83 lines
2.6 KiB
Plaintext
83 lines
2.6 KiB
Plaintext
---
|
|
layout: commands
|
|
page_title: 'Commands: Intention'
|
|
sidebar_title: intention
|
|
---
|
|
|
|
# Consul Intention
|
|
|
|
Command: `consul intention`
|
|
|
|
The `intention` command is used to interact with Connect
|
|
[intentions](/docs/connect/intentions). It exposes commands for
|
|
creating, updating, reading, deleting, checking, and managing intentions.
|
|
This command is available in Consul 1.2 and later.
|
|
|
|
Intentions are managed primarily via
|
|
[`service-intentions`](/docs/agent/config-entries/service-intentions) config
|
|
entries after Consul 1.9. Intentions may also be managed via the [HTTP
|
|
API](/api/connect/intentions).
|
|
|
|
## Usage
|
|
|
|
Usage: `consul intention <subcommand>`
|
|
|
|
For the exact documentation for your Consul version, run `consul intention -h` to view
|
|
the complete list of subcommands.
|
|
|
|
```text
|
|
Usage: consul intention <subcommand> [options] [args]
|
|
|
|
...
|
|
|
|
Subcommands:
|
|
check Check whether a connection between two services is allowed.
|
|
create Create intentions for service connections.
|
|
delete Delete an intention.
|
|
get Show information about an intention.
|
|
match Show intentions that match a source or destination.
|
|
```
|
|
|
|
For more information, examples, and usage about a subcommand, click on the name
|
|
of the subcommand in the sidebar.
|
|
|
|
## Basic Examples
|
|
|
|
Create an intention to allow "web" to talk to "db":
|
|
|
|
```shell-session
|
|
$ consul intention create web db
|
|
```
|
|
|
|
Create an intention to deny "db" from initiating connections to _any_ service:
|
|
|
|
```shell-session
|
|
$ consul intention create -deny db '*'
|
|
Created: db => * (deny)
|
|
```
|
|
|
|
Test whether a "web" is allowed to connect to "db":
|
|
|
|
```shell-session
|
|
$ consul intention check web db
|
|
```
|
|
|
|
Find all intentions for communicating to the "db" service:
|
|
|
|
```shell-session
|
|
$ consul intention match db
|
|
```
|
|
|
|
## Source and Destination Naming
|
|
|
|
Intention commands commonly take positional arguments referred to as `SRC` and
|
|
`DST` in the command documentation. These can take several forms:
|
|
|
|
| Format | Meaning |
|
|
| ----------------------- | -------------------------------------------------------------------- |
|
|
| `<service>` | the named service in the current namespace |
|
|
| `*` | any service in the current namespace |
|
|
| `<namespace>/<service>` | <EnterpriseAlert inline /> the named service in a specific namespace |
|
|
| `<namespace>/*` | <EnterpriseAlert inline /> any service in the specified namespace |
|
|
| `*/*` | <EnterpriseAlert inline /> any service in any namespace |
|