Table: consul_acl_auth_method - Query Consul ACL Auth Methods using SQL
Consul ACL Auth Method is a feature within HashiCorp Consul that enables authentication of entities through different methods such as Kubernetes, JWT, or OIDC. It provides a way to define how to authenticate an entity and produce a set of Consul ACL Tokens upon successful authentication. Consul ACL Auth Method aids in managing and controlling user access and privileges within the Consul service.
Table Usage Guide
The consul_acl_auth_method
table provides insights into the ACL Auth Methods within HashiCorp Consul. As a security engineer, explore method-specific details through this table, including the type of authentication method, its configuration, and associated rules. Utilize it to uncover information about methods, such as those using Kubernetes or JWT, the configuration parameters for each method, and the verification of rules associated with each method.
Important Notes
- You need to specify the
token
parameter in theconsul.spc
file to be able to query this table.
Examples
Basic info
Explore the authorization methods used within your Consul ACL system. This helps to assess the security settings and identify any modifications or partitions, enhancing overall system management and integrity.
select name, type, namespace, create_index, modify_index, partitionfrom consul_acl_auth_method;
select name, type, namespace, create_index, modify_index, partitionfrom consul_acl_auth_method;
List auth methods present in default namespace
Explore the authentication methods currently active within the default namespace. This information can be useful for assessing security configuration and identifying potential vulnerabilities.
select name, type, namespace, create_index, modify_index, partitionfrom consul_acl_auth_methodwhere namespace = 'default';
select name, type, namespace, create_index, modify_index, partitionfrom consul_acl_auth_methodwhere namespace = 'default';
List auth methods with global token locality
Discover the authentication methods that have a global scope. This can be useful for understanding the distribution and reach of different authorization methods across your network.
select name, type, namespace, create_index, modify_index, partitionfrom consul_acl_auth_methodwhere token_locality = 'global';
select name, type, namespace, create_index, modify_index, partitionfrom consul_acl_auth_methodwhere token_locality = 'global';
Get config details of auth methods
Assess the configuration details of authentication methods to gain insights into their settings, which can help in managing and enhancing security protocols.
select name, namespace, partition, jsonb_pretty(config) as configfrom consul_acl_auth_method;
select name, namespace, partition, configfrom consul_acl_auth_method;
Schema for consul_acl_auth_method
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
address_url | text | The address URL. | |
config | jsonb | Config contains the detailed configuration which is specific to the auth method. | |
create_index | bigint | Create index of the auth method. | |
description | text | The description of the acl auth method. | |
display_name | text | The display name of the acl auth method. | |
max_token_ttl | text | The maximum life of a token created by this method. | |
modify_index | bigint | Modify index of the auth method. | |
name | text | = | The name of the acl auth method. |
namespace | text | = | Namespace is the namespace the ACL auth method is associated with. |
namespace_rules | jsonb | Namespace rules apply only on auth methods defined in the default namespace. | |
partition | text | Partition is the partition the ACL auth method is associated with. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
title | text | The title of the acl auth method. | |
token_locality | text | Defines whether the auth method creates a local or global token when performing SSO login. | |
type | text | Type is the SSO identifier of this auth method. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- consul
You can pass the configuration to the command with the --config
argument:
steampipe_export_consul --config '<your_config>' consul_acl_auth_method