2019-05-01 21:11:23 +00:00
|
|
|
---
|
2020-04-07 18:55:19 +00:00
|
|
|
layout: docs
|
|
|
|
page_title: 'Commands: ACL Auth Method Create'
|
2020-04-13 18:40:26 +00:00
|
|
|
sidebar_title: create
|
2019-05-01 21:11:23 +00:00
|
|
|
---
|
|
|
|
|
|
|
|
# Consul ACL Auth Method Create
|
|
|
|
|
|
|
|
Command: `consul acl auth-method create`
|
|
|
|
|
|
|
|
The `acl auth-method create` command creates new auth methods.
|
|
|
|
|
|
|
|
## Usage
|
|
|
|
|
|
|
|
Usage: `consul acl auth-method create [options] [args]`
|
|
|
|
|
|
|
|
#### API Options
|
|
|
|
|
2020-04-07 18:55:19 +00:00
|
|
|
@include 'http_api_options_client.mdx'
|
2020-04-07 23:56:08 +00:00
|
|
|
|
2020-04-07 18:55:19 +00:00
|
|
|
@include 'http_api_options_server.mdx'
|
2019-05-01 21:11:23 +00:00
|
|
|
|
|
|
|
#### Command Options
|
|
|
|
|
2020-04-07 18:55:19 +00:00
|
|
|
- `-description=<string>` - A description of the auth method.
|
2019-05-01 21:11:23 +00:00
|
|
|
|
2020-04-07 18:55:19 +00:00
|
|
|
- `-meta` - Indicates that auth method metadata such as the raft indices should
|
2019-05-01 21:11:23 +00:00
|
|
|
be shown for each entry.
|
|
|
|
|
2020-04-07 18:55:19 +00:00
|
|
|
- `-name=<string>` - The new auth method's name. This flag is required.
|
2019-05-01 21:11:23 +00:00
|
|
|
|
2020-04-07 18:55:19 +00:00
|
|
|
- `-type=<string>` - The new auth method's type. This flag is required.
|
2019-05-01 21:11:23 +00:00
|
|
|
|
2020-04-07 18:55:19 +00:00
|
|
|
- `-kubernetes-ca-cert=<string>` - PEM encoded CA cert for use by the TLS
|
2019-05-01 21:11:23 +00:00
|
|
|
client used to talk with the Kubernetes API. May be prefixed with '@' to
|
|
|
|
indicate that the value is a file path to load the cert from. This flag is
|
|
|
|
required for `-type=kubernetes`.
|
|
|
|
|
2020-04-07 18:55:19 +00:00
|
|
|
- `-kubernetes-host=<string>` - Address of the Kubernetes API server. This flag
|
2019-05-01 21:11:23 +00:00
|
|
|
is required for `-type=kubernetes`.
|
|
|
|
|
2020-04-07 18:55:19 +00:00
|
|
|
- `-kubernetes-service-account-jwt=<string>` - A Kubernetes service account JWT
|
2019-05-01 21:11:23 +00:00
|
|
|
used to access the TokenReview API to validate other JWTs during login. This
|
|
|
|
flag is required for `-type=kubernetes`.
|
|
|
|
|
2020-04-07 18:55:19 +00:00
|
|
|
- `-format={pretty|json}` - Command output format. The default value is `pretty`.
|
2020-03-26 16:03:22 +00:00
|
|
|
|
2019-12-06 16:14:56 +00:00
|
|
|
#### Enterprise Options
|
|
|
|
|
2020-04-07 18:55:19 +00:00
|
|
|
@include 'http_api_namespace_options.mdx'
|
2019-12-06 16:14:56 +00:00
|
|
|
|
2019-05-01 21:11:23 +00:00
|
|
|
## Examples
|
|
|
|
|
|
|
|
Create a new Kubernetes auth method:
|
|
|
|
|
2020-04-07 23:56:08 +00:00
|
|
|
```shell
|
2019-05-01 21:11:23 +00:00
|
|
|
$ consul acl auth-method create -name minikube -type kubernetes \
|
|
|
|
-description 'minikube auth method' \
|
|
|
|
-kubernetes-host 'https://192.0.2.42:8443' \
|
|
|
|
-kubernetes-ca-cert '@minikube-ca.crt' \
|
|
|
|
-kubernetes-service-account-jwt 'eyJhbGciOiJSUzI1NiIsImtpZCI...'
|
|
|
|
Name: minikube
|
|
|
|
Type: kubernetes
|
|
|
|
Description: minikube auth method
|
|
|
|
Config:
|
|
|
|
{
|
|
|
|
"CACert": "-----BEGIN CERTIFICATE-----\n...-----END CERTIFICATE-----\n",
|
|
|
|
"Host": "https://192.0.2.42:8443",
|
|
|
|
"ServiceAccountJWT": "eyJhbGciOiJSUzI1NiIsImtpZCI..."
|
|
|
|
}
|
|
|
|
```
|