open-consul/website/content/commands/intention/index.mdx

95 lines
2.9 KiB
Plaintext
Raw Normal View History

---
layout: commands
2020-04-06 20:27:35 +00:00
page_title: 'Commands: Intention'
---
# Consul Intention
Command: `consul intention`
The `intention` command is used to interact with Connect
2020-04-09 23:46:54 +00:00
[intentions](/docs/connect/intentions). It exposes commands for
creating, updating, reading, deleting, checking, and managing intentions.
This command is available in Consul 1.2 and later.
Intentions are managed primarily via
[`service-intentions`](/docs/connect/config-entries/service-intentions) config
entries after Consul 1.9. Intentions may also be managed via the [HTTP
API](/api/connect/intentions).
~> **Deprecated** - This command is deprecated in Consul 1.9.0 in favor of
using the [config entry CLI command](/commands/config/write). To create an
intention, create or modify a
[`service-intentions`](/docs/connect/config-entries/service-intentions) config
entry for the destination.
## Usage
Usage: `consul intention <subcommand>`
For the exact documentation for your Consul version, run `consul intention -h`
to view the complete list of subcommands.
```text
Usage: consul intention <subcommand> [options] [args]
...
Subcommands:
check Check whether a connection between two services is allowed.
create Create intentions for service connections.
delete Delete an intention.
list Lists all intentions.
get Show information about an intention.
match Show intentions that match a source or destination.
```
For more information, examples, and usage about a subcommand, click on the name
of the subcommand in the sidebar.
## Basic Examples
Create an intention to allow "web" to talk to "db":
2020-05-19 18:32:38 +00:00
```shell-session
2020-04-07 23:56:08 +00:00
$ consul intention create web db
```
Create an intention to deny "db" from initiating connections to _any_ service:
2020-05-19 18:32:38 +00:00
```shell-session
$ consul intention create -deny db '*'
Created: db => * (deny)
```
Test whether a "web" is allowed to connect to "db":
2020-05-19 18:32:38 +00:00
```shell-session
2020-04-07 23:56:08 +00:00
$ consul intention check web db
```
List all intentions:
```shell-session
$ consul intention list
```
Find all intentions for communicating to the "db" service:
2020-05-19 18:32:38 +00:00
```shell-session
2020-04-07 23:56:08 +00:00
$ consul intention match db
```
## Source and Destination Naming
Intention commands commonly take positional arguments referred to as `SRC` and
`DST` in the command documentation. These can take several forms:
2020-07-08 23:09:00 +00:00
| Format | Meaning |
| ----------------------- | -------------------------------------------------------------------- |
| `<service>` | the named service in the current namespace |
| `*` | any service in the current namespace |
| `<namespace>/<service>` | <EnterpriseAlert inline /> the named service in a specific namespace |
| `<namespace>/*` | <EnterpriseAlert inline /> any service in the specified namespace |
| `*/*` | <EnterpriseAlert inline /> any service in any namespace |