ACL Policy HTTP API
The /acl/policy
endpoints create, read,
update, list and
delete ACL policies in Consul.
For more information on how to setup ACLs, please check the ACL tutorial.
Create a Policy
This endpoint creates a new ACL policy.
Method | Path | Produces |
---|---|---|
PUT | /acl/policy | application/json |
The table below shows this endpoint's support for blocking queries, consistency modes, agent caching, and required ACLs.
Blocking Queries | Consistency Modes | Agent Caching | ACL Required |
---|---|---|---|
NO | none | none | acl:write |
The corresponding CLI command is consul acl policy create
.
Query Parameters
ns
(string: "")
Enterprise - Specifies the namespace of the policy you create. You can also specify the namespace through other methods.
JSON Request Body Schema
Name
(string: <required>)
- Specifies a name for the ACL policy. The name can contain alphanumeric characters, dashes-
, and underscores_
. This name must be unique.Description
(string: "")
- Free form human readable description of the policy.Rules
(string: "")
- Specifies rules for the ACL policy. The format of theRules
property is detailed in the ACL Rules documentation.Datacenters
(array<string>)
- Specifies the datacenters the policy is valid within. When no datacenters are provided the policy is valid in all datacenters including those which do not yet exist but may in the future.Namespace
(string: "")
Enterprise - Specifies the namespace of the policy you create. This field takes precedence over thens
query parameter, one of several other methods to specify the namespace.
Partition
(string: "")
- Enterprise The partition to use. If not provided, the partition is inferred from the request's ACL token, or defaults to thedefault
partition.
Sample Payload
Sample Request
Sample Response
Read a Policy
This endpoint reads an ACL policy with the given ID.
Method | Path | Produces |
---|---|---|
GET | /acl/policy/:id | application/json |
The table below shows this endpoint's support for blocking queries, consistency modes, agent caching, and required ACLs.
Blocking Queries | Consistency Modes | Agent Caching | ACL Required |
---|---|---|---|
YES | all | none | acl:read |
The corresponding CLI command is consul acl policy read
.
Path Parameters
id
(string: <required>)
- Specifies the UUID of the policy you lookup.
Query Parameters
ns
(string: "")
Enterprise - Specifies the namespace of the policy you lookup. You can also specify the namespace through other methods.
Sample Request
Sample Response
Read a Policy by Name
This endpoint reads an ACL policy with the given ID.
Method | Path | Produces |
---|---|---|
GET | /acl/policy/name/:name | application/json |
The table below shows this endpoint's support for blocking queries, consistency modes, agent caching, and required ACLs.
Blocking Queries | Consistency Modes | Agent Caching | ACL Required |
---|---|---|---|
YES | all | none | acl:read |
The corresponding CLI command is consul acl policy read -name=<string>
.
Path Parameters
name
(string: <required>)
- Specifies the name of the ACL policy to read.
Query Parameters
ns
(string: "")
Enterprise - Specifies the namespace of the policy you lookup. You can also specify the namespace through other methods.
partition
(string: "")
Enterprise - The partition to use. If not provided, the partition is inferred from the request's ACL token, or defaults to thedefault
partition.
Sample Request
Sample Response
Update a Policy
This endpoint updates an existing ACL policy.
Method | Path | Produces |
---|---|---|
PUT | /acl/policy/:id | application/json |
The table below shows this endpoint's support for blocking queries, consistency modes, agent caching, and required ACLs.
Blocking Queries | Consistency Modes | Agent Caching | ACL Required |
---|---|---|---|
NO | none | none | acl:write |
The corresponding CLI command is consul acl policy update
.
Path Parameters
id
(string: <required>)
- Specifies the UUID of the policy you update.
Query Parameters
ns
(string: "")
Enterprise - Specifies the namespace of the policy you update. You can also specify the namespace through other methods.
JSON Request Body Schema
ID
(string: <optional>)
- If specified, this field must be an exact match with theid
path parameter.Name
(string: <required>)
- Specifies a name for the ACL policy. The name can only contain alphanumeric characters as well as-
and_
and must be unique.Description
(string: "")
- Free form human readable description of this policy.Rules
(string: "")
- Specifies rules for this ACL policy. The format of theRules
property is detailed in the ACL Rules documentation.Datacenters
(array<string>)
- Specifies the datacenters this policy is valid within. When no datacenters are provided the policy is valid in all datacenters including those which do not yet exist but may in the future.Namespace
(string: "")
Enterprise - Specifies the namespace of the policy you update. This field takes precedence over thens
query parameter, one of several other methods to specify the namespace.
Partition
(string: "")
- Enterprise The partition to use. If not provided, the partition is inferred from the request's ACL token, or defaults to thedefault
partition.
Sample Payload
Sample Request
Sample Response
Delete a Policy
This endpoint deletes an ACL policy.
Method | Path | Produces |
---|---|---|
DELETE | /acl/policy/:id | application/json |
Even though the return type is application/json, the value is either true or false indicating whether the delete succeeded.
The table below shows this endpoint's support for blocking queries, consistency modes, agent caching, and required ACLs.
Blocking Queries | Consistency Modes | Agent Caching | ACL Required |
---|---|---|---|
NO | none | none | acl:write |
The corresponding CLI command is consul acl policy delete
.
Path Parameters
id
(string: <required>)
- Specifies the UUID of the policy you delete.
Query Parameters
ns
(string: "")
Enterprise - Specifies the namespace of the policy you delete. You can also specify the namespace through other methods.
partition
(string: "")
Enterprise - The partition to use. If not provided, the partition is inferred from the request's ACL token, or defaults to thedefault
partition.
Sample Request
Sample Response
List Policies
This endpoint lists all the ACL policies.
Method | Path | Produces |
---|---|---|
GET | /acl/policies | application/json |
The table below shows this endpoint's support for blocking queries, consistency modes, agent caching, and required ACLs.
Blocking Queries | Consistency Modes | Agent Caching | ACL Required |
---|---|---|---|
YES | all | none | acl:read |
The corresponding CLI command is consul acl policy list
.
Query Parameters
ns
(string: "")
Enterprise - Return only the auth methods in the specified namespace. The namespace may be specified as '*' to return results for all namespaces. You can also specify the namespace through other methods.
partition
(string: "")
Enterprise - The partition to use. If not provided, the partition is inferred from the request's ACL token, or defaults to thedefault
partition.
Sample Request
Sample Response
Note - The policies rules are not included in the listing and must be retrieved by the policy reading endpoint
Methods to specify namespace Enterprise
ACL policy endpoints support several methods for specifying the namespace of the ACL policy resources with the following order of precedence:
Namespace
field of the JSON request body - only applies to create and update endpointsns
query parameterX-Consul-Namespace
request header- Namespace is inherited from the namespace of the request's ACL token (if any)
- The
default
namespace