luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity
open-consul/website/content/api-docs/acl/policies.mdx

396 lines
13 KiB
Plaintext
Raw Normal View History

Adds documentation for the new ACL APIs (#4851) * Update the ACL API docs * Add a CreateTime to the anon token Also require acl:read permissions at least to perform rule translation. Don’t want someone DoSing the system with an open endpoint that actually does a bit of work. * Fix one place where I was referring to id instead of AccessorID * Add godocs for the API package additions. * Minor updates: removed some extra commas and updated the acl intro paragraph * minor tweaks * Updated the language to be clearer * Updated the language to be clearer for policy page * I was also confused by that! Your updates are much clearer. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Sounds much better. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Updated sidebar layout and deprecated warning
2018-10-31 22:11:51 +00:00
---
layout: api
page_title: ACL Policies - HTTP API
intro and api navigation converted
2020-04-07 18:55:19 +00:00
description: The /acl/policy endpoints manage Consul's ACL policies.
Adds documentation for the new ACL APIs (#4851) * Update the ACL API docs * Add a CreateTime to the anon token Also require acl:read permissions at least to perform rule translation. Don’t want someone DoSing the system with an open endpoint that actually does a bit of work. * Fix one place where I was referring to id instead of AccessorID * Add godocs for the API package additions. * Minor updates: removed some extra commas and updated the acl intro paragraph * minor tweaks * Updated the language to be clearer * Updated the language to be clearer for policy page * I was also confused by that! Your updates are much clearer. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Sounds much better. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Updated sidebar layout and deprecated warning
2018-10-31 22:11:51 +00:00
---
# ACL Policy HTTP API
website: redirect /api to /api-docs (#12660)
2022-03-30 21:16:26 +00:00
-> **1.4.0+:** The APIs are available in Consul versions 1.4.0 and later. The documentation for the legacy ACL API is [here](/api-docs/acl/legacy).
intro and api navigation converted
2020-04-07 18:55:19 +00:00
Adds documentation for the new ACL APIs (#4851) * Update the ACL API docs * Add a CreateTime to the anon token Also require acl:read permissions at least to perform rule translation. Don’t want someone DoSing the system with an open endpoint that actually does a bit of work. * Fix one place where I was referring to id instead of AccessorID * Add godocs for the API package additions. * Minor updates: removed some extra commas and updated the acl intro paragraph * minor tweaks * Updated the language to be clearer * Updated the language to be clearer for policy page * I was also confused by that! Your updates are much clearer. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Sounds much better. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Updated sidebar layout and deprecated warning
2018-10-31 22:11:51 +00:00
The `/acl/policy` endpoints [create](#create-a-policy), [read](#read-a-policy),
docs: add documentation for all secure acl introduction work (#5640)
2019-05-01 21:11:23 +00:00
[update](#update-a-policy), [list](#list-policies) and
docs: fix typos, IDs are UUIDs, /acl/token endpoints manage ACL tokens (#5736)
2020-02-03 08:41:54 +00:00
[delete](#delete-a-policy) ACL policies in Consul.
docs: add documentation for all secure acl introduction work (#5640)
2019-05-01 21:11:23 +00:00
Refactor api-docs links to learn (#8488)
2020-08-17 16:20:02 +00:00
For more information on how to setup ACLs, please check
the [ACL tutorial](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production).
Adds documentation for the new ACL APIs (#4851) * Update the ACL API docs * Add a CreateTime to the anon token Also require acl:read permissions at least to perform rule translation. Don’t want someone DoSing the system with an open endpoint that actually does a bit of work. * Fix one place where I was referring to id instead of AccessorID * Add godocs for the API package additions. * Minor updates: removed some extra commas and updated the acl intro paragraph * minor tweaks * Updated the language to be clearer * Updated the language to be clearer for policy page * I was also confused by that! Your updates are much clearer. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Sounds much better. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Updated sidebar layout and deprecated warning
2018-10-31 22:11:51 +00:00
## Create a Policy
This endpoint creates a new ACL policy.
initial
2020-04-06 20:27:35 +00:00
| Method | Path | Produces |
| ------ | ------------- | ------------------ |
| `PUT` | `/acl/policy` | `application/json` |
Adds documentation for the new ACL APIs (#4851) * Update the ACL API docs * Add a CreateTime to the anon token Also require acl:read permissions at least to perform rule translation. Don’t want someone DoSing the system with an open endpoint that actually does a bit of work. * Fix one place where I was referring to id instead of AccessorID * Add godocs for the API package additions. * Minor updates: removed some extra commas and updated the acl intro paragraph * minor tweaks * Updated the language to be clearer * Updated the language to be clearer for policy page * I was also confused by that! Your updates are much clearer. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Sounds much better. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Updated sidebar layout and deprecated warning
2018-10-31 22:11:51 +00:00
The table below shows this endpoint's support for
website: redirect /api to /api-docs (#12660)
2022-03-30 21:16:26 +00:00
[blocking queries](/api-docs/features/blocking),
[consistency modes](/api-docs/features/consistency),
[agent caching](/api-docs/features/caching), and
remove internal /index.html
2020-04-09 23:20:00 +00:00
[required ACLs](/api#authentication).
Adds documentation for the new ACL APIs (#4851) * Update the ACL API docs * Add a CreateTime to the anon token Also require acl:read permissions at least to perform rule translation. Don’t want someone DoSing the system with an open endpoint that actually does a bit of work. * Fix one place where I was referring to id instead of AccessorID * Add godocs for the API package additions. * Minor updates: removed some extra commas and updated the acl intro paragraph * minor tweaks * Updated the language to be clearer * Updated the language to be clearer for policy page * I was also confused by that! Your updates are much clearer. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Sounds much better. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Updated sidebar layout and deprecated warning
2018-10-31 22:11:51 +00:00
| Blocking Queries | Consistency Modes | Agent Caching | ACL Required |
| ---------------- | ----------------- | ------------- | ------------ |
| `NO` | `none` | `none` | `acl:write` |
docs: don't treat CLI cmd cross-ref as info box
2022-01-15 17:29:35 +00:00
The corresponding CLI command is [`consul acl policy create`](/commands/acl/policy/create).
Editing links and grammer changes
2022-01-10 19:21:32 +00:00
docs: split HTTP API params into sections by type Path parameters, query parameters, and request body parameters are now shown in separate sections rather than combined into one general parameters section. This makes it much easier to understand quickly where a parameter should be provided.
2022-05-10 15:51:11 +00:00
### Query Parameters
- `ns` `(string: "")` <EnterpriseAlert inline /> - Specifies the namespace of the policy you create.
You can also [specify the namespace through other methods](#methods-to-specify-namespace).
### JSON Request Body Schema
Adds documentation for the new ACL APIs (#4851) * Update the ACL API docs * Add a CreateTime to the anon token Also require acl:read permissions at least to perform rule translation. Don’t want someone DoSing the system with an open endpoint that actually does a bit of work. * Fix one place where I was referring to id instead of AccessorID * Add godocs for the API package additions. * Minor updates: removed some extra commas and updated the acl intro paragraph * minor tweaks * Updated the language to be clearer * Updated the language to be clearer for policy page * I was also confused by that! Your updates are much clearer. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Sounds much better. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Updated sidebar layout and deprecated warning
2018-10-31 22:11:51 +00:00
- `Name` `(string: <required>)` - Specifies a name for the ACL policy. The name
initial
2020-04-06 20:27:35 +00:00
can contain alphanumeric characters, dashes `-`, and underscores `_`.
docs: add documentation for all secure acl introduction work (#5640)
2019-05-01 21:11:23 +00:00
This name must be unique.
Adds documentation for the new ACL APIs (#4851) * Update the ACL API docs * Add a CreateTime to the anon token Also require acl:read permissions at least to perform rule translation. Don’t want someone DoSing the system with an open endpoint that actually does a bit of work. * Fix one place where I was referring to id instead of AccessorID * Add godocs for the API package additions. * Minor updates: removed some extra commas and updated the acl intro paragraph * minor tweaks * Updated the language to be clearer * Updated the language to be clearer for policy page * I was also confused by that! Your updates are much clearer. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Sounds much better. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Updated sidebar layout and deprecated warning
2018-10-31 22:11:51 +00:00
- `Description` `(string: "")` - Free form human readable description of the policy.
- `Rules` `(string: "")` - Specifies rules for the ACL policy. The format of the
docs: Avoid redirects by pointing links to new URLs Avoid HTTP redirects for internal site links by updating old URLs to point to the new location for the target content.
2022-01-10 23:36:16 +00:00
`Rules` property is detailed in the [ACL Rules documentation](/docs/security/acl/acl-rules).
Adds documentation for the new ACL APIs (#4851) * Update the ACL API docs * Add a CreateTime to the anon token Also require acl:read permissions at least to perform rule translation. Don’t want someone DoSing the system with an open endpoint that actually does a bit of work. * Fix one place where I was referring to id instead of AccessorID * Add godocs for the API package additions. * Minor updates: removed some extra commas and updated the acl intro paragraph * minor tweaks * Updated the language to be clearer * Updated the language to be clearer for policy page * I was also confused by that! Your updates are much clearer. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Sounds much better. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Updated sidebar layout and deprecated warning
2018-10-31 22:11:51 +00:00
- `Datacenters` `(array<string>)` - Specifies the datacenters the policy is valid within.
initial
2020-04-06 20:27:35 +00:00
When no datacenters are provided the policy is valid in all datacenters including
those which do not yet exist but may in the future.
docs: fix typos, IDs are UUIDs, /acl/token endpoints manage ACL tokens (#5736)
2020-02-03 08:41:54 +00:00
docs: split HTTP API params into sections by type Path parameters, query parameters, and request body parameters are now shown in separate sections rather than combined into one general parameters section. This makes it much easier to understand quickly where a parameter should be provided.
2022-05-10 15:51:11 +00:00
- `Namespace` `(string: "")` <EnterpriseAlert inline /> - Specifies the namespace of the policy you create.
This field takes precedence over the `ns` query parameter,
one of several [other methods to specify the namespace](#methods-to-specify-namespace).
Adds documentation for the new ACL APIs (#4851) * Update the ACL API docs * Add a CreateTime to the anon token Also require acl:read permissions at least to perform rule translation. Don’t want someone DoSing the system with an open endpoint that actually does a bit of work. * Fix one place where I was referring to id instead of AccessorID * Add godocs for the API package additions. * Minor updates: removed some extra commas and updated the acl intro paragraph * minor tweaks * Updated the language to be clearer * Updated the language to be clearer for policy page * I was also confused by that! Your updates are much clearer. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Sounds much better. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Updated sidebar layout and deprecated warning
2018-10-31 22:11:51 +00:00
### Sample Payload
```json
{
"Name": "node-read",
"Description": "Grants read access to all node information",
"Rules": "node_prefix \"\" { policy = \"read\"}",
"Datacenters": ["dc1"]
}
```
### Sample Request
update dependencies
2020-05-19 18:32:38 +00:00
```shell-session
docs: Use long form of CLI flags (#12030) Use long form of CLI flags in all example commands. Co-authored-by: mrspanishviking <kcardenas@hashicorp.com> Co-authored-by: David Yu <dyu@hashicorp.com>
2022-01-12 23:05:01 +00:00
$ curl --request PUT \
Adds documentation for the new ACL APIs (#4851) * Update the ACL API docs * Add a CreateTime to the anon token Also require acl:read permissions at least to perform rule translation. Don’t want someone DoSing the system with an open endpoint that actually does a bit of work. * Fix one place where I was referring to id instead of AccessorID * Add godocs for the API package additions. * Minor updates: removed some extra commas and updated the acl intro paragraph * minor tweaks * Updated the language to be clearer * Updated the language to be clearer for policy page * I was also confused by that! Your updates are much clearer. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Sounds much better. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Updated sidebar layout and deprecated warning
2018-10-31 22:11:51 +00:00
--data @payload.json \
http://127.0.0.1:8500/v1/acl/policy
```
### Sample Response
```json
{
initial
2020-04-06 20:27:35 +00:00
"ID": "e359bd81-baca-903e-7e64-1ccd9fdc78f5",
"Name": "node-read",
"Description": "Grants read access to all node information",
"Rules": "node_prefix \"\" { policy = \"read\"}",
"Datacenters": ["dc1"],
"Hash": "OtZUUKhInTLEqTPfNSSOYbRiSBKm3c4vI2p6MxZnGWc=",
"CreateIndex": 14,
"ModifyIndex": 14
Adds documentation for the new ACL APIs (#4851) * Update the ACL API docs * Add a CreateTime to the anon token Also require acl:read permissions at least to perform rule translation. Don’t want someone DoSing the system with an open endpoint that actually does a bit of work. * Fix one place where I was referring to id instead of AccessorID * Add godocs for the API package additions. * Minor updates: removed some extra commas and updated the acl intro paragraph * minor tweaks * Updated the language to be clearer * Updated the language to be clearer for policy page * I was also confused by that! Your updates are much clearer. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Sounds much better. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Updated sidebar layout and deprecated warning
2018-10-31 22:11:51 +00:00
}
```
## Read a Policy
This endpoint reads an ACL policy with the given ID.
initial
2020-04-06 20:27:35 +00:00
| Method | Path | Produces |
| ------ | ----------------- | ------------------ |
| `GET` | `/acl/policy/:id` | `application/json` |
Adds documentation for the new ACL APIs (#4851) * Update the ACL API docs * Add a CreateTime to the anon token Also require acl:read permissions at least to perform rule translation. Don’t want someone DoSing the system with an open endpoint that actually does a bit of work. * Fix one place where I was referring to id instead of AccessorID * Add godocs for the API package additions. * Minor updates: removed some extra commas and updated the acl intro paragraph * minor tweaks * Updated the language to be clearer * Updated the language to be clearer for policy page * I was also confused by that! Your updates are much clearer. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Sounds much better. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Updated sidebar layout and deprecated warning
2018-10-31 22:11:51 +00:00
The table below shows this endpoint's support for
website: redirect /api to /api-docs (#12660)
2022-03-30 21:16:26 +00:00
[blocking queries](/api-docs/features/blocking),
[consistency modes](/api-docs/features/consistency),
[agent caching](/api-docs/features/caching), and
remove internal /index.html
2020-04-09 23:20:00 +00:00
[required ACLs](/api#authentication).
Adds documentation for the new ACL APIs (#4851) * Update the ACL API docs * Add a CreateTime to the anon token Also require acl:read permissions at least to perform rule translation. Don’t want someone DoSing the system with an open endpoint that actually does a bit of work. * Fix one place where I was referring to id instead of AccessorID * Add godocs for the API package additions. * Minor updates: removed some extra commas and updated the acl intro paragraph * minor tweaks * Updated the language to be clearer * Updated the language to be clearer for policy page * I was also confused by that! Your updates are much clearer. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Sounds much better. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Updated sidebar layout and deprecated warning
2018-10-31 22:11:51 +00:00
| Blocking Queries | Consistency Modes | Agent Caching | ACL Required |
| ---------------- | ----------------- | ------------- | ------------ |
| `YES` | `all` | `none` | `acl:read` |
docs: don't treat CLI cmd cross-ref as info box
2022-01-15 17:29:35 +00:00
The corresponding CLI command is [`consul acl policy read`](/commands/acl/policy/read).
Editing links and grammer changes
2022-01-10 19:21:32 +00:00
docs: split HTTP API params into sections by type Path parameters, query parameters, and request body parameters are now shown in separate sections rather than combined into one general parameters section. This makes it much easier to understand quickly where a parameter should be provided.
2022-05-10 15:51:11 +00:00
### Path Parameters
- `id` `(string: <required>)` - Specifies the UUID of the policy you lookup.
Adds documentation for the new ACL APIs (#4851) * Update the ACL API docs * Add a CreateTime to the anon token Also require acl:read permissions at least to perform rule translation. Don’t want someone DoSing the system with an open endpoint that actually does a bit of work. * Fix one place where I was referring to id instead of AccessorID * Add godocs for the API package additions. * Minor updates: removed some extra commas and updated the acl intro paragraph * minor tweaks * Updated the language to be clearer * Updated the language to be clearer for policy page * I was also confused by that! Your updates are much clearer. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Sounds much better. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Updated sidebar layout and deprecated warning
2018-10-31 22:11:51 +00:00
docs: split HTTP API params into sections by type Path parameters, query parameters, and request body parameters are now shown in separate sections rather than combined into one general parameters section. This makes it much easier to understand quickly where a parameter should be provided.
2022-05-10 15:51:11 +00:00
### Query Parameters
docs: fix typos, IDs are UUIDs, /acl/token endpoints manage ACL tokens (#5736)
2020-02-03 08:41:54 +00:00
docs: split HTTP API params into sections by type Path parameters, query parameters, and request body parameters are now shown in separate sections rather than combined into one general parameters section. This makes it much easier to understand quickly where a parameter should be provided.
2022-05-10 15:51:11 +00:00
- `ns` `(string: "")` <EnterpriseAlert inline /> - Specifies the namespace of the policy you lookup.
You can also [specify the namespace through other methods](#methods-to-specify-namespace).
Adds documentation for the new ACL APIs (#4851) * Update the ACL API docs * Add a CreateTime to the anon token Also require acl:read permissions at least to perform rule translation. Don’t want someone DoSing the system with an open endpoint that actually does a bit of work. * Fix one place where I was referring to id instead of AccessorID * Add godocs for the API package additions. * Minor updates: removed some extra commas and updated the acl intro paragraph * minor tweaks * Updated the language to be clearer * Updated the language to be clearer for policy page * I was also confused by that! Your updates are much clearer. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Sounds much better. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Updated sidebar layout and deprecated warning
2018-10-31 22:11:51 +00:00
### Sample Request
update dependencies
2020-05-19 18:32:38 +00:00
```shell-session
docs: Use long form of CLI flags (#12030) Use long form of CLI flags in all example commands. Co-authored-by: mrspanishviking <kcardenas@hashicorp.com> Co-authored-by: David Yu <dyu@hashicorp.com>
2022-01-12 23:05:01 +00:00
$ curl --request GET http://127.0.0.1:8500/v1/acl/policy/e359bd81-baca-903e-7e64-1ccd9fdc78f5
Adds documentation for the new ACL APIs (#4851) * Update the ACL API docs * Add a CreateTime to the anon token Also require acl:read permissions at least to perform rule translation. Don’t want someone DoSing the system with an open endpoint that actually does a bit of work. * Fix one place where I was referring to id instead of AccessorID * Add godocs for the API package additions. * Minor updates: removed some extra commas and updated the acl intro paragraph * minor tweaks * Updated the language to be clearer * Updated the language to be clearer for policy page * I was also confused by that! Your updates are much clearer. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Sounds much better. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Updated sidebar layout and deprecated warning
2018-10-31 22:11:51 +00:00
```
### Sample Response
```json
{
initial
2020-04-06 20:27:35 +00:00
"ID": "e359bd81-baca-903e-7e64-1ccd9fdc78f5",
"Name": "node-read",
"Description": "Grants read access to all node information",
"Rules": "node_prefix \"\" { policy = \"read\"}",
"Datacenters": ["dc1"],
"Hash": "OtZUUKhInTLEqTPfNSSOYbRiSBKm3c4vI2p6MxZnGWc=",
"CreateIndex": 14,
"ModifyIndex": 14
Adds documentation for the new ACL APIs (#4851) * Update the ACL API docs * Add a CreateTime to the anon token Also require acl:read permissions at least to perform rule translation. Don’t want someone DoSing the system with an open endpoint that actually does a bit of work. * Fix one place where I was referring to id instead of AccessorID * Add godocs for the API package additions. * Minor updates: removed some extra commas and updated the acl intro paragraph * minor tweaks * Updated the language to be clearer * Updated the language to be clearer for policy page * I was also confused by that! Your updates are much clearer. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Sounds much better. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Updated sidebar layout and deprecated warning
2018-10-31 22:11:51 +00:00
}
```
Add docs for v1/acl/policy/name endpoint (#7501)
2020-03-27 14:20:09 +00:00
## Read a Policy by Name
This endpoint reads an ACL policy with the given ID.
initial
2020-04-06 20:27:35 +00:00
| Method | Path | Produces |
| ------ | ------------------------ | ------------------ |
| `GET` | `/acl/policy/name/:name` | `application/json` |
Add docs for v1/acl/policy/name endpoint (#7501)
2020-03-27 14:20:09 +00:00
The table below shows this endpoint's support for
website: redirect /api to /api-docs (#12660)
2022-03-30 21:16:26 +00:00
[blocking queries](/api-docs/features/blocking),
[consistency modes](/api-docs/features/consistency),
[agent caching](/api-docs/features/caching), and
remove internal /index.html
2020-04-09 23:20:00 +00:00
[required ACLs](/api#authentication).
Add docs for v1/acl/policy/name endpoint (#7501)
2020-03-27 14:20:09 +00:00
| Blocking Queries | Consistency Modes | Agent Caching | ACL Required |
| ---------------- | ----------------- | ------------- | ------------ |
| `YES` | `all` | `none` | `acl:read` |
docs: don't treat CLI cmd cross-ref as info box
2022-01-15 17:29:35 +00:00
The corresponding CLI command is [`consul acl policy read -name=<string>`](/commands/acl/policy/read#name).
Editing links and grammer changes
2022-01-10 19:21:32 +00:00
docs: split HTTP API params into sections by type Path parameters, query parameters, and request body parameters are now shown in separate sections rather than combined into one general parameters section. This makes it much easier to understand quickly where a parameter should be provided.
2022-05-10 15:51:11 +00:00
### Path Parameters
Add docs for v1/acl/policy/name endpoint (#7501)
2020-03-27 14:20:09 +00:00
docs: split HTTP API params into sections by type Path parameters, query parameters, and request body parameters are now shown in separate sections rather than combined into one general parameters section. This makes it much easier to understand quickly where a parameter should be provided.
2022-05-10 15:51:11 +00:00
- `name` `(string: <required>)` - Specifies the name of the ACL policy to read.
Add docs for v1/acl/policy/name endpoint (#7501)
2020-03-27 14:20:09 +00:00
docs: split HTTP API params into sections by type Path parameters, query parameters, and request body parameters are now shown in separate sections rather than combined into one general parameters section. This makes it much easier to understand quickly where a parameter should be provided.
2022-05-10 15:51:11 +00:00
### Query Parameters
- `ns` `(string: "")` <EnterpriseAlert inline /> - Specifies the namespace of the policy you lookup.
You can also [specify the namespace through other methods](#methods-to-specify-namespace).
Add docs for v1/acl/policy/name endpoint (#7501)
2020-03-27 14:20:09 +00:00
### Sample Request
update dependencies
2020-05-19 18:32:38 +00:00
```shell-session
docs: Use long form of CLI flags (#12030) Use long form of CLI flags in all example commands. Co-authored-by: mrspanishviking <kcardenas@hashicorp.com> Co-authored-by: David Yu <dyu@hashicorp.com>
2022-01-12 23:05:01 +00:00
$ curl --request GET http://127.0.0.1:8500/v1/acl/policy/name/node-read
Add docs for v1/acl/policy/name endpoint (#7501)
2020-03-27 14:20:09 +00:00
```
### Sample Response
```json
{
initial
2020-04-06 20:27:35 +00:00
"ID": "e359bd81-baca-903e-7e64-1ccd9fdc78f5",
"Name": "node-read",
"Description": "Grants read access to all node information",
"Rules": "node_prefix \"\" { policy = \"read\"}",
"Datacenters": ["dc1"],
"Hash": "OtZUUKhInTLEqTPfNSSOYbRiSBKm3c4vI2p6MxZnGWc=",
"CreateIndex": 14,
"ModifyIndex": 14
Add docs for v1/acl/policy/name endpoint (#7501)
2020-03-27 14:20:09 +00:00
}
```
Adds documentation for the new ACL APIs (#4851) * Update the ACL API docs * Add a CreateTime to the anon token Also require acl:read permissions at least to perform rule translation. Don’t want someone DoSing the system with an open endpoint that actually does a bit of work. * Fix one place where I was referring to id instead of AccessorID * Add godocs for the API package additions. * Minor updates: removed some extra commas and updated the acl intro paragraph * minor tweaks * Updated the language to be clearer * Updated the language to be clearer for policy page * I was also confused by that! Your updates are much clearer. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Sounds much better. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Updated sidebar layout and deprecated warning
2018-10-31 22:11:51 +00:00
## Update a Policy
This endpoint updates an existing ACL policy.
initial
2020-04-06 20:27:35 +00:00
| Method | Path | Produces |
| ------ | ----------------- | ------------------ |
| `PUT` | `/acl/policy/:id` | `application/json` |
Adds documentation for the new ACL APIs (#4851) * Update the ACL API docs * Add a CreateTime to the anon token Also require acl:read permissions at least to perform rule translation. Don’t want someone DoSing the system with an open endpoint that actually does a bit of work. * Fix one place where I was referring to id instead of AccessorID * Add godocs for the API package additions. * Minor updates: removed some extra commas and updated the acl intro paragraph * minor tweaks * Updated the language to be clearer * Updated the language to be clearer for policy page * I was also confused by that! Your updates are much clearer. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Sounds much better. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Updated sidebar layout and deprecated warning
2018-10-31 22:11:51 +00:00
The table below shows this endpoint's support for
website: redirect /api to /api-docs (#12660)
2022-03-30 21:16:26 +00:00
[blocking queries](/api-docs/features/blocking),
[consistency modes](/api-docs/features/consistency),
[agent caching](/api-docs/features/caching), and
remove internal /index.html
2020-04-09 23:20:00 +00:00
[required ACLs](/api#authentication).
Adds documentation for the new ACL APIs (#4851) * Update the ACL API docs * Add a CreateTime to the anon token Also require acl:read permissions at least to perform rule translation. Don’t want someone DoSing the system with an open endpoint that actually does a bit of work. * Fix one place where I was referring to id instead of AccessorID * Add godocs for the API package additions. * Minor updates: removed some extra commas and updated the acl intro paragraph * minor tweaks * Updated the language to be clearer * Updated the language to be clearer for policy page * I was also confused by that! Your updates are much clearer. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Sounds much better. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Updated sidebar layout and deprecated warning
2018-10-31 22:11:51 +00:00
| Blocking Queries | Consistency Modes | Agent Caching | ACL Required |
| ---------------- | ----------------- | ------------- | ------------ |
| `NO` | `none` | `none` | `acl:write` |
docs: don't treat CLI cmd cross-ref as info box
2022-01-15 17:29:35 +00:00
The corresponding CLI command is [`consul acl policy update`](/commands/acl/policy/update).
Editing links and grammer changes
2022-01-10 19:21:32 +00:00
docs: split HTTP API params into sections by type Path parameters, query parameters, and request body parameters are now shown in separate sections rather than combined into one general parameters section. This makes it much easier to understand quickly where a parameter should be provided.
2022-05-10 15:51:11 +00:00
### Path Parameters
- `id` `(string: <required>)` - Specifies the UUID of the policy you update.
Adds documentation for the new ACL APIs (#4851) * Update the ACL API docs * Add a CreateTime to the anon token Also require acl:read permissions at least to perform rule translation. Don’t want someone DoSing the system with an open endpoint that actually does a bit of work. * Fix one place where I was referring to id instead of AccessorID * Add godocs for the API package additions. * Minor updates: removed some extra commas and updated the acl intro paragraph * minor tweaks * Updated the language to be clearer * Updated the language to be clearer for policy page * I was also confused by that! Your updates are much clearer. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Sounds much better. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Updated sidebar layout and deprecated warning
2018-10-31 22:11:51 +00:00
docs: split HTTP API params into sections by type Path parameters, query parameters, and request body parameters are now shown in separate sections rather than combined into one general parameters section. This makes it much easier to understand quickly where a parameter should be provided.
2022-05-10 15:51:11 +00:00
### Query Parameters
- `ns` `(string: "")` <EnterpriseAlert inline /> - Specifies the namespace of the policy you update.
You can also [specify the namespace through other methods](#methods-to-specify-namespace).
### JSON Request Body Schema
- `ID` `(string: <optional>)` - If specified, this field must be an exact match
with the `id` path parameter.
Adds documentation for the new ACL APIs (#4851) * Update the ACL API docs * Add a CreateTime to the anon token Also require acl:read permissions at least to perform rule translation. Don’t want someone DoSing the system with an open endpoint that actually does a bit of work. * Fix one place where I was referring to id instead of AccessorID * Add godocs for the API package additions. * Minor updates: removed some extra commas and updated the acl intro paragraph * minor tweaks * Updated the language to be clearer * Updated the language to be clearer for policy page * I was also confused by that! Your updates are much clearer. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Sounds much better. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Updated sidebar layout and deprecated warning
2018-10-31 22:11:51 +00:00
- `Name` `(string: <required>)` - Specifies a name for the ACL policy. The name
initial
2020-04-06 20:27:35 +00:00
can only contain alphanumeric characters as well as `-` and `_` and must be
unique.
Adds documentation for the new ACL APIs (#4851) * Update the ACL API docs * Add a CreateTime to the anon token Also require acl:read permissions at least to perform rule translation. Don’t want someone DoSing the system with an open endpoint that actually does a bit of work. * Fix one place where I was referring to id instead of AccessorID * Add godocs for the API package additions. * Minor updates: removed some extra commas and updated the acl intro paragraph * minor tweaks * Updated the language to be clearer * Updated the language to be clearer for policy page * I was also confused by that! Your updates are much clearer. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Sounds much better. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Updated sidebar layout and deprecated warning
2018-10-31 22:11:51 +00:00
- `Description` `(string: "")` - Free form human readable description of this policy.
- `Rules` `(string: "")` - Specifies rules for this ACL policy. The format of the
docs: Avoid redirects by pointing links to new URLs Avoid HTTP redirects for internal site links by updating old URLs to point to the new location for the target content.
2022-01-10 23:36:16 +00:00
`Rules` property is detailed in the [ACL Rules documentation](/docs/security/acl/acl-rules).
Adds documentation for the new ACL APIs (#4851) * Update the ACL API docs * Add a CreateTime to the anon token Also require acl:read permissions at least to perform rule translation. Don’t want someone DoSing the system with an open endpoint that actually does a bit of work. * Fix one place where I was referring to id instead of AccessorID * Add godocs for the API package additions. * Minor updates: removed some extra commas and updated the acl intro paragraph * minor tweaks * Updated the language to be clearer * Updated the language to be clearer for policy page * I was also confused by that! Your updates are much clearer. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Sounds much better. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Updated sidebar layout and deprecated warning
2018-10-31 22:11:51 +00:00
- `Datacenters` `(array<string>)` - Specifies the datacenters this policy is valid within.
initial
2020-04-06 20:27:35 +00:00
When no datacenters are provided the policy is valid in all datacenters including
those which do not yet exist but may in the future.
docs: fix typos, IDs are UUIDs, /acl/token endpoints manage ACL tokens (#5736)
2020-02-03 08:41:54 +00:00
docs: split HTTP API params into sections by type Path parameters, query parameters, and request body parameters are now shown in separate sections rather than combined into one general parameters section. This makes it much easier to understand quickly where a parameter should be provided.
2022-05-10 15:51:11 +00:00
- `Namespace` `(string: "")` <EnterpriseAlert inline /> - Specifies the namespace of the policy you update.
This field takes precedence over the `ns` query parameter,
one of several [other methods to specify the namespace](#methods-to-specify-namespace).
Adds documentation for the new ACL APIs (#4851) * Update the ACL API docs * Add a CreateTime to the anon token Also require acl:read permissions at least to perform rule translation. Don’t want someone DoSing the system with an open endpoint that actually does a bit of work. * Fix one place where I was referring to id instead of AccessorID * Add godocs for the API package additions. * Minor updates: removed some extra commas and updated the acl intro paragraph * minor tweaks * Updated the language to be clearer * Updated the language to be clearer for policy page * I was also confused by that! Your updates are much clearer. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Sounds much better. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Updated sidebar layout and deprecated warning
2018-10-31 22:11:51 +00:00
### Sample Payload
```json
{
"ID": "c01a1f82-44be-41b0-a686-685fb6e0f485",
"Name": "register-app-service",
"Description": "Grants write permissions necessary to register the 'app' service",
initial
2020-04-06 20:27:35 +00:00
"Rules": "service \"app\" { policy = \"write\"}"
Adds documentation for the new ACL APIs (#4851) * Update the ACL API docs * Add a CreateTime to the anon token Also require acl:read permissions at least to perform rule translation. Don’t want someone DoSing the system with an open endpoint that actually does a bit of work. * Fix one place where I was referring to id instead of AccessorID * Add godocs for the API package additions. * Minor updates: removed some extra commas and updated the acl intro paragraph * minor tweaks * Updated the language to be clearer * Updated the language to be clearer for policy page * I was also confused by that! Your updates are much clearer. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Sounds much better. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Updated sidebar layout and deprecated warning
2018-10-31 22:11:51 +00:00
}
```
### Sample Request
update dependencies
2020-05-19 18:32:38 +00:00
```shell-session
docs: Use long form of CLI flags (#12030) Use long form of CLI flags in all example commands. Co-authored-by: mrspanishviking <kcardenas@hashicorp.com> Co-authored-by: David Yu <dyu@hashicorp.com>
2022-01-12 23:05:01 +00:00
$ curl --request PUT \
Adds documentation for the new ACL APIs (#4851) * Update the ACL API docs * Add a CreateTime to the anon token Also require acl:read permissions at least to perform rule translation. Don’t want someone DoSing the system with an open endpoint that actually does a bit of work. * Fix one place where I was referring to id instead of AccessorID * Add godocs for the API package additions. * Minor updates: removed some extra commas and updated the acl intro paragraph * minor tweaks * Updated the language to be clearer * Updated the language to be clearer for policy page * I was also confused by that! Your updates are much clearer. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Sounds much better. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Updated sidebar layout and deprecated warning
2018-10-31 22:11:51 +00:00
--data @payload.json \
http://127.0.0.1:8500/v1/acl/policy/c01a1f82-44be-41b0-a686-685fb6e0f485
```
### Sample Response
```json
{
initial
2020-04-06 20:27:35 +00:00
"ID": "c01a1f82-44be-41b0-a686-685fb6e0f485",
"Name": "register-app-service",
"Description": "Grants write permissions necessary to register the 'app' service",
"Rules": "service \"app\" { policy = \"write\"}",
"Hash": "OtZUUKhInTLEqTPfNSSOYbRiSBKm3c4vI2p6MxZnGWc=",
"CreateIndex": 14,
"ModifyIndex": 28
Adds documentation for the new ACL APIs (#4851) * Update the ACL API docs * Add a CreateTime to the anon token Also require acl:read permissions at least to perform rule translation. Don’t want someone DoSing the system with an open endpoint that actually does a bit of work. * Fix one place where I was referring to id instead of AccessorID * Add godocs for the API package additions. * Minor updates: removed some extra commas and updated the acl intro paragraph * minor tweaks * Updated the language to be clearer * Updated the language to be clearer for policy page * I was also confused by that! Your updates are much clearer. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Sounds much better. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Updated sidebar layout and deprecated warning
2018-10-31 22:11:51 +00:00
}
```
## Delete a Policy
This endpoint deletes an ACL policy.
initial
2020-04-06 20:27:35 +00:00
| Method | Path | Produces |
| -------- | ----------------- | ------------------ |
| `DELETE` | `/acl/policy/:id` | `application/json` |
Adds documentation for the new ACL APIs (#4851) * Update the ACL API docs * Add a CreateTime to the anon token Also require acl:read permissions at least to perform rule translation. Don’t want someone DoSing the system with an open endpoint that actually does a bit of work. * Fix one place where I was referring to id instead of AccessorID * Add godocs for the API package additions. * Minor updates: removed some extra commas and updated the acl intro paragraph * minor tweaks * Updated the language to be clearer * Updated the language to be clearer for policy page * I was also confused by that! Your updates are much clearer. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Sounds much better. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Updated sidebar layout and deprecated warning
2018-10-31 22:11:51 +00:00
Even though the return type is application/json, the value is either true or
false indicating whether the delete succeeded.
The table below shows this endpoint's support for
website: redirect /api to /api-docs (#12660)
2022-03-30 21:16:26 +00:00
[blocking queries](/api-docs/features/blocking),
[consistency modes](/api-docs/features/consistency),
[agent caching](/api-docs/features/caching), and
remove internal /index.html
2020-04-09 23:20:00 +00:00
[required ACLs](/api#authentication).
Adds documentation for the new ACL APIs (#4851) * Update the ACL API docs * Add a CreateTime to the anon token Also require acl:read permissions at least to perform rule translation. Don’t want someone DoSing the system with an open endpoint that actually does a bit of work. * Fix one place where I was referring to id instead of AccessorID * Add godocs for the API package additions. * Minor updates: removed some extra commas and updated the acl intro paragraph * minor tweaks * Updated the language to be clearer * Updated the language to be clearer for policy page * I was also confused by that! Your updates are much clearer. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Sounds much better. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Updated sidebar layout and deprecated warning
2018-10-31 22:11:51 +00:00
| Blocking Queries | Consistency Modes | Agent Caching | ACL Required |
| ---------------- | ----------------- | ------------- | ------------ |
| `NO` | `none` | `none` | `acl:write` |
docs: don't treat CLI cmd cross-ref as info box
2022-01-15 17:29:35 +00:00
The corresponding CLI command is [`consul acl policy delete`](/commands/acl/policy/delete).
Editing links and grammer changes
2022-01-10 19:21:32 +00:00
docs: split HTTP API params into sections by type Path parameters, query parameters, and request body parameters are now shown in separate sections rather than combined into one general parameters section. This makes it much easier to understand quickly where a parameter should be provided.
2022-05-10 15:51:11 +00:00
### Path Parameters
Adds documentation for the new ACL APIs (#4851) * Update the ACL API docs * Add a CreateTime to the anon token Also require acl:read permissions at least to perform rule translation. Don’t want someone DoSing the system with an open endpoint that actually does a bit of work. * Fix one place where I was referring to id instead of AccessorID * Add godocs for the API package additions. * Minor updates: removed some extra commas and updated the acl intro paragraph * minor tweaks * Updated the language to be clearer * Updated the language to be clearer for policy page * I was also confused by that! Your updates are much clearer. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Sounds much better. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Updated sidebar layout and deprecated warning
2018-10-31 22:11:51 +00:00
docs: split HTTP API params into sections by type Path parameters, query parameters, and request body parameters are now shown in separate sections rather than combined into one general parameters section. This makes it much easier to understand quickly where a parameter should be provided.
2022-05-10 15:51:11 +00:00
- `id` `(string: <required>)` - Specifies the UUID of the policy you delete.
docs: fix typos, IDs are UUIDs, /acl/token endpoints manage ACL tokens (#5736)
2020-02-03 08:41:54 +00:00
docs: split HTTP API params into sections by type Path parameters, query parameters, and request body parameters are now shown in separate sections rather than combined into one general parameters section. This makes it much easier to understand quickly where a parameter should be provided.
2022-05-10 15:51:11 +00:00
### Query Parameters
- `ns` `(string: "")` <EnterpriseAlert inline /> - Specifies the namespace of the policy you delete.
You can also [specify the namespace through other methods](#methods-to-specify-namespace).
Adds documentation for the new ACL APIs (#4851) * Update the ACL API docs * Add a CreateTime to the anon token Also require acl:read permissions at least to perform rule translation. Don’t want someone DoSing the system with an open endpoint that actually does a bit of work. * Fix one place where I was referring to id instead of AccessorID * Add godocs for the API package additions. * Minor updates: removed some extra commas and updated the acl intro paragraph * minor tweaks * Updated the language to be clearer * Updated the language to be clearer for policy page * I was also confused by that! Your updates are much clearer. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Sounds much better. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Updated sidebar layout and deprecated warning
2018-10-31 22:11:51 +00:00
### Sample Request
update dependencies
2020-05-19 18:32:38 +00:00
```shell-session
docs: Use long form of CLI flags (#12030) Use long form of CLI flags in all example commands. Co-authored-by: mrspanishviking <kcardenas@hashicorp.com> Co-authored-by: David Yu <dyu@hashicorp.com>
2022-01-12 23:05:01 +00:00
$ curl --request DELETE \
Adds documentation for the new ACL APIs (#4851) * Update the ACL API docs * Add a CreateTime to the anon token Also require acl:read permissions at least to perform rule translation. Don’t want someone DoSing the system with an open endpoint that actually does a bit of work. * Fix one place where I was referring to id instead of AccessorID * Add godocs for the API package additions. * Minor updates: removed some extra commas and updated the acl intro paragraph * minor tweaks * Updated the language to be clearer * Updated the language to be clearer for policy page * I was also confused by that! Your updates are much clearer. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Sounds much better. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Updated sidebar layout and deprecated warning
2018-10-31 22:11:51 +00:00
http://127.0.0.1:8500/v1/acl/policy/8f246b77-f3e1-ff88-5b48-8ec93abf3e05
```
### Sample Response
initial
2020-04-06 20:27:35 +00:00
Adds documentation for the new ACL APIs (#4851) * Update the ACL API docs * Add a CreateTime to the anon token Also require acl:read permissions at least to perform rule translation. Don’t want someone DoSing the system with an open endpoint that actually does a bit of work. * Fix one place where I was referring to id instead of AccessorID * Add godocs for the API package additions. * Minor updates: removed some extra commas and updated the acl intro paragraph * minor tweaks * Updated the language to be clearer * Updated the language to be clearer for policy page * I was also confused by that! Your updates are much clearer. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Sounds much better. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Updated sidebar layout and deprecated warning
2018-10-31 22:11:51 +00:00
```json
true
```
## List Policies
This endpoint lists all the ACL policies.
initial
2020-04-06 20:27:35 +00:00
| Method | Path | Produces |
| ------ | --------------- | ------------------ |
| `GET` | `/acl/policies` | `application/json` |
Adds documentation for the new ACL APIs (#4851) * Update the ACL API docs * Add a CreateTime to the anon token Also require acl:read permissions at least to perform rule translation. Don’t want someone DoSing the system with an open endpoint that actually does a bit of work. * Fix one place where I was referring to id instead of AccessorID * Add godocs for the API package additions. * Minor updates: removed some extra commas and updated the acl intro paragraph * minor tweaks * Updated the language to be clearer * Updated the language to be clearer for policy page * I was also confused by that! Your updates are much clearer. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Sounds much better. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Updated sidebar layout and deprecated warning
2018-10-31 22:11:51 +00:00
The table below shows this endpoint's support for
website: redirect /api to /api-docs (#12660)
2022-03-30 21:16:26 +00:00
[blocking queries](/api-docs/features/blocking),
[consistency modes](/api-docs/features/consistency),
[agent caching](/api-docs/features/caching), and
remove internal /index.html
2020-04-09 23:20:00 +00:00
[required ACLs](/api#authentication).
Adds documentation for the new ACL APIs (#4851) * Update the ACL API docs * Add a CreateTime to the anon token Also require acl:read permissions at least to perform rule translation. Don’t want someone DoSing the system with an open endpoint that actually does a bit of work. * Fix one place where I was referring to id instead of AccessorID * Add godocs for the API package additions. * Minor updates: removed some extra commas and updated the acl intro paragraph * minor tweaks * Updated the language to be clearer * Updated the language to be clearer for policy page * I was also confused by that! Your updates are much clearer. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Sounds much better. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Updated sidebar layout and deprecated warning
2018-10-31 22:11:51 +00:00
| Blocking Queries | Consistency Modes | Agent Caching | ACL Required |
| ---------------- | ----------------- | ------------- | ------------ |
| `YES` | `all` | `none` | `acl:read` |
docs: don't treat CLI cmd cross-ref as info box
2022-01-15 17:29:35 +00:00
The corresponding CLI command is [`consul acl policy list`](/commands/acl/policy/list).
Editing links and grammer changes
2022-01-10 19:21:32 +00:00
docs: split HTTP API params into sections by type Path parameters, query parameters, and request body parameters are now shown in separate sections rather than combined into one general parameters section. This makes it much easier to understand quickly where a parameter should be provided.
2022-05-10 15:51:11 +00:00
### Query Parameters
Add Namespace support to the API module and the CLI commands (#6874) Also update the Docs and fixup the HTTP API to return proper errors when someone attempts to use Namespaces with an OSS agent. Add Namespace HTTP API docs Make all API endpoints disallow unknown fields
2019-12-06 16:14:56 +00:00
docs: split HTTP API params into sections by type Path parameters, query parameters, and request body parameters are now shown in separate sections rather than combined into one general parameters section. This makes it much easier to understand quickly where a parameter should be provided.
2022-05-10 15:51:11 +00:00
- `ns` `(string: "")` <EnterpriseAlert inline /> - Return only the auth methods in the specified namespace.
The namespace may be specified as '\*' to return results for all namespaces.
You can also [specify the namespace through other methods](#methods-to-specify-namespace).
Add Namespace support to the API module and the CLI commands (#6874) Also update the Docs and fixup the HTTP API to return proper errors when someone attempts to use Namespaces with an OSS agent. Add Namespace HTTP API docs Make all API endpoints disallow unknown fields
2019-12-06 16:14:56 +00:00
Adds documentation for the new ACL APIs (#4851) * Update the ACL API docs * Add a CreateTime to the anon token Also require acl:read permissions at least to perform rule translation. Don’t want someone DoSing the system with an open endpoint that actually does a bit of work. * Fix one place where I was referring to id instead of AccessorID * Add godocs for the API package additions. * Minor updates: removed some extra commas and updated the acl intro paragraph * minor tweaks * Updated the language to be clearer * Updated the language to be clearer for policy page * I was also confused by that! Your updates are much clearer. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Sounds much better. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Updated sidebar layout and deprecated warning
2018-10-31 22:11:51 +00:00
## Sample Request
update dependencies
2020-05-19 18:32:38 +00:00
```shell-session
docs: Use long form of CLI flags (#12030) Use long form of CLI flags in all example commands. Co-authored-by: mrspanishviking <kcardenas@hashicorp.com> Co-authored-by: David Yu <dyu@hashicorp.com>
2022-01-12 23:05:01 +00:00
$ curl --request GET http://127.0.0.1:8500/v1/acl/policies
Adds documentation for the new ACL APIs (#4851) * Update the ACL API docs * Add a CreateTime to the anon token Also require acl:read permissions at least to perform rule translation. Don’t want someone DoSing the system with an open endpoint that actually does a bit of work. * Fix one place where I was referring to id instead of AccessorID * Add godocs for the API package additions. * Minor updates: removed some extra commas and updated the acl intro paragraph * minor tweaks * Updated the language to be clearer * Updated the language to be clearer for policy page * I was also confused by that! Your updates are much clearer. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Sounds much better. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Updated sidebar layout and deprecated warning
2018-10-31 22:11:51 +00:00
```
### Sample Response
-> **Note** - The policies rules are not included in the listing and must be
initial
2020-04-06 20:27:35 +00:00
retrieved by the [policy reading endpoint](#read-a-policy)
Adds documentation for the new ACL APIs (#4851) * Update the ACL API docs * Add a CreateTime to the anon token Also require acl:read permissions at least to perform rule translation. Don’t want someone DoSing the system with an open endpoint that actually does a bit of work. * Fix one place where I was referring to id instead of AccessorID * Add godocs for the API package additions. * Minor updates: removed some extra commas and updated the acl intro paragraph * minor tweaks * Updated the language to be clearer * Updated the language to be clearer for policy page * I was also confused by that! Your updates are much clearer. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Sounds much better. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Updated sidebar layout and deprecated warning
2018-10-31 22:11:51 +00:00
```json
[
initial
2020-04-06 20:27:35 +00:00
{
"CreateIndex": 4,
"Datacenters": null,
"Description": "Builtin Policy that grants unlimited access",
"Hash": "swIQt6up+s0cV4kePfJ2aRdKCLaQyykF4Hl1Nfdeumk=",
"ID": "00000000-0000-0000-0000-000000000001",
"ModifyIndex": 4,
"Name": "global-management"
},
{
"CreateIndex": 14,
"Datacenters": ["dc1"],
"Description": "Grants read access to all node information",
"Hash": "OtZUUKhInTLEqTPfNSSOYbRiSBKm3c4vI2p6MxZnGWc=",
"ID": "e359bd81-baca-903e-7e64-1ccd9fdc78f5",
"ModifyIndex": 14,
"Name": "node-read"
}
Adds documentation for the new ACL APIs (#4851) * Update the ACL API docs * Add a CreateTime to the anon token Also require acl:read permissions at least to perform rule translation. Don’t want someone DoSing the system with an open endpoint that actually does a bit of work. * Fix one place where I was referring to id instead of AccessorID * Add godocs for the API package additions. * Minor updates: removed some extra commas and updated the acl intro paragraph * minor tweaks * Updated the language to be clearer * Updated the language to be clearer for policy page * I was also confused by that! Your updates are much clearer. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Sounds much better. Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Updated sidebar layout and deprecated warning
2018-10-31 22:11:51 +00:00
]
```
docs: split HTTP API params into sections by type Path parameters, query parameters, and request body parameters are now shown in separate sections rather than combined into one general parameters section. This makes it much easier to understand quickly where a parameter should be provided.
2022-05-10 15:51:11 +00:00
## Methods to Specify Namespace <EnterpriseAlert inline />
ACL policy endpoints
support several methods for specifying the namespace of the ACL policy resources
with the following order of precedence:
1. `Namespace` field of the JSON request body -
only applies to [create](#create-a-policy) and [update](#update-a-policy) endpoints
1. `ns` query parameter
1. `X-Consul-Namespace` request header
1. Namespace is inherited from the namespace of the request's ACL token (if any)
1. The `default` namespace