CiscoCloud/consulacl

Name: consulacl

Owner: CiscoCloud

Description: Command line interface to Consul ACL endpoint

Created: 2015-06-02 15:40:11.0

Updated: 2018-05-06 19:27:35.0

Pushed: 2016-06-09 10:41:08.0

Homepage: null

Size: 19

Language: Go

GitHub Committers

UserMost Recent Commit# Commits

Other Committers

UserEmailMost Recent Commit# Commits

README

consulacl

Command line interface to the Consul ACL HTTP API. Documentation for the Consul ACL system is at the Consul ACL internals page.

Installation

You can download a released consulacl artifact from the consulacl release page on Github. If you wish to compile from source, you will need to have buildtools and Go installed:

t clone https://github.com/CiscoCloud/consulacl.git
 consulacl
ke
Basic Usage
e: consulacl [--version] [--help] <command> [<args>]

lable commands are:
clone      Create a new token from an existing one
create     Create an ACL
destroy    Destroy an ACL
info       Query an ACL token
list       List a value
update     Update an ACL
Common arguments

| Option | Default | Description | | —— | ——- | ———– | | --consul | 127.0.0.1:8500 | HTTP address of the Consul Agent | --ssl | false | Use HTTPS while talking to Consul | --ssl-verify | true | Verify certificates when connecting via SSL. Requires --ssl | --ssl-cert | unset | Path to an SSL client certificate to use to authenticate to the consul server | --ssl-ca-cert | unset | Path to a CA certificate file, containing one or more CA certificates to use to validate the certificate sent by the consul server to us. | --token* | unset | The Consul API token.

* A management token is required for all ACL operations

clone command
Usage 
ulacl clone [options] id

eate a new token from an existing one
Example 
nsulacl clone --sll --token=b78191f9-01fb-24d0-4278-be05ee82c6c4 19933651-439e-5123-5a2f-6bdf2afa0d70
b641-070d-eae0-1ff8-8e8c67399fa4
create command
Usage 
e: consulacl create [options]

eate an ACL. Requires a management token.

ons:

management          Create a management token
            (default: false)
name            Name of the ACL
            (default: not set)
rule='type:path:policy' Rule to create. Can be multiple rules on a command line
            (default: not set)
Arguments

| Option | Default | Description | | —— | ——- | ———– | | management | false | Create the token as a management ACL | name | not set | Name of the ACL | rule | not set | Rule to create

Multiple rules can be specified on the command line. The format for the rule is [key|service]:path:[read:write:deny]. The list of rules is converted to a JSON object:


ey": {
"<path_1>": {
  "policy": "<policy_1>"
}, ...
,
ervice": {
"<path_2>": {
  "policy": "<policy_2>"
}, ...

An empty path attribute generates:


key": {
 "": {
   "policy": "<policy_1>"
 }

The token id of the newly created ACL is printed on stdout on success.

Example 
nsulacl create --ssl --token=b78191f9-01fb-24d0-4278-be05ee82c6c4 \
--rule='key:test/node:read' \
--rule='service:hello-world:write'
5096-e680-2faa-d864-b9314308387a
destroy command
Usage 
ulacl destroy [options] id

stroy an ACL
Example 
nsulacl destroy --ssl --token=b78191f9-01fb-24d0-4278-be05ee82c6c4 \
25c25096-e680-2faa-d864-b9314308387a
info command
Usage 
ulacl info [options] id

ery information about an ACL token
Example 
nsulacl info --ssl --ssl-verify=false --token=b78191f9-01fb-24d0-4278-be05ee82c6c4 \
 25c25096-e680-2faa-d864-b9314308387a

reateIndex": 4100,
odifyIndex": 4100,
D": "25c25096-e680-2faa-d864-b9314308387a",
ame": "",
ype": "client",
ules": "{\"key\":{\"test/node\":{\"Policy\":\"read\"}},\"service\":{\"hello-world\":{\"Policy\":\"write\"}}}"


list command

 Usage

consulacl list [options]

List all active ACL tokens.

 Example

$ consulacl list –ssl –token=b78191f9-01fb-24d0-4278-be05ee82c6c4 { {

"CreateIndex": 3,
"ModifyIndex": 3,
"ID": "anonymous",
"Name": "Anonymous Token",
"Type": "client",
"Rules": ""

}, {

"CreateIndex": 4100,
"ModifyIndex": 4100,
"ID": "25c25096-e680-2faa-d864-b9314308387a",
"Name": "",
"Type": "client",
"Rules": "{\"key\":{\"test/node\":{\"Policy\":\"read\"}},\"service\":{\"hello-world\":{\"Policy\":\"write\"}}}"

} }

update command

update command updates an ACL if it exists and creates a new one if it does not. All of the ACL settings are overwritten on update.

 Usage

Usage: consulacl update [options] id

Update an ACL. Will be created if it doesn't exist.

Options:

–management Create a management token

            (default: false)

–name Name of the ACL

            (default: not set)

–rule='type:path:policy' Rule to create. Can be multiple rules on a command line

            (default: not set)

 Arguments

tion | Default | Description |
---- | ------- | ----------- |
anagement` | `false` | Create the token as a management ACL
ame` | `not set` | Name of the ACL
ule` | `not set` | Rule to create

iple rules can be specified on the command line.  The format for the `rule` is `[key|service]:path:[read:write:deny]`. The list of rules is converted to a JSON object:

{ “key”: {

"<path_1>": {
  "policy": "<policy_1>"
}, ...

}, “service”: {

"<path_2>": {
  "policy": "<policy_2>"
}, ...

} }

mpty `path` attribute generates:

{ “key”: {

 "": {
   "policy": "<policy_1>"
 }

} }

token id of the newly created ACL is printed on stdout on success.

 Example

$ consulacl update –ssl –token=b78191f9-01fb-24d0-4278-be05ee82c6c4 \

--rule='key:test/node:read' \
--rule=`key:test/node1:write' \
--rule='service:hello-world:write' \
25c25096-e680-2faa-d864-b9314308387a
This work is supported by the National Institutes of Health's National Center for Advancing Translational Sciences, Grant Number U24TR002306. This work is solely the responsibility of the creators and does not necessarily represent the official views of the National Institutes of Health.