Consul
Consul ACL Templated Policy Preview
Command: consul acl templated-policy preview
Corresponding HTTP API Endpoint: [POST] /v1/acl/templated-policy/preview/:name
Use the acl templated-policy preview
command to preview the policy generated from a templated policy.
You must provide an ACL token with acl:read
permissions to use the consul all templated-policy preview
command.
The command does not support blocking queries and agent caching.
Usage
Usage: consul acl templated-policy preview [options] [args]
Command Options
-name
: String value that specifies the templated policy name. Use-var
flag to specify variables when required.var
: String value that specifies templated policy variables. Must be used in combination with-name
flag to specify required variables. You can use the flag multiple times with different variables. Format isVariableName:Value
-file
: String value that specifies the path to a file containing templated policies and variables.-format
: Specifies the output format. You can specify eitherpretty
orjson
The default value ispretty
.
Enterprise options
-partition=<string>
- Enterprise Specifies the partition to query. If not provided, the partition is inferred from the request's ACL token, or defaults to thedefault
partition.
-namespace=<string>
- Specifies the namespace to query. If not provided, the namespace will be inferred from the request's ACL token, or will default to thedefault
namespace. Namespaces are a Consul Enterprise feature added in v1.7.0.
API options
-ca-file=<value>
- Path to a CA file to use for TLS when communicating with Consul. This can also be specified via theCONSUL_CACERT
environment variable.-ca-path=<value>
- Path to a directory of CA certificates to use for TLS when communicating with Consul. This can also be specified via theCONSUL_CAPATH
environment variable.-client-cert=<value>
- Path to a client cert file to use for TLS whenverify_incoming
is enabled. This can also be specified via theCONSUL_CLIENT_CERT
environment variable.-client-key=<value>
- Path to a client key file to use for TLS whenverify_incoming
is enabled. This can also be specified via theCONSUL_CLIENT_KEY
environment variable.-http-addr=<addr>
- Address of the Consul agent with the port. This can be an IP address or DNS address, but it must include the port. This can also be specified via theCONSUL_HTTP_ADDR
environment variable. In Consul 0.8 and later, the default value is http://127.0.0.1:8500, and https can optionally be used instead. The scheme can also be set to HTTPS by setting the environment variableCONSUL_HTTP_SSL=true
. This may be a unix domain socket usingunix:///path/to/socket
if the agent is configured to listen that way.-tls-server-name=<value>
- The server name to use as the SNI host when connecting via TLS. This can also be specified via theCONSUL_TLS_SERVER_NAME
environment variable.-token=<value>
- ACL token to use in the request. This can also be specified via theCONSUL_HTTP_TOKEN
environment variable. If unspecified, the query will default to the token of the Consul agent at the HTTP address.-token-file=<value>
- File containing the ACL token to use in the request instead of one specified via the-token
argument orCONSUL_HTTP_TOKEN
environment variable. This can also be specified via theCONSUL_HTTP_TOKEN_FILE
environment variable.
-datacenter=<name>
- Name of the datacenter to query. If unspecified, the query will default to the datacenter of the Consul agent at the HTTP address.-stale
- Permit any Consul server (non-leader) to respond to this request. This allows for lower latency and higher throughput, but can result in stale data. This option has no effect on non-read operations. The default value is false.
Examples
The following examples demonstrate common patterns for using the acl templated-policy preview
command.
Preview a templated policy with no required variables
consul acl templated-policy preview -name "builtin/dns"
ID: 0a6e6f64655f70726566697...
Name: synthetic-policy-0a6e6f...
Description: synthetic policy generated from templated policy: builtin/dns
Datacenters:
Rules:
node_prefix "" {
policy = "read"
}
service_prefix "" {
policy = "read"
}
query_prefix "" {
policy = "read"
}
Preview a templated policy with required variables
In the following example, Consul prints a preview of the policy generated from the builtin/service
templated policy for the service name api
.
consul acl templated-policy preview -name "builtin/service" -var "name:api"
ID: 0a736572766963652022617...
Name: synthetic-policy-0a7365...
Description: synthetic policy generated from templated policy: builtin/service
Datacenters:
Rules:
service "api" {
policy = "write"
}
service "api-sidecar-proxy" {
policy = "write"
}
service_prefix "" {
policy = "read"
}
node_prefix "" {
policy = "read"
}
Preview a templated policy using a file:
The following example shows a payload request to preview of the policy generated from the builtin/service
templated policy.
The payload includes a variable named web
, which Consul uses as the service name.
Sample payload
TemplatedPolicy "builtin/service" {
Name = "web"
}
$ consul acl templated-policy -file templated-policy.hcl
ID: 0a736572766963652022776...
Name: synthetic-policy-0a7365...
Description: synthetic policy generated from templated policy: builtin/service
Datacenters:
Rules:
service "web" {
policy = "write"
}
service "web-sidecar-proxy" {
policy = "write"
}
service_prefix "" {
policy = "read"
}
node_prefix "" {
policy = "read"
}