From dcdaefcf79b8cab3eee841c45bb15dab92326b15 Mon Sep 17 00:00:00 2001 From: Matt Siegel Date: Mon, 10 Jan 2022 16:44:56 -0500 Subject: [PATCH] Added ACL requirements for CLI commands --- .../commands/acl/auth-method/create.mdx | 8 ++++ .../commands/acl/auth-method/delete.mdx | 8 ++++ .../content/commands/acl/auth-method/list.mdx | 8 ++++ .../content/commands/acl/auth-method/read.mdx | 8 ++++ .../commands/acl/auth-method/update.mdx | 8 ++++ .../commands/acl/binding-rule/create.mdx | 8 ++++ .../commands/acl/binding-rule/delete.mdx | 8 ++++ .../commands/acl/binding-rule/list.mdx | 8 ++++ .../commands/acl/binding-rule/read.mdx | 8 ++++ .../commands/acl/binding-rule/update.mdx | 8 ++++ website/content/commands/acl/bootstrap.mdx | 8 +++- .../content/commands/acl/policy/create.mdx | 8 ++++ .../content/commands/acl/policy/delete.mdx | 8 ++++ website/content/commands/acl/policy/list.mdx | 8 ++++ website/content/commands/acl/policy/read.mdx | 8 ++++ .../content/commands/acl/policy/update.mdx | 8 ++++ website/content/commands/acl/role/create.mdx | 8 ++++ website/content/commands/acl/role/delete.mdx | 8 ++++ website/content/commands/acl/role/list.mdx | 8 ++++ website/content/commands/acl/role/read.mdx | 8 ++++ website/content/commands/acl/role/update.mdx | 8 ++++ .../content/commands/acl/set-agent-token.mdx | 8 ++++ website/content/commands/acl/token/clone.mdx | 8 ++++ website/content/commands/acl/token/create.mdx | 8 ++++ website/content/commands/acl/token/delete.mdx | 8 ++++ website/content/commands/acl/token/list.mdx | 8 ++++ website/content/commands/acl/token/read.mdx | 8 ++++ website/content/commands/acl/token/update.mdx | 8 ++++ .../content/commands/acl/translate-rules.mdx | 8 ++++ .../content/commands/catalog/datacenters.mdx | 8 ++++ website/content/commands/catalog/nodes.mdx | 8 ++++ website/content/commands/catalog/services.mdx | 8 ++++ website/content/commands/config/delete.mdx | 8 ++++ website/content/commands/config/list.mdx | 8 ++++ website/content/commands/config/read.mdx | 8 ++++ website/content/commands/config/write.mdx | 8 ++++ website/content/commands/connect/ca.mdx | 16 +++++++ website/content/commands/event.mdx | 8 ++++ website/content/commands/force-leave.mdx | 8 ++++ website/content/commands/intention/create.mdx | 8 ++++ website/content/commands/intention/delete.mdx | 8 ++++ website/content/commands/intention/get.mdx | 8 ++++ website/content/commands/intention/match.mdx | 8 ++++ website/content/commands/join.mdx | 8 ++++ website/content/commands/kv/delete.mdx | 8 ++++ website/content/commands/kv/get.mdx | 8 ++++ website/content/commands/kv/put.mdx | 8 ++++ website/content/commands/leave.mdx | 8 ++++ website/content/commands/license.mdx | 24 ++++++++++ website/content/commands/login.mdx | 8 ++++ website/content/commands/logout.mdx | 8 ++++ website/content/commands/maint.mdx | 8 ++++ website/content/commands/members.mdx | 8 ++++ website/content/commands/namespace/create.mdx | 8 ++++ website/content/commands/namespace/delete.mdx | 8 ++++ website/content/commands/namespace/list.mdx | 8 ++++ website/content/commands/namespace/read.mdx | 8 ++++ website/content/commands/namespace/update.mdx | 8 ++++ website/content/commands/operator/area.mdx | 48 +++++++++++++++++++ .../content/commands/operator/autopilot.mdx | 24 ++++++++++ website/content/commands/operator/raft.mdx | 16 +++++++ website/content/commands/reload.mdx | 8 ++++ website/content/commands/rtt.mdx | 8 ++++ .../content/commands/services/deregister.mdx | 8 ++++ .../content/commands/services/register.mdx | 8 ++++ website/content/commands/snapshot/restore.mdx | 9 +++- website/content/commands/snapshot/save.mdx | 8 ++++ 67 files changed, 622 insertions(+), 3 deletions(-) diff --git a/website/content/commands/acl/auth-method/create.mdx b/website/content/commands/acl/auth-method/create.mdx index a76c83043..187f0fbd9 100644 --- a/website/content/commands/acl/auth-method/create.mdx +++ b/website/content/commands/acl/auth-method/create.mdx @@ -11,6 +11,14 @@ Corresponding HTTP API Endpoint: [\[PUT\] /v1/acl/auth-method](https://www.consu The `acl auth-method create` command creates new auth methods. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------ | +| `acl:write` | + ## Usage Usage: `consul acl auth-method create [options] [args]` diff --git a/website/content/commands/acl/auth-method/delete.mdx b/website/content/commands/acl/auth-method/delete.mdx index 57e07b030..6394fe6af 100644 --- a/website/content/commands/acl/auth-method/delete.mdx +++ b/website/content/commands/acl/auth-method/delete.mdx @@ -11,6 +11,14 @@ Corresponding HTTP API Endpoint: [\[DELETE\] /v1/acl/auth-method/:name](https:// The `acl auth-method delete` command deletes an auth method. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------ | +| `acl:write` | + ## Usage Usage: `consul acl auth-method delete [options]` diff --git a/website/content/commands/acl/auth-method/list.mdx b/website/content/commands/acl/auth-method/list.mdx index 5f3b62da2..2217155f6 100644 --- a/website/content/commands/acl/auth-method/list.mdx +++ b/website/content/commands/acl/auth-method/list.mdx @@ -11,6 +11,14 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/acl/auth-methods](https://www.cons The `acl auth-method list` command lists all auth methods. By default it will not show metadata. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------ | +| `acl:read` | + ## Usage Usage: `consul acl auth-method list` diff --git a/website/content/commands/acl/auth-method/read.mdx b/website/content/commands/acl/auth-method/read.mdx index 2568a82cf..805524ed0 100644 --- a/website/content/commands/acl/auth-method/read.mdx +++ b/website/content/commands/acl/auth-method/read.mdx @@ -11,6 +11,14 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/acl/auth-method/:name](https://www The `acl auth-method read` command reads and displays an auth method's details. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------ | +| `acl:read` | + ## Usage Usage: `consul acl auth-method read [options] [args]` diff --git a/website/content/commands/acl/auth-method/update.mdx b/website/content/commands/acl/auth-method/update.mdx index 86536a550..2e455a724 100644 --- a/website/content/commands/acl/auth-method/update.mdx +++ b/website/content/commands/acl/auth-method/update.mdx @@ -14,6 +14,14 @@ default operations is to merge the current auth method with those values provided to the command invocation. Therefore to update just one field, only the `-name` options and the option to modify must be provided. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------ | +| `acl:write` | + ## Usage Usage: `consul acl auth-method update [options] [args]` diff --git a/website/content/commands/acl/binding-rule/create.mdx b/website/content/commands/acl/binding-rule/create.mdx index a7e4d1a57..681576483 100644 --- a/website/content/commands/acl/binding-rule/create.mdx +++ b/website/content/commands/acl/binding-rule/create.mdx @@ -11,6 +11,14 @@ Corresponding HTTP API Endpoint: [\[PUT\] /v1/acl/binding-rule](https://www.cons The `acl binding-rule create` command creates new binding rules. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------ | +| `acl:write` | + ## Usage Usage: `consul acl binding-rule create [options] [args]` diff --git a/website/content/commands/acl/binding-rule/delete.mdx b/website/content/commands/acl/binding-rule/delete.mdx index beb39313b..fc7b599b3 100644 --- a/website/content/commands/acl/binding-rule/delete.mdx +++ b/website/content/commands/acl/binding-rule/delete.mdx @@ -11,6 +11,14 @@ Corresponding HTTP API Endpoint: [\[DELETE\] /v1/acl/binding-rule/:id](https://w The `acl binding-rule delete` command deletes a binding rule. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------ | +| `acl:write` | + ## Usage Usage: `consul acl binding-rule delete [options]` diff --git a/website/content/commands/acl/binding-rule/list.mdx b/website/content/commands/acl/binding-rule/list.mdx index 8517f5ecc..b80774a95 100644 --- a/website/content/commands/acl/binding-rule/list.mdx +++ b/website/content/commands/acl/binding-rule/list.mdx @@ -11,6 +11,14 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/acl/binding-rules](https://www.con The `acl binding-rule list` command lists all binding rules. By default it will not show metadata. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------ | +| `acl:read` | + ## Usage Usage: `consul acl binding-rule list` diff --git a/website/content/commands/acl/binding-rule/read.mdx b/website/content/commands/acl/binding-rule/read.mdx index 0a801efbe..3e2e8db17 100644 --- a/website/content/commands/acl/binding-rule/read.mdx +++ b/website/content/commands/acl/binding-rule/read.mdx @@ -11,6 +11,14 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/acl/binding-rule/:id](https://www. The `acl binding-rule read` command reads and displays a binding rules details. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------ | +| `acl:read` | + ## Usage Usage: `consul acl binding-rule read [options] [args]` diff --git a/website/content/commands/acl/binding-rule/update.mdx b/website/content/commands/acl/binding-rule/update.mdx index 742d5fe14..dd0d150c1 100644 --- a/website/content/commands/acl/binding-rule/update.mdx +++ b/website/content/commands/acl/binding-rule/update.mdx @@ -14,6 +14,14 @@ default operations is to merge the current binding rule with those values provided to the command invocation. Therefore to update just one field, only the `-id` option and the option to modify must be provided. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------ | +| `acl:write` | + ## Usage Usage: `consul acl binding-rule update [options] [args]` diff --git a/website/content/commands/acl/bootstrap.mdx b/website/content/commands/acl/bootstrap.mdx index f3a67ede8..3e7aa4707 100644 --- a/website/content/commands/acl/bootstrap.mdx +++ b/website/content/commands/acl/bootstrap.mdx @@ -14,7 +14,13 @@ for management purposes and output its details. This can only be done once and a will be disabled. If all tokens are lost and you need to bootstrap again you can follow the bootstrap [reset procedure](https://learn.hashicorp.com/consul/security-networking/acl-troubleshooting?utm_source=consul.io&utm_medium=docs#reset-the-acl-system). -The ACL system can also be bootstrapped via the [HTTP API](/api/acl/acl#bootstrap-acls). +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------ | +| `none` | ## Usage diff --git a/website/content/commands/acl/policy/create.mdx b/website/content/commands/acl/policy/create.mdx index f99d58c83..414b0fcdc 100644 --- a/website/content/commands/acl/policy/create.mdx +++ b/website/content/commands/acl/policy/create.mdx @@ -19,6 +19,14 @@ from stdin, a file or the raw value. To use stdin pass `-` as the value. To load the value from a file prefix the value with an `@`. Any other values will be used directly. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------ | +| `acl:write` | + -> **Deprecated:** The `-from-token` and `-token-secret` arguments exist only as a convenience to make legacy ACL migration easier. These will be removed in a future major release when support for the legacy ACL system is removed. diff --git a/website/content/commands/acl/policy/delete.mdx b/website/content/commands/acl/policy/delete.mdx index ada285a67..9296d8949 100644 --- a/website/content/commands/acl/policy/delete.mdx +++ b/website/content/commands/acl/policy/delete.mdx @@ -11,6 +11,14 @@ Corresponding HTTP API Endpoint: [\[DELETE\] /v1/acl/policy/:id](https://www.con The `acl policy delete` command deletes a policy. Policies may be deleted by their ID or by name. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------ | +| `acl:write` | + ## Usage Usage: `consul acl policy delete [options]` diff --git a/website/content/commands/acl/policy/list.mdx b/website/content/commands/acl/policy/list.mdx index 374e81de3..93b1d6cad 100644 --- a/website/content/commands/acl/policy/list.mdx +++ b/website/content/commands/acl/policy/list.mdx @@ -11,6 +11,14 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/acl/policies](https://www.consul.i The `acl policy list` command lists all policies. By default it will not show metadata. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------ | +| `acl:read` | + ## Usage Usage: `consul acl policy list` diff --git a/website/content/commands/acl/policy/read.mdx b/website/content/commands/acl/policy/read.mdx index 2f069a354..7657f9f95 100644 --- a/website/content/commands/acl/policy/read.mdx +++ b/website/content/commands/acl/policy/read.mdx @@ -11,6 +11,14 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/acl/policy/:id](https://www.consul The `acl policy read` command reads and displays a policies details. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------ | +| `acl:read` | + ## Usage Usage: `consul acl policy read [options] [args]` diff --git a/website/content/commands/acl/policy/update.mdx b/website/content/commands/acl/policy/update.mdx index 3ec5956cf..ac365bbb8 100644 --- a/website/content/commands/acl/policy/update.mdx +++ b/website/content/commands/acl/policy/update.mdx @@ -15,6 +15,14 @@ the `-id` or `-name` options and the option to modify must be provided. Note tha policies requires both the `-id` and `-name` as the new name cannot yet be used to lookup the policy. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------ | +| `acl:write` | + ## Usage Usage: `consul acl policy update [options] [args]` diff --git a/website/content/commands/acl/role/create.mdx b/website/content/commands/acl/role/create.mdx index 1b0e39df1..3a3b3d0f8 100644 --- a/website/content/commands/acl/role/create.mdx +++ b/website/content/commands/acl/role/create.mdx @@ -11,6 +11,14 @@ Corresponding HTTP API Endpoint: [\[PUT\] /v1/acl/role](https://www.consul.io/ap The `acl role create` command creates new roles. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------ | +| `acl:write` | + ## Usage Usage: `consul acl role create [options] [args]` diff --git a/website/content/commands/acl/role/delete.mdx b/website/content/commands/acl/role/delete.mdx index c33fc76ac..ad1660533 100644 --- a/website/content/commands/acl/role/delete.mdx +++ b/website/content/commands/acl/role/delete.mdx @@ -11,6 +11,14 @@ Corresponding HTTP API Endpoint: [\[DELETE\] /v1/acl/role/:id](https://www.consu The `acl role delete` command deletes a role. Roles may be deleted by their ID or by name. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------ | +| `acl:write` | + ## Usage Usage: `consul acl role delete [options]` diff --git a/website/content/commands/acl/role/list.mdx b/website/content/commands/acl/role/list.mdx index ea8c110b9..b5f4d0c3c 100644 --- a/website/content/commands/acl/role/list.mdx +++ b/website/content/commands/acl/role/list.mdx @@ -11,6 +11,14 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/acl/roles](https://www.consul.io/a The `acl role list` command lists all roles. By default it will not show metadata. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------ | +| `acl:read` | + ## Usage Usage: `consul acl role list` diff --git a/website/content/commands/acl/role/read.mdx b/website/content/commands/acl/role/read.mdx index 4c248a943..3d3b3f3b4 100644 --- a/website/content/commands/acl/role/read.mdx +++ b/website/content/commands/acl/role/read.mdx @@ -11,6 +11,14 @@ Corresponding HTTP API Endpoints: [\[GET\] /v1/acl/role/:id](https://www.consul. The `acl role read` command reads and displays a roles details. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------ | +| `acl:read` | + ## Usage Usage: `consul acl role read [options] [args]` diff --git a/website/content/commands/acl/role/update.mdx b/website/content/commands/acl/role/update.mdx index 52a7c82c8..3cf87d7a2 100644 --- a/website/content/commands/acl/role/update.mdx +++ b/website/content/commands/acl/role/update.mdx @@ -15,6 +15,14 @@ update just one field, only the `-id` or `-name` options and the option to modify must be provided. Note that renaming roles requires both the `-id` and `-name` as the new name cannot yet be used to lookup the role. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------ | +| `acl:write` | + ## Usage Usage: `consul acl role update [options] [args]` diff --git a/website/content/commands/acl/set-agent-token.mdx b/website/content/commands/acl/set-agent-token.mdx index 6c574a828..51e71c0ce 100644 --- a/website/content/commands/acl/set-agent-token.mdx +++ b/website/content/commands/acl/set-agent-token.mdx @@ -16,6 +16,14 @@ the agent's configuration. Tokens are not persisted unless is `true`, so tokens will need to be updated again if that option is `false` and the agent is restarted. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------ | +| `acl:write` | + ## Usage Usage: `consul acl set-agent-token [options] TYPE TOKEN` diff --git a/website/content/commands/acl/token/clone.mdx b/website/content/commands/acl/token/clone.mdx index c5a78434e..218d3f5bf 100644 --- a/website/content/commands/acl/token/clone.mdx +++ b/website/content/commands/acl/token/clone.mdx @@ -11,6 +11,14 @@ Corresponding HTTP API Endpoint: [\[PUT\] /v1/acl/token/:AccessorID/clone](https The `acl token clone` command clones an existing token. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------ | +| `acl:write` | + ## Usage Usage: `consul acl token clone [options]` diff --git a/website/content/commands/acl/token/create.mdx b/website/content/commands/acl/token/create.mdx index b72e881c4..23aaeccd5 100644 --- a/website/content/commands/acl/token/create.mdx +++ b/website/content/commands/acl/token/create.mdx @@ -13,6 +13,14 @@ This command creates new tokens. When creating a new token, policies may be link either the `-policy-id` or the `-policy-name` options. When specifying policies by IDs you may use a unique prefix of the UUID as a shortcut for specifying the entire UUID. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------ | +| `acl:write` | + ## Usage Usage: `consul acl token create [options] [args]` diff --git a/website/content/commands/acl/token/delete.mdx b/website/content/commands/acl/token/delete.mdx index b3b219e8f..a020e9274 100644 --- a/website/content/commands/acl/token/delete.mdx +++ b/website/content/commands/acl/token/delete.mdx @@ -11,6 +11,14 @@ Corresponding HTTP API Endpoint: [\[DELETE\] /v1/acl/token/:AccessorID](https:// The `acl token delete` command deletes a token. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------ | +| `acl:write` | + ## Usage Usage: `consul acl token delete [options]` diff --git a/website/content/commands/acl/token/list.mdx b/website/content/commands/acl/token/list.mdx index fc4e970b5..deb147035 100644 --- a/website/content/commands/acl/token/list.mdx +++ b/website/content/commands/acl/token/list.mdx @@ -11,6 +11,14 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/acl/tokens](https://www.consul.io/ The `acl token list` command lists all tokens. By default it will not show metadata. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------ | +| `acl:read` | + ## Usage Usage: `consul acl token list` diff --git a/website/content/commands/acl/token/read.mdx b/website/content/commands/acl/token/read.mdx index 82f531945..2842670f4 100644 --- a/website/content/commands/acl/token/read.mdx +++ b/website/content/commands/acl/token/read.mdx @@ -11,6 +11,14 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/acl/token/:AccessorID](https://www The `acl token read` command reads and displays a token details. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------ | +| `acl:read` | + ## Usage Usage: `consul acl token read [options] [args]` diff --git a/website/content/commands/acl/token/update.mdx b/website/content/commands/acl/token/update.mdx index d96835c33..9fc331e9f 100644 --- a/website/content/commands/acl/token/update.mdx +++ b/website/content/commands/acl/token/update.mdx @@ -12,6 +12,14 @@ Corresponding HTTP API Endpoint: [\[PUT\] /v1/acl/token/:AccessorID](https://www The `acl token update` command will update a token. Some parts of the token like whether the token is local to the datacenter cannot be changed. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------ | +| `acl:write` | + ## Usage Usage: `consul acl token update [options]` diff --git a/website/content/commands/acl/translate-rules.mdx b/website/content/commands/acl/translate-rules.mdx index 590febbb4..4e0c95011 100644 --- a/website/content/commands/acl/translate-rules.mdx +++ b/website/content/commands/acl/translate-rules.mdx @@ -14,6 +14,14 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/acl/rules/translate/:accessor_id]( This command translates the legacy ACL rule syntax into the new syntax. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------ | +| `acl:read` | + ### Usage Usage: `consul acl translate-rules [options] TRANSLATE` diff --git a/website/content/commands/catalog/datacenters.mdx b/website/content/commands/catalog/datacenters.mdx index 3c31b5bd8..a8cfb96e7 100644 --- a/website/content/commands/catalog/datacenters.mdx +++ b/website/content/commands/catalog/datacenters.mdx @@ -11,6 +11,14 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/catalog/datacenters](https://www.c The `catalog datacenters` command prints all known datacenters. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------ | +| `none` | + ## Examples List all datacenters: diff --git a/website/content/commands/catalog/nodes.mdx b/website/content/commands/catalog/nodes.mdx index bf5c5648f..618673bd8 100644 --- a/website/content/commands/catalog/nodes.mdx +++ b/website/content/commands/catalog/nodes.mdx @@ -13,6 +13,14 @@ The `catalog nodes` command prints all known nodes and metadata about them. It can also query for nodes that match a particular metadata or provide a particular service. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------ | +| `node:read` | + ## Examples List all nodes: diff --git a/website/content/commands/catalog/services.mdx b/website/content/commands/catalog/services.mdx index abd53af69..e7cd46673 100644 --- a/website/content/commands/catalog/services.mdx +++ b/website/content/commands/catalog/services.mdx @@ -13,6 +13,14 @@ The `catalog services` command prints all known services. It can also query for services that match particular metadata or list the services that a particular node provides. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| -------------- | +| `service:read` | + ## Examples List all services: diff --git a/website/content/commands/config/delete.mdx b/website/content/commands/config/delete.mdx index afc377ba1..014e4469c 100644 --- a/website/content/commands/config/delete.mdx +++ b/website/content/commands/config/delete.mdx @@ -13,6 +13,14 @@ The `config delete` command deletes the configuration entry specified by the kind and name. See the [configuration entries docs](/docs/agent/config-entries) for more details about configuration entries. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ----------------------------------- | +| `service:write` or `operator:write` | + ## Usage Usage: `consul config delete [options]` diff --git a/website/content/commands/config/list.mdx b/website/content/commands/config/list.mdx index 9912e3d37..a30b20f71 100644 --- a/website/content/commands/config/list.mdx +++ b/website/content/commands/config/list.mdx @@ -13,6 +13,14 @@ The `config list` command lists all given config entries of the given kind. See the [configuration entries docs](/docs/agent/config-entries) for more details about configuration entries. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| -------------- | +| `service:read` | + ## Usage Usage: `consul config list [options]` diff --git a/website/content/commands/config/read.mdx b/website/content/commands/config/read.mdx index ea412270d..b1b2ca04f 100644 --- a/website/content/commands/config/read.mdx +++ b/website/content/commands/config/read.mdx @@ -14,6 +14,14 @@ kind and name and outputs its JSON representation. See the [configuration entries docs](/docs/agent/config-entries) for more details about configuration entries. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| -------------- | +| `service:read` | + ## Usage Usage: `consul config read [options]` diff --git a/website/content/commands/config/write.mdx b/website/content/commands/config/write.mdx index d7b0f6ac6..f562171eb 100644 --- a/website/content/commands/config/write.mdx +++ b/website/content/commands/config/write.mdx @@ -13,6 +13,14 @@ The `config write` command creates or updates a centralized config entry. See the [configuration entries docs](/docs/agent/config-entries) for more details about configuration entries. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ----------------------------------- | +| `service:write` or `operator:write` | + ## Usage Usage: `consul config write [options] FILE` diff --git a/website/content/commands/connect/ca.mdx b/website/content/commands/connect/ca.mdx index 583476f35..4db356b19 100644 --- a/website/content/commands/connect/ca.mdx +++ b/website/content/commands/connect/ca.mdx @@ -42,6 +42,14 @@ Subcommands: This command displays the current CA configuration. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ---------------- | +| `operator:write` | + Usage: `consul connect ca get-config [options]` Corresponding HTTP API Endpoint: [\[GET\] /v1/connect/ca/configuration](https://www.consul.io/api-docs/connect/ca#get-ca-configuration) @@ -69,6 +77,14 @@ Modifies the current CA configuration. If this results in a new root certificate being used, the [Root Rotation](/docs/connect/ca#root-certificate-rotation) process will be triggered. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ---------------- | +| `operator:write` | + Usage: `consul connect ca set-config [options]` Corresponding HTTP API Endpoint: [\[PUT\] /v1/connect/ca/configuration](https://www.consul.io/api-docs/connect/ca#update-ca-configuration) diff --git a/website/content/commands/event.mdx b/website/content/commands/event.mdx index 4a33dec0d..7dba8462e 100644 --- a/website/content/commands/event.mdx +++ b/website/content/commands/event.mdx @@ -37,6 +37,14 @@ message. It is hard to give an exact number, as it depends on various parameters of the event, but the payload should be kept very small (< 100 bytes). Specifying too large of an event will return an error. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------- | +| `event:write` | + ## Usage Usage: `consul event [options] [payload]` diff --git a/website/content/commands/force-leave.mdx b/website/content/commands/force-leave.mdx index 183dba282..52a41464b 100644 --- a/website/content/commands/force-leave.mdx +++ b/website/content/commands/force-leave.mdx @@ -32,6 +32,14 @@ from the datacenter's member list nor from the raft configuration. Additionally, if the agent returns after transitioning to the "left" state, but before it is reaped from the member list, then it will rejoin the cluster. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ---------------- | +| `operator:write` | + ## Usage Usage: `consul force-leave [options] node` diff --git a/website/content/commands/intention/create.mdx b/website/content/commands/intention/create.mdx index 95fc8ad27..bcdb62164 100644 --- a/website/content/commands/intention/create.mdx +++ b/website/content/commands/intention/create.mdx @@ -17,6 +17,14 @@ Corresponding HTTP API Endpoint: [\[POST\] /v1/connect/intentions](https://www.c The `intention create` command creates or updates an L4 intention. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------------ | +| `intentions:write` | + ## Usage - `consul intention create [options] SRC DST` diff --git a/website/content/commands/intention/delete.mdx b/website/content/commands/intention/delete.mdx index 8f88fc3a3..1af6fdf87 100644 --- a/website/content/commands/intention/delete.mdx +++ b/website/content/commands/intention/delete.mdx @@ -11,6 +11,14 @@ Corresponding HTTP API Endpoint: [\[DELETE\] /v1/connect/intentions/exact](https The `intention delete` command deletes a matching intention. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------------ | +| `intentions:write` | + -> **Deprecated** - The one argument form of this command is deprecated in Consul 1.9.0. Intentions no longer need IDs when represented as [`service-intentions`](/docs/connect/config-entries/service-intentions) config diff --git a/website/content/commands/intention/get.mdx b/website/content/commands/intention/get.mdx index 3a78babf1..b475b4d69 100644 --- a/website/content/commands/intention/get.mdx +++ b/website/content/commands/intention/get.mdx @@ -16,6 +16,14 @@ Consul 1.9.0. Intentions no longer need IDs when represented as [`service-intentions`](/docs/connect/config-entries/service-intentions) config entries. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ----------------- | +| `intentions:read` | + ## Usage Usage: diff --git a/website/content/commands/intention/match.mdx b/website/content/commands/intention/match.mdx index f6cec45f1..2a249ace6 100644 --- a/website/content/commands/intention/match.mdx +++ b/website/content/commands/intention/match.mdx @@ -16,6 +16,14 @@ order: the first intention that matches a request would be evaluated. The [check](/commands/intention/check) command can be used to check whether an L4 connection would be authorized between any two services. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ----------------- | +| `intentions:read` | + ## Usage Usage: `consul intention match [options] SRC_OR_DST` diff --git a/website/content/commands/join.mdx b/website/content/commands/join.mdx index 6871b547c..5083bb545 100644 --- a/website/content/commands/join.mdx +++ b/website/content/commands/join.mdx @@ -22,6 +22,14 @@ state across the cluster. An agent which is already part of a cluster may join an agent in a different cluster, causing the two clusters to be merged into a single cluster. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------- | +| `agent:write` | + ## Usage Usage: `consul join [options] address ...` diff --git a/website/content/commands/kv/delete.mdx b/website/content/commands/kv/delete.mdx index 56ca09e02..f88487065 100644 --- a/website/content/commands/kv/delete.mdx +++ b/website/content/commands/kv/delete.mdx @@ -12,6 +12,14 @@ Corresponding HTTP API Endpoint: [\[DELETE\] /v1/kv/:key](https://www.consul.io/ The `kv delete` command removes the value from Consul's KV store at the given path. If no key exists at the path, no action is taken. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------ | +| `key:write` | + ## Usage Usage: `consul kv delete [options] KEY_OR_PREFIX` diff --git a/website/content/commands/kv/get.mdx b/website/content/commands/kv/get.mdx index 742524403..8e5a2d459 100644 --- a/website/content/commands/kv/get.mdx +++ b/website/content/commands/kv/get.mdx @@ -14,6 +14,14 @@ store at the given key name. If no key exists with that name, an error is returned. If a key exists with that name but has no data, nothing is returned. A key name or prefix is required. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------ | +| `key:read` | + ## Usage Usage: `consul kv get [options] [KEY_OR_PREFIX]` diff --git a/website/content/commands/kv/put.mdx b/website/content/commands/kv/put.mdx index 3f4afb83a..e313b3b33 100644 --- a/website/content/commands/kv/put.mdx +++ b/website/content/commands/kv/put.mdx @@ -11,6 +11,14 @@ Corresponding HTTP API Endpoint: [\[PUT\] /v1/kv/:key](https://www.consul.io/api The `kv put` command writes the data to the given path in the KV store. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------ | +| `key:write` | + ## Usage Usage: `consul kv put [options] KEY [DATA]` diff --git a/website/content/commands/leave.mdx b/website/content/commands/leave.mdx index fcf6dbcef..c78e508d5 100644 --- a/website/content/commands/leave.mdx +++ b/website/content/commands/leave.mdx @@ -25,6 +25,14 @@ non-graceful leave can affect cluster availability. Running `consul leave` on a server explicitly will reduce the quorum size. Even if the cluster used `bootstrap_expect` to set a quorum size initially, issuing `consul leave` on a server will reconfigure the cluster to have fewer servers. This means you could end up with just one server that is still able to commit writes because quorum is only 1, but those writes might be lost if that server fails before more are added. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------- | +| `agent:write` | + ## Usage Usage: `consul leave [options]` diff --git a/website/content/commands/license.mdx b/website/content/commands/license.mdx index e8f12d3a8..ea80ee008 100644 --- a/website/content/commands/license.mdx +++ b/website/content/commands/license.mdx @@ -128,6 +128,14 @@ Corresponding HTTP API Endpoint: [\[PUT\] /v1/operator/license](https://www.cons This command sets the Consul Enterprise license. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ---------------- | +| `operator:write` | + Usage: `consul license put [options] LICENSE` #### API Options @@ -160,6 +168,14 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/operator/license](https://www.cons This command gets the Consul Enterprise license. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------ | +| `none` | + Usage: `consul license get [options]` #### API Options @@ -197,6 +213,14 @@ Corresponding HTTP API Endpoint: [\[DELETE\] /v1/operator/license](https://www.c Resets license for the datacenter to the one builtin in Consul binary, if it is still valid. If the builtin license is invalid, the current one stays active. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ---------------- | +| `operator:write` | + Usage: `consul license reset [options]` #### API Options diff --git a/website/content/commands/login.mdx b/website/content/commands/login.mdx index 80b16363f..6f205f91c 100644 --- a/website/content/commands/login.mdx +++ b/website/content/commands/login.mdx @@ -17,6 +17,14 @@ requested auth method for a newly minted Consul ACL token. The companion command `consul logout` should be used to destroy any tokens created this way to avoid a resource leak. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------ | +| `none` | + ## Usage Usage: `consul login [options]` diff --git a/website/content/commands/logout.mdx b/website/content/commands/logout.mdx index 2084565cc..64065896a 100644 --- a/website/content/commands/logout.mdx +++ b/website/content/commands/logout.mdx @@ -15,6 +15,14 @@ Corresponding HTTP API Endpoint: [\[POST\] /v1/acl/logout](https://www.consul.io The `logout` command will destroy the provided token if it was created from `consul login`. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------ | +| `none` | + ## Usage Usage: `consul logout [options]` diff --git a/website/content/commands/maint.mdx b/website/content/commands/maint.mdx index e1c5b0654..21a673ae1 100644 --- a/website/content/commands/maint.mdx +++ b/website/content/commands/maint.mdx @@ -21,6 +21,14 @@ Under the hood, maintenance mode is activated by registering a health check in critical status against a service, and deactivated by deregistering the health check. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------ | +| `node:write` | + ## Usage Usage: `consul maint [options]` diff --git a/website/content/commands/members.mdx b/website/content/commands/members.mdx index 3c37e1e2f..fece24893 100644 --- a/website/content/commands/members.mdx +++ b/website/content/commands/members.mdx @@ -21,6 +21,14 @@ Nodes in the "failed" state are still listed because Consul attempts to reconnect with failed nodes for a certain amount of time in the case that the failure is actually just a network partition. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------ | +| `node:read` | + ## Usage Usage: `consul members [options]` diff --git a/website/content/commands/namespace/create.mdx b/website/content/commands/namespace/create.mdx index af8c3bbbd..9f423685d 100644 --- a/website/content/commands/namespace/create.mdx +++ b/website/content/commands/namespace/create.mdx @@ -14,6 +14,14 @@ Corresponding HTTP API Endpoint: [\[PUT\] /v1/namespace](https://www.consul.io/a This `namespace create` command creates a namespaces using the CLI parameters provided. This was added in Consul Enterprise 1.7.2. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ---------------- | +| `operator:write` | + ## Usage Usage: `consul namespace create -name [options]` diff --git a/website/content/commands/namespace/delete.mdx b/website/content/commands/namespace/delete.mdx index d9f0f2499..bb1d3c986 100644 --- a/website/content/commands/namespace/delete.mdx +++ b/website/content/commands/namespace/delete.mdx @@ -14,6 +14,14 @@ Corresponding HTTP API Endpoint: [\[DELETE\] /v1/namespace/:name](https://www.co This `namespace delete` command deletes a namespace. This was added in Consul Enterprise 1.7.0. If ACLs are enabled then this command will require a token with `operator:write` privileges. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ---------------- | +| `operator:write` | + ## Usage Usage: `consul namespace delete ` diff --git a/website/content/commands/namespace/list.mdx b/website/content/commands/namespace/list.mdx index 0f2254725..c27596982 100644 --- a/website/content/commands/namespace/list.mdx +++ b/website/content/commands/namespace/list.mdx @@ -16,6 +16,14 @@ ACLs are enabled then this command will require a token with `operator:read` pri within the target namespaces. The results will be filtered based on the ACL token and therefore it is possible to see a partial list. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------------------------------- | +| `operator:read` or `namespace:* read` | + ## Usage Usage: `consul namespace list` diff --git a/website/content/commands/namespace/read.mdx b/website/content/commands/namespace/read.mdx index 54d5956b7..1d16783ef 100644 --- a/website/content/commands/namespace/read.mdx +++ b/website/content/commands/namespace/read.mdx @@ -15,6 +15,14 @@ This `namespace read` command reads a namespaces configuration. This was added i ACLs are enabled then this command will require a token with `operator:read` privileges or any `read` privileges within the target namespace. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------------------------------- | +| `operator:read` or `namespace:* read` | + ## Usage Usage: `consul namespace read ` diff --git a/website/content/commands/namespace/update.mdx b/website/content/commands/namespace/update.mdx index 5cd952a38..1b260e099 100644 --- a/website/content/commands/namespace/update.mdx +++ b/website/content/commands/namespace/update.mdx @@ -14,6 +14,14 @@ Corresponding HTTP API Endpoint: [\[PUT\] /v1/namespace/:name](https://www.consu This `namespace update` command updates a namespaces using the CLI parameters provided. This was added in Consul Enterprise 1.7.2. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ---------------- | +| `operator:write` | + ## Usage Usage: `consul namespace update -name [options]` diff --git a/website/content/commands/operator/area.mdx b/website/content/commands/operator/area.mdx index 0597ef986..63c34b922 100644 --- a/website/content/commands/operator/area.mdx +++ b/website/content/commands/operator/area.mdx @@ -51,6 +51,14 @@ Corresponding HTTP API Endpoint: [\[POST\] /v1/operator/area](https://www.consul This command creates a new network area. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ---------------- | +| `operator:write` | + Usage: `consul operator area create [options]` #### API Options @@ -85,6 +93,14 @@ Corresponding HTTP API Endpoint: [\[DELETE\] /v1/operator/area/:uuid](https://ww This command deletes an existing network area. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ---------------- | +| `operator:write` | + Usage: `consul operator area delete [options]` #### API Options @@ -116,6 +132,14 @@ Corresponding HTTP API Endpoint: [\[PUT\] /v1/operator/area/:uuid/join](https:// This command joins Consul servers into an existing network area by address, such as an IP or hostname with an optional port. Multiple addresses may be given. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ---------------- | +| `operator:write` | + Usage: `consul operator area join [options] ADDRESSES` #### API Options @@ -152,6 +176,14 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/operator/area](https://www.consul. This command lists all network areas. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| --------------- | +| `operator:read` | + Usage: `consul operator area list [options]` #### API Options @@ -183,6 +215,14 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/operator/area/:uuid/members](https This command displays Consul server nodes present in a network area, or all areas if no area is specified. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| --------------- | +| `operator:read` | + Usage: `consul operator area members [options]` #### API Options @@ -239,6 +279,14 @@ Corresponding HTTP API Endpoint: [\[PUT\] /v1/operator/area/:uuid](https://www.c This command updates the configuration of network area. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ---------------- | +| `operator:write` | + Usage: `consul operator area update [options]` #### API Options diff --git a/website/content/commands/operator/autopilot.mdx b/website/content/commands/operator/autopilot.mdx index 24fa2a1db..4d42af62b 100644 --- a/website/content/commands/operator/autopilot.mdx +++ b/website/content/commands/operator/autopilot.mdx @@ -32,6 +32,14 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/operator/autopilot/configuration]( This command displays the current autopilot configuration. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| --------------- | +| `operator:read` | + Usage: `consul operator autopilot get-config [options]` #### API Options @@ -59,6 +67,14 @@ Corresponding HTTP API Endpoint: [\[PUT\] /v1/operator/autopilot/configuration]( Modifies the current Autopilot configuration. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ---------------- | +| `operator:write` | + Usage: `consul operator autopilot set-config [options]` #### API Options @@ -109,6 +125,14 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/operator/autopilot/state](https:// This command displays the current autopilot state. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| --------------- | +| `operator:read` | + Usage: `consul operator autopilot state [options]` #### API Options diff --git a/website/content/commands/operator/raft.mdx b/website/content/commands/operator/raft.mdx index 7649261c6..1ecc6be79 100644 --- a/website/content/commands/operator/raft.mdx +++ b/website/content/commands/operator/raft.mdx @@ -33,6 +33,14 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/status/peers](https://www.consul.i This command displays the current Raft peer configuration. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------ | +| `none` | + Usage: `consul operator raft list-peers -stale=[true|false]` - `-stale` - Optional and defaults to "false" which means the leader provides @@ -77,6 +85,14 @@ clean up by simply running [`consul force-leave`](/commands/force-leave) instead of this command. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ---------------- | +| `operator:write` | + Usage: `consul operator raft remove-peer -address="IP:port"` - `-address` - "IP:port" for the server to remove. The port number is usually diff --git a/website/content/commands/reload.mdx b/website/content/commands/reload.mdx index 01f68991e..86030a47b 100644 --- a/website/content/commands/reload.mdx +++ b/website/content/commands/reload.mdx @@ -25,6 +25,14 @@ Not all configuration options are reloadable. See the [Reloadable Configuration](/docs/agent/options#reloadable-configuration) section on the agent options page for details on which options are supported. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------- | +| `agent:write` | + ## Usage Usage: `consul reload` diff --git a/website/content/commands/rtt.mdx b/website/content/commands/rtt.mdx index f6622edf0..764157f66 100644 --- a/website/content/commands/rtt.mdx +++ b/website/content/commands/rtt.mdx @@ -17,6 +17,14 @@ Consul's network coordinate model of the cluster. See the [Network Coordinates](/docs/internals/coordinates) internals guide for more information on how these coordinates are computed. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------ | +| `node:read` | + ## Usage Usage: `consul rtt [options] node1 [node2]` diff --git a/website/content/commands/services/deregister.mdx b/website/content/commands/services/deregister.mdx index 2799531da..12e597e0f 100644 --- a/website/content/commands/services/deregister.mdx +++ b/website/content/commands/services/deregister.mdx @@ -20,6 +20,14 @@ registered with a configuration file, then deleting that file and deregister. See [Service Definition](/docs/agent/services) for more information about registering services generally. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| --------------- | +| `service:write` | + ## Usage Usage: `consul services deregister [options] [FILE...]` diff --git a/website/content/commands/services/register.mdx b/website/content/commands/services/register.mdx index 195baae52..cea34bdfb 100644 --- a/website/content/commands/services/register.mdx +++ b/website/content/commands/services/register.mdx @@ -22,6 +22,14 @@ configuration management systems that other systems that have access to the configuration directory. Clients may also use the [HTTP API](/api/agent/service) directly. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| --------------- | +| `service:write` | + ## Usage Usage: `consul services register [options] [FILE...]` diff --git a/website/content/commands/snapshot/restore.mdx b/website/content/commands/snapshot/restore.mdx index 5da2b11ac..06243b0e0 100644 --- a/website/content/commands/snapshot/restore.mdx +++ b/website/content/commands/snapshot/restore.mdx @@ -19,8 +19,13 @@ designed to handle server failures during a restore. This command is primarily intended to be used when recovering from a disaster, restoring into a fresh cluster of Consul servers. -If ACLs are enabled, a management token must be supplied in order to perform -a snapshot restore. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------ | +| `management` | ## Usage diff --git a/website/content/commands/snapshot/save.mdx b/website/content/commands/snapshot/save.mdx index 71c7cb1ee..2f177aa60 100644 --- a/website/content/commands/snapshot/save.mdx +++ b/website/content/commands/snapshot/save.mdx @@ -27,6 +27,14 @@ the CLI client attempting to perform a snapshot save will have no effect. It _mu the context of the server process. If you're using Systemd to manage your Consul server processes, then adding `Environment=TMPDIR=/path/to/dir` to your Consul unit file will work. +The table below shows this command's [required ACLs](/api#authentication). Configuration of +[blocking queries](/api/features/blocking) and [agent caching](/api/features/caching) +are not supported from commands, but may be from the corresponding HTTP endpoint. + +| ACL Required | +| ------------ | +| `management` | + ## Usage Usage: `consul snapshot save [options] FILE`