a unique ID
|
|
prefix but will error if the prefix matches multiple policy IDs.
|
|
|
|
- `-meta` - Indicates that policy metadata such as the content hash and raft
|
|
indices should be shown for each entry.
|
|
|
|
- `-self` - Indicates that the current HTTP token should be read by secret ID
|
|
instead of expecting a -id option.
|
|
|
|
- `-expanded` - Indicates that the contents of the policies and roles affecting
|
|
the token should also be shown.
|
|
|
|
- `-format={pretty|json}` - Command output format. The default value is `pretty`.
|
|
|
|
#### Enterprise Options
|
|
|
|
@include 'http_api_partition_options.mdx'
|
|
|
|
@include 'http_api_namespace_options.mdx'
|
|
|
|
#### API Options
|
|
|
|
@include 'http_api_options_client.mdx'
|
|
|
|
@include 'http_api_options_server.mdx'
|
|
|
|
## Examples
|
|
|
|
Get token details:
|
|
|
|
```shell-session
|
|
$ consul acl token read -id 986
|
|
AccessorID: 986193b5-e2b5-eb26-6264-b524ea60cc6d
|
|
SecretID: ec15675e-2999-d789-832e-8c4794daa8d7
|
|
Description: Read Nodes and Services
|
|
Local: false
|
|
Create Time: 2018-10-22 15:33:39.01789 -0400 EDT
|
|
Policies:
|
|
06acc965-df4b-5a99-58cb-3250930c6324 - node-services-read
|
|
```
|
|
|
|
Get token details using the token secret ID:
|
|
|
|
```shell
|
|
$consul acl token read -self
|
|
AccessorID: 4d123dff-f460-73c3-02c4-8dd64d136e01
|
|
SecretID: 86cddfb9-2760-d947-358d-a2811156bf31
|
|
Description: Bootstrap Token (Global Management)
|
|
Local: false
|
|
Create Time: 2018-10-22 11:27:04.479026 -0400 EDT
|
|
Policies:
|
|
00000000-0000-0000-0000-000000000001 - global-management
|
|
```
|
|
|
|
Get token details (Builtin Tokens)
|
|
|
|
```shell-session
|
|
$ consul acl token read -id anonymous
|
|
AccessorID: 00000000-0000-0000-0000-000000000002
|
|
SecretID: anonymous
|
|
Description: Anonymous Token
|
|
Local: false
|
|
Create Time: 0001-01-01 00:00:00 +0000 UTC
|
|
Policies:
|
|
```
|
|
|
|
Get token details (Expanded)
|
|
|
|
```shell-session
|
|
$ consul acl token read -expanded -id 986
|
|
AccessorID: 986193b5-e2b5-eb26-6264-b524ea60cc6d
|
|
SecretID: ec15675e-2999-d789-832e-8c4794daa8d7
|
|
Description: Read Nodes and Services
|
|
Local: false
|
|
Create Time: 2018-10-22 15:33:39.01789 -0400 EDT
|
|
Policies:
|
|
Policy Name: foo
|
|
ID: beb04680-815b-4d7c-9e33-3d707c24672c
|
|
Description: user policy on token
|
|
Rules:
|
|
service_prefix "" {
|
|
policy = "read"
|
|
}
|
|
|
|
Policy Name: bar
|
|
ID: 18788457-584c-4812-80d3-23d403148a90
|
|
Description: other user policy on token
|
|
Rules:
|
|
operator = "read"
|
|
|
|
=== End of Authorizer Layer 0: Token ===
|
|
=== Start of Authorizer Layer 2: Agent Configuration Defaults (Inherited) ===
|
|
Description: Defined at request-time by the agent that resolves the ACL token; other agents may have different configuration defaults
|
|
Resolved By Agent: "leader"
|
|
|
|
Default Policy: allow
|
|
Description: Backstop rule used if no preceding layer has a matching rule (refer to default_policy option in agent configuration)
|
|
|
|
Down Policy: deny
|
|
Description: Defines what to do if this Token's information cannot be read from the primary_datacenter (refer to down_policy option in agent configuration)
|
|
```
|