Added some missing ACL info, updated details around some permissions, added missing HTTP API refs

website/content/commands/acl/policy/read.mdx

@@ -7,7 +7,7 @@ page_title: 'Commands: ACL Policy Read'
 
 Command: `consul acl policy read`
 
-Corresponding HTTP API Endpoint: [\[GET\] /v1/acl/policy/:id](/api-docs/acl/policies#read-a-policy)
+Corresponding HTTP API Endpoints: [\[GET\] /v1/acl/policy/:id](/api-docs/acl/policies#read-a-policy), [\[GET\] /v1/acl/policy/name/:name](/api-docs/acl/policies#read-a-policy-by-name)
 
 The `acl policy read` command reads and displays a policies details.
 

website/content/commands/config/delete.mdx

@@ -17,9 +17,22 @@ The table below shows this command's [required ACLs](/api#authentication). Confi
 [blocking queries](/api/features/blocking) and [agent caching](/api/features/caching)
 are not supported from commands, but may be from the corresponding HTTP endpoint.
 
-| ACL Required                        |
-| ----------------------------------- |
-| `service:write` or `operator:write` |
+| ACL Required<sup>1</sup>                                      |
+| ------------------------------------------------------------- |
+| `service:write`<br />`operator:write`<br />`intentions:write` |
+
+<sup>1</sup> The ACL required depends on the config entry kind being deleted:
+
+| Config Entry Kind   | Required ACL       |
+| ------------------- | ------------------ |
+| ingress-gateway     | `operator:write`   |
+| proxy-defaults      | `operator:write`   |
+| service-defaults    | `service:write`    |
+| service-intentions  | `intentions:write` |
+| service-resolver    | `service:write`    |
+| service-router      | `service:write`    |
+| service-splitter    | `service:write`    |
+| terminating-gateway | `operator:write `  |
 
 ## Usage
 

website/content/commands/config/list.mdx

@@ -17,9 +17,22 @@ The table below shows this command's [required ACLs](/api#authentication). Confi
 [blocking queries](/api/features/blocking) and [agent caching](/api/features/caching)
 are not supported from commands, but may be from the corresponding HTTP endpoint.
 
-| ACL Required   |
-| -------------- |
-| `service:read` |
+| ACL Required<sup>1</sup>              |
+| ------------------------------------- |
+| `service:read`<br />`intentions:read` |
+
+<sup>1</sup> The ACL required depends on the config entry kind being read:
+
+| Config Entry Kind   | Required ACL      |
+| ------------------- | ----------------- |
+| ingress-gateway     | `service:read`    |
+| proxy-defaults      | `<none>`          |
+| service-defaults    | `service:read`    |
+| service-intentions  | `intentions:read` |
+| service-resolver    | `service:read`    |
+| service-router      | `service:read`    |
+| service-splitter    | `service:read`    |
+| terminating-gateway | `service:read`    |
 
 ## Usage
 

website/content/commands/config/read.mdx

@@ -18,9 +18,22 @@ The table below shows this command's [required ACLs](/api#authentication). Confi
 [blocking queries](/api/features/blocking) and [agent caching](/api/features/caching)
 are not supported from commands, but may be from the corresponding HTTP endpoint.
 
-| ACL Required   |
-| -------------- |
-| `service:read` |
+| ACL Required<sup>1</sup>              |
+| ------------------------------------- |
+| `service:read`<br />`intentions:read` |
+
+<sup>1</sup> The ACL required depends on the config entry kind being read:
+
+| Config Entry Kind   | Required ACL      |
+| ------------------- | ----------------- |
+| ingress-gateway     | `service:read`    |
+| proxy-defaults      | `<none>`          |
+| service-defaults    | `service:read`    |
+| service-intentions  | `intentions:read` |
+| service-resolver    | `service:read`    |
+| service-router      | `service:read`    |
+| service-splitter    | `service:read`    |
+| terminating-gateway | `service:read`    |
 
 ## Usage
 

website/content/commands/config/write.mdx

@@ -17,9 +17,25 @@ The table below shows this command's [required ACLs](/api#authentication). Confi
 [blocking queries](/api/features/blocking) and [agent caching](/api/features/caching)
 are not supported from commands, but may be from the corresponding HTTP endpoint.
 
-| ACL Required                        |
-| ----------------------------------- |
-| `service:write` or `operator:write` |
+| ACL Required<sup>1</sup>                                      |
+| ------------------------------------------------------------- |
+| `service:write`<br />`operator:write`<br />`intentions:write` |
+
+<p>
+  <sup>1</sup> The actual ACL required depends on the config entry kind being
+  updated:
+</p>
+
+| Config Entry Kind   | Required ACL       |
+| ------------------- | ------------------ |
+| ingress-gateway     | `operator:write`   |
+| proxy-defaults      | `operator:write`   |
+| service-defaults    | `service:write`    |
+| service-intentions  | `intentions:write` |
+| service-resolver    | `service:write`    |
+| service-router      | `service:write`    |
+| service-splitter    | `service:write`    |
+| terminating-gateway | `operator:write`   |
 
 ## Usage
 

website/content/commands/intention/check.mdx

@@ -23,6 +23,23 @@ intention read permissions and don't evaluate the result.
 defined as _deny_ intentions during evaluation, as this endpoint is only suited
 for networking layer 4 (e.g. TCP) integration.
 
+The table below shows this command's [required ACLs](/api#authentication). Configuration of
+[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching)
+are not supported from commands, but may be from the corresponding HTTP endpoint.
+
+| ACL Required                  |
+| ----------------------------- |
+| `intentions:read`<sup>1</sup> |
+
+<p>
+  <sup>1</sup> Intention ACL rules are specified as part of a{' '}
+  <code>service</code> rule. See{' '}
+  <a href="/docs/connect/intentions#intention-management-permissions">
+    Intention Management Permissions
+  </a>{' '}
+  for more details.
+</p>
+
 ## Usage
 
 Usage: `consul intention check [options] SRC DST`

website/content/commands/intention/create.mdx

@@ -21,9 +21,18 @@ The table below shows this command's [required ACLs](/api#authentication). Confi
 [blocking queries](/api/features/blocking) and [agent caching](/api/features/caching)
 are not supported from commands, but may be from the corresponding HTTP endpoint.
 
-| ACL Required       |
-| ------------------ |
-| `intentions:write` |
+| ACL Required                   |
+| ------------------------------ |
+| `intentions:write`<sup>1</sup> |
+
+<p>
+  <sup>1</sup> Intention ACL rules are specified as part of a{' '}
+  <code>service</code> rule. See{' '}
+  <a href="/docs/connect/intentions#intention-management-permissions">
+    Intention Management Permissions
+  </a>{' '}
+  for more details.
+</p>
 
 ## Usage
 

website/content/commands/intention/delete.mdx

@@ -7,7 +7,7 @@ page_title: 'Commands: Intention Delete'
 
 Command: `consul intention delete`
 
-Corresponding HTTP API Endpoint: [\[DELETE\] /v1/connect/intentions/exact](/api-docs/connect/intentions#delete-intention-by-name)
+Corresponding HTTP API Endpoints: [\[DELETE\] /v1/connect/intentions/exact](/api-docs/connect/intentions#delete-intention-by-name), [\[DELETE\] /v1/connect/intentions/:uuid](/api-docs/connect/intentions#delete-intention-by-id)
 
 The `intention delete` command deletes a matching intention.
 
@@ -15,9 +15,18 @@ The table below shows this command's [required ACLs](/api#authentication). Confi
 [blocking queries](/api/features/blocking) and [agent caching](/api/features/caching)
 are not supported from commands, but may be from the corresponding HTTP endpoint.
 
-| ACL Required       |
-| ------------------ |
-| `intentions:write` |
+| ACL Required                   |
+| ------------------------------ |
+| `intentions:write`<sup>1</sup> |
+
+<p>
+  <sup>1</sup> Intention ACL rules are specified as part of a{' '}
+  <code>service</code> rule. See{' '}
+  <a href="/docs/connect/intentions#intention-management-permissions">
+    Intention Management Permissions
+  </a>{' '}
+  for more details.
+</p>
 
 -> **Deprecated** - The one argument form of this command is deprecated in
 Consul 1.9.0. Intentions no longer need IDs when represented as

website/content/commands/intention/get.mdx

@@ -7,7 +7,7 @@ page_title: 'Commands: Intention Get'
 
 Command: `consul intention get`
 
-Corresponding HTTP API Endpoint: [\[GET\] /v1/connect/intentions/exact](/api-docs/connect/intentions##read-specific-intention-by-name)
+Corresponding HTTP API Endpoints: [\[GET\] /v1/connect/intentions/exact](/api-docs/connect/intentions#read-specific-intention-by-name), [\[GET\] /v1/connect/intentions/:uuid](/api-docs/connect/intentions#read-specific-intention-by-id)
 
 The `intention get` command shows a single intention.
 
@@ -20,9 +20,18 @@ The table below shows this command's [required ACLs](/api#authentication). Confi
 [blocking queries](/api/features/blocking) and [agent caching](/api/features/caching)
 are not supported from commands, but may be from the corresponding HTTP endpoint.
 
-| ACL Required      |
-| ----------------- |
-| `intentions:read` |
+| ACL Required                  |
+| ----------------------------- |
+| `intentions:read`<sup>1</sup> |
+
+<p>
+  <sup>1</sup> Intention ACL rules are specified as part of a{' '}
+  <code>service</code> rule. See{' '}
+  <a href="/docs/connect/intentions#intention-management-permissions">
+    Intention Management Permissions
+  </a>{' '}
+  for more details.
+</p>
 
 ## Usage
 

website/content/commands/intention/list.mdx

@@ -11,6 +11,23 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/connect/intentions](/api-docs/conn
 
 The `intention list` command shows all intentions including ID and precedence.
 
+The table below shows this command's [required ACLs](/api#authentication). Configuration of
+[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching)
+are not supported from commands, but may be from the corresponding HTTP endpoint.
+
+| ACL Required                  |
+| ----------------------------- |
+| `intentions:read`<sup>1</sup> |
+
+<p>
+  <sup>1</sup> Intention ACL rules are specified as part of a{' '}
+  <code>service</code> rule. See{' '}
+  <a href="/docs/connect/intentions#intention-management-permissions">
+    Intention Management Permissions
+  </a>{' '}
+  for more details.
+</p>
+
 ## Usage
 
 Usage:

website/content/commands/intention/match.mdx

@@ -20,9 +20,18 @@ The table below shows this command's [required ACLs](/api#authentication). Confi
 [blocking queries](/api/features/blocking) and [agent caching](/api/features/caching)
 are not supported from commands, but may be from the corresponding HTTP endpoint.
 
-| ACL Required      |
-| ----------------- |
-| `intentions:read` |
+| ACL Required                  |
+| ----------------------------- |
+| `intentions:read`<sup>1</sup> |
+
+<p>
+  <sup>1</sup> Intention ACL rules are specified as part of a{' '}
+  <code>service</code> rule. See{' '}
+  <a href="/docs/connect/intentions#intention-management-permissions">
+    Intention Management Permissions
+  </a>{' '}
+  for more details.
+</p>
 
 ## Usage
 

website/content/commands/keyring.mdx

@@ -29,6 +29,19 @@ All variations of the `keyring` command return 0 if all nodes reply and there
 are no errors. If any node fails to reply or reports failure, the exit code
 will be 1.
 
+The table below shows this command's [required ACLs](/api#authentication). Configuration of
+[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching)
+are not supported from commands, but may be from the corresponding HTTP endpoint.
+
+| ACL Required<sup>1</sup>            |
+| ----------------------------------- |
+| `keyring:read`<br />`keyring:write` |
+
+<p>
+  <sup>1</sup> The actual ACL required depends on the flags being used in the
+  command.
+</p>
+
 ## Usage
 
 Usage: `consul keyring [options]`

website/content/commands/kv/export.mdx

@@ -12,6 +12,14 @@ prefix from Consul's KV store, and write a JSON representation to
 stdout. This can be used with the command "consul kv import" to move entire
 trees between Consul clusters.
 
+The table below shows this command's [required ACLs](/api#authentication). Configuration of
+[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching)
+are not supported from commands, but may be from the corresponding HTTP endpoint.
+
+| ACL Required |
+| ------------ |
+| `key:read`   |
+
 ## Usage
 
 Usage: `consul kv export [options] [PREFIX]`

website/content/commands/kv/import.mdx

@@ -10,6 +10,14 @@ Command: `consul kv import`
 The `kv import` command is used to import KV pairs from the JSON representation
 generated by the `kv export` command.
 
+The table below shows this command's [required ACLs](/api#authentication). Configuration of
+[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching)
+are not supported from commands, but may be from the corresponding HTTP endpoint.
+
+| ACL Required |
+| ------------ |
+| `key:write`  |
+
 ## Usage
 
 Usage: `consul kv import [options] [DATA]`

website/content/commands/namespace/list.mdx

@@ -20,9 +20,12 @@ The table below shows this command's [required ACLs](/api#authentication). Confi
 [blocking queries](/api/features/blocking) and [agent caching](/api/features/caching)
 are not supported from commands, but may be from the corresponding HTTP endpoint.
 
-| ACL Required                          |
-| ------------------------------------- |
-| `operator:read` or `namespace:* read` |
+| ACL Required                                      |
+| ------------------------------------------------- |
+| `operator:read` or `namespace:*:read`<sup>1</sup> |
+
+<sup>1</sup> Access can be granted to list the Namespace if the token used when making
+the request has been granted any access in the namespace (read, list or write).
 
 ## Usage
 

website/content/commands/namespace/read.mdx

@@ -19,9 +19,12 @@ The table below shows this command's [required ACLs](/api#authentication). Confi
 [blocking queries](/api/features/blocking) and [agent caching](/api/features/caching)
 are not supported from commands, but may be from the corresponding HTTP endpoint.
 
-| ACL Required                          |
-| ------------------------------------- |
-| `operator:read` or `namespace:* read` |
+| ACL Required                                      |
+| ------------------------------------------------- |
+| `operator:read` or `namespace:*:read`<sup>1</sup> |
+
+<sup>1</sup> Access can be granted to list the Namespace if the token used when making
+the request has been granted any access in the namespace (read, list or write).
 
 ## Usage
 

website/content/commands/namespace/write.mdx

@@ -13,6 +13,14 @@ Corresponding HTTP API Endpoint: [\[PUT\] /v1/namespace/:name](/api-docs/namespa
 
 This `namespace write` command creates or updates a namespace's configuration from its full definition. This was added in Consul Enterprise 1.7.0.
 
+The table below shows this command's [required ACLs](/api#authentication). Configuration of
+[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching)
+are not supported from commands, but may be from the corresponding HTTP endpoint.
+
+| ACL Required     |
+| ---------------- |
+| `operator:write` |
+
 ## Usage
 
 Usage: `consul namespace write <namespace definition>`

website/content/commands/rtt.mdx

@@ -21,9 +21,13 @@ The table below shows this command's [required ACLs](/api#authentication). Confi
 [blocking queries](/api/features/blocking) and [agent caching](/api/features/caching)
 are not supported from commands, but may be from the corresponding HTTP endpoint.
 
-| ACL Required |
-| ------------ |
-| `node:read`  |
+| ACL Required            |
+| ----------------------- |
+| `node:read`<sup>1</sup> |
+
+<p>
+  <sup>1</sup> When referencing WAN coordinates, no ACL permission is needed.
+</p>
 
 ## Usage