72a515f5ec
Highlights: - add new endpoint to query for intentions by exact match - using this endpoint from the CLI instead of the dump+filter approach - enforcing that OSS can only read/write intentions with a SourceNS or DestinationNS field of "default". - preexisting OSS intentions with now-invalid namespace fields will delete those intentions on initial election or for wildcard namespaces an attempt will be made to downgrade them to "default" unless one exists. - also allow the '-namespace' CLI arg on all of the intention subcommands - update lots of docs
63 lines
1.4 KiB
Plaintext
63 lines
1.4 KiB
Plaintext
---
|
|
layout: docs
|
|
page_title: 'Commands: Intention Create'
|
|
sidebar_title: create
|
|
---
|
|
|
|
# Consul Intention Create
|
|
|
|
Command: `consul intention create`
|
|
|
|
The `intention create` command creates or updates an intention.
|
|
|
|
## Usage
|
|
|
|
Usage: `consul intention create [options] SRC DST`
|
|
Usage: `consul intention create [options] -f FILE...`
|
|
|
|
`SRC` and `DST` can both take [several forms](/docs/commands/intention#source-and-destination-naming).
|
|
|
|
#### API Options
|
|
|
|
@include 'http_api_options_client.mdx'
|
|
|
|
#### Enterprise Options
|
|
|
|
@include 'http_api_namespace_options.mdx'
|
|
|
|
#### Intention Create Options
|
|
|
|
- `-allow` - Set the action to "allow" for intentions. This is the default.
|
|
|
|
- `-deny` - Set the action to "deny" for intentions. This cannot be specified
|
|
with `-allow`.
|
|
|
|
- `-file` - Read intention data one or more files specified by the command
|
|
line arguments, instead of source/destination pairs.
|
|
|
|
- `-meta key=value` - Specify arbitrary KV metadata to associate with the
|
|
intention.
|
|
|
|
- `-replace` - Replace any matching intention. The replacement is done
|
|
atomically per intention.
|
|
|
|
## Examples
|
|
|
|
Create an intention `web => db`:
|
|
|
|
```shell-session
|
|
$ consul intention create web db
|
|
```
|
|
|
|
Create intentions from a set of files:
|
|
|
|
```shell-session
|
|
$ consul intention create -file one.json two.json
|
|
```
|
|
|
|
Create intentions from a directory using shell expansion:
|
|
|
|
```shell-session
|
|
$ consul intention create -file intentions/*.json
|
|
```
|