Name: consulacl
Owner: CiscoCloud
Description: Command line interface to Consul ACL endpoint
Created: 2015-06-02 15:40:11.0
Updated: 2018-05-06 19:27:35.0
Pushed: 2016-06-09 10:41:08.0
Homepage: null
Size: 19
Language: Go
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
Command line interface to the Consul ACL HTTP API. Documentation for the Consul ACL system is at the Consul ACL internals page.
You can download a released consulacl
artifact from the consulacl release page on Github. If you wish to compile from source, you will need to have buildtools and Go installed:
t clone https://github.com/CiscoCloud/consulacl.git
consulacl
ke
e: consulacl [--version] [--help] <command> [<args>]
lable commands are:
clone Create a new token from an existing one
create Create an ACL
destroy Destroy an ACL
info Query an ACL token
list List a value
update Update an ACL
| Option | Default | Description |
| —— | ——- | ———– |
| --consul
| 127.0.0.1:8500
| HTTP address of the Consul Agent
| --ssl
| false
| Use HTTPS while talking to Consul
| --ssl-verify
| true
| Verify certificates when connecting via SSL. Requires --ssl
| --ssl-cert
| unset
| Path to an SSL client certificate to use to authenticate to the consul server
| --ssl-ca-cert
| unset
| Path to a CA certificate file, containing one or more CA certificates to use to validate the certificate sent by the consul server to us.
| --token
* | unset
| The Consul API token.
* A management token is required for all ACL operations
ulacl clone [options] id
eate a new token from an existing one
nsulacl clone --sll --token=b78191f9-01fb-24d0-4278-be05ee82c6c4 19933651-439e-5123-5a2f-6bdf2afa0d70
b641-070d-eae0-1ff8-8e8c67399fa4
e: consulacl create [options]
eate an ACL. Requires a management token.
ons:
management Create a management token
(default: false)
name Name of the ACL
(default: not set)
rule='type:path:policy' Rule to create. Can be multiple rules on a command line
(default: not set)
| Option | Default | Description |
| —— | ——- | ———– |
| management
| false
| Create the token as a management ACL
| name
| not set
| Name of the ACL
| rule
| not set
| Rule to create
Multiple rules can be specified on the command line. The format for the rule
is [key|service]:path:[read:write:deny]
. The list of rules is converted to a JSON object:
ey": {
"<path_1>": {
"policy": "<policy_1>"
}, ...
,
ervice": {
"<path_2>": {
"policy": "<policy_2>"
}, ...
An empty path
attribute generates:
key": {
"": {
"policy": "<policy_1>"
}
The token id of the newly created ACL is printed on stdout on success.
nsulacl create --ssl --token=b78191f9-01fb-24d0-4278-be05ee82c6c4 \
--rule='key:test/node:read' \
--rule='service:hello-world:write'
5096-e680-2faa-d864-b9314308387a
ulacl destroy [options] id
stroy an ACL
nsulacl destroy --ssl --token=b78191f9-01fb-24d0-4278-be05ee82c6c4 \
25c25096-e680-2faa-d864-b9314308387a
ulacl info [options] id
ery information about an ACL token
nsulacl info --ssl --ssl-verify=false --token=b78191f9-01fb-24d0-4278-be05ee82c6c4 \
25c25096-e680-2faa-d864-b9314308387a
reateIndex": 4100,
odifyIndex": 4100,
D": "25c25096-e680-2faa-d864-b9314308387a",
ame": "",
ype": "client",
ules": "{\"key\":{\"test/node\":{\"Policy\":\"read\"}},\"service\":{\"hello-world\":{\"Policy\":\"write\"}}}"
list command
Usage
consulacl list [options]
List all active ACL tokens.
Example
$ consulacl list –ssl –token=b78191f9-01fb-24d0-4278-be05ee82c6c4 { {
"CreateIndex": 3,
"ModifyIndex": 3,
"ID": "anonymous",
"Name": "Anonymous Token",
"Type": "client",
"Rules": ""
}, {
"CreateIndex": 4100,
"ModifyIndex": 4100,
"ID": "25c25096-e680-2faa-d864-b9314308387a",
"Name": "",
"Type": "client",
"Rules": "{\"key\":{\"test/node\":{\"Policy\":\"read\"}},\"service\":{\"hello-world\":{\"Policy\":\"write\"}}}"
} }
update command
update command updates an ACL if it exists and creates a new one if it does not. All of the ACL settings are overwritten on update.
Usage
Usage: consulacl update [options] id
Update an ACL. Will be created if it doesn't exist.
Options:
–management Create a management token
(default: false)
–name Name of the ACL
(default: not set)
–rule='type:path:policy' Rule to create. Can be multiple rules on a command line
(default: not set)
Arguments
tion | Default | Description |
---- | ------- | ----------- |
anagement` | `false` | Create the token as a management ACL
ame` | `not set` | Name of the ACL
ule` | `not set` | Rule to create
iple rules can be specified on the command line. The format for the `rule` is `[key|service]:path:[read:write:deny]`. The list of rules is converted to a JSON object:
{ “key”: {
"<path_1>": {
"policy": "<policy_1>"
}, ...
}, “service”: {
"<path_2>": {
"policy": "<policy_2>"
}, ...
} }
mpty `path` attribute generates:
{ “key”: {
"": {
"policy": "<policy_1>"
}
} }
token id of the newly created ACL is printed on stdout on success.
Example
$ consulacl update –ssl –token=b78191f9-01fb-24d0-4278-be05ee82c6c4 \
--rule='key:test/node:read' \
--rule=`key:test/node1:write' \
--rule='service:hello-world:write' \
25c25096-e680-2faa-d864-b9314308387a