open-consul/website/content/commands/intention/match.mdx

66 lines
1.8 KiB
Plaintext

---
layout: commands
page_title: 'Commands: Intention Match'
---
# Consul Intention Match
Command: `consul intention match`
Corresponding HTTP API Endpoint: [\[GET\] /v1/connect/intentions/match](/api-docs/connect/intentions#list-matching-intentions)
The `intention match` command shows the list of intentions that match
a given source or destination. The list of intentions is listed in evaluation
order: the first intention that matches a request would be evaluated.
The [check](/commands/intention/check) command can be used to
check whether an L4 connection would be authorized between any two services.
The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of
[blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching)
are not supported from commands, but may be from the corresponding HTTP endpoint.
| ACL Required |
| ----------------------------- |
| `intentions:read`<sup>1</sup> |
<p>
<sup>1</sup> Intention ACL rules are specified as part of a{' '}
<code>service</code> rule. See{' '}
<a href="/docs/connect/intentions#intention-management-permissions">
Intention Management Permissions
</a>{' '}
for more details.
</p>
## Usage
Usage: `consul intention match [options] SRC_OR_DST`
`SRC` and `DST` can both take [several forms](/commands/intention#source-and-destination-naming).
#### Command Options
- `-destination` - Match by destination.
- `-source` - Match by source.
#### Enterprise Options
@include 'http_api_partition_options.mdx'
@include 'http_api_namespace_options.mdx'
#### API Options
@include 'http_api_options_client.mdx'
## Examples
```shell-session
$ consul intention match -source web
web => db (deny)
web => api (2 permissions)
web => * (allow)
```