steampipe plugin install consul

Table: consul_acl_auth_method - Query Consul ACL Auth Methods using SQL

Consul ACL Auth Method is a feature within HashiCorp Consul that enables authentication of entities through different methods such as Kubernetes, JWT, or OIDC. It provides a way to define how to authenticate an entity and produce a set of Consul ACL Tokens upon successful authentication. Consul ACL Auth Method aids in managing and controlling user access and privileges within the Consul service.

Table Usage Guide

The consul_acl_auth_method table provides insights into the ACL Auth Methods within HashiCorp Consul. As a security engineer, explore method-specific details through this table, including the type of authentication method, its configuration, and associated rules. Utilize it to uncover information about methods, such as those using Kubernetes or JWT, the configuration parameters for each method, and the verification of rules associated with each method.

Important Notes

  • You need to specify the token parameter in the consul.spc file to be able to query this table.

Examples

Basic info

Explore the authorization methods used within your Consul ACL system. This helps to assess the security settings and identify any modifications or partitions, enhancing overall system management and integrity.

select
name,
type,
namespace,
create_index,
modify_index,
partition
from
consul_acl_auth_method;
select
name,
type,
namespace,
create_index,
modify_index,
partition
from
consul_acl_auth_method;

List auth methods present in default namespace

Explore the authentication methods currently active within the default namespace. This information can be useful for assessing security configuration and identifying potential vulnerabilities.

select
name,
type,
namespace,
create_index,
modify_index,
partition
from
consul_acl_auth_method
where
namespace = 'default';
select
name,
type,
namespace,
create_index,
modify_index,
partition
from
consul_acl_auth_method
where
namespace = 'default';

List auth methods with global token locality

Discover the authentication methods that have a global scope. This can be useful for understanding the distribution and reach of different authorization methods across your network.

select
name,
type,
namespace,
create_index,
modify_index,
partition
from
consul_acl_auth_method
where
token_locality = 'global';
select
name,
type,
namespace,
create_index,
modify_index,
partition
from
consul_acl_auth_method
where
token_locality = 'global';

Get config details of auth methods

Assess the configuration details of authentication methods to gain insights into their settings, which can help in managing and enhancing security protocols.

select
name,
namespace,
partition,
jsonb_pretty(config) as config
from
consul_acl_auth_method;
select
name,
namespace,
partition,
config
from
consul_acl_auth_method;

Schema for consul_acl_auth_method

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
address_urltextThe address URL.
configjsonbConfig contains the detailed configuration which is specific to the auth method.
create_indexbigintCreate index of the auth method.
descriptiontextThe description of the acl auth method.
display_nametextThe display name of the acl auth method.
max_token_ttltextThe maximum life of a token created by this method.
modify_indexbigintModify index of the auth method.
nametext=The name of the acl auth method.
namespacetext=Namespace is the namespace the ACL auth method is associated with.
namespace_rulesjsonbNamespace rules apply only on auth methods defined in the default namespace.
partitiontextPartition is the partition the ACL auth method is associated with.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
titletextThe title of the acl auth method.
token_localitytextDefines whether the auth method creates a local or global token when performing SSO login.
typetextType is the SSO identifier of this auth method.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- consul

You can pass the configuration to the command with the --config argument:

steampipe_export_consul --config '<your_config>' consul_acl_auth_method