steampipe plugin install consul

Table: consul_acl_binding_rule - Query Consul ACL Binding Rules using SQL

Consul ACL Binding Rules is a feature in HashiCorp Consul that allows you to define how to translate trusted identities into ACL Tokens. It provides a flexible way to manage service-to-service authorization and enforce security policies across your network. Consul ACL Binding Rules helps you maintain the integrity and security of your services by ensuring that only authorized identities can interact with your system.

Table Usage Guide

The consul_acl_binding_rule table provides insights into ACL Binding Rules within HashiCorp Consul. As a Security Engineer, explore rule-specific details through this table, including rule properties, associated service, and rule status. Utilize it to uncover information about rules, such as the binding rule configuration, the service associated with each rule, and the current status of each rule.

Important Notes

  • You need to specify the token parameter in the consul.spc file to be able to query this table.

Examples

Basic info

Discover the segments that use different authentication methods within your system by analyzing the settings of your ACL binding rules. This can help you pinpoint specific locations where certain types of binding rules are used, aiding in system security and configuration management.

select
id,
auth_method,
bind_name,
bind_type,
create_index,
namespace,
partition
from
consul_acl_binding_rule;
select
id,
auth_method,
bind_name,
bind_type,
create_index,
namespace,
partition
from
consul_acl_binding_rule;

List rules that are present in default namespace

Uncover the details of access control list (ACL) binding rules that are set in the default namespace. This is useful for auditing security configurations and ensuring that the default namespace is not overly exposed.

select
id,
auth_method,
bind_name,
bind_type,
create_index,
namespace,
partition
from
consul_acl_binding_rule
where
namespace = 'default';
select
id,
auth_method,
bind_name,
bind_type,
create_index,
namespace,
partition
from
consul_acl_binding_rule
where
namespace = 'default';

List service type binding rules

Analyze the settings to understand the binding rules associated with a particular service type. This can help in managing access control lists (ACLs) more effectively by pinpointing specific services.

select
id,
auth_method,
bind_name,
bind_type,
create_index,
namespace,
partition
from
consul_acl_binding_rule
where
bind_type = 'service';
select
id,
auth_method,
bind_name,
bind_type,
create_index,
namespace,
partition
from
consul_acl_binding_rule
where
bind_type = 'service';

Analyze the settings to understand the relationship between authorization methods and binding rules, which can help in identifying any inconsistencies or discrepancies in access control. This is particularly useful in enhancing security measures and ensuring proper access management.

select
a.name as auth_method_name,
a.type as auth_method_type,
a.create_index as auth_method_create_index,
b.id as binding_rule_id,
b.bind_type as bind_type
from
consul_acl_binding_rule as b
left join consul_acl_auth_method as a on b.auth_method = a.name;
select
a.name as auth_method_name,
a.type as auth_method_type,
a.create_index as auth_method_create_index,
b.id as binding_rule_id,
b.bind_type as bind_type
from
consul_acl_binding_rule as b
left join consul_acl_auth_method as a on b.auth_method = a.name;

Schema for consul_acl_binding_rule

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
address_urltextThe address URL.
auth_methodtext=The name of the auth method for which this rule applies to.
bind_nametextThe binding name of the ACL binding rule.
bind_typetextThe binding type of the ACL binding rule.
create_indexbigintCreate index of the ACL binding rule.
descriptiontextThe description of the acl binding rule.
idtext=An internally generated UUID for this rule and is controlled by Consul.
modify_indexbigintModify index of the ACL binding rule.
namespacetext=Namespace is the namespace the ACL binding rule is associated with.
partitiontextPartition is the partition the ACL binding rule is associated with.
selectortextAn expression that matches against verified identity attributes returned from the auth method during login.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
titletextThe title of the acl binding rule.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- consul

You can pass the configuration to the command with the --config argument:

steampipe_export_consul --config '<your_config>' consul_acl_binding_rule