Table: consul_acl_binding_rule - Query Consul ACL Binding Rules using SQL
Consul ACL Binding Rules is a feature in HashiCorp Consul that allows you to define how to translate trusted identities into ACL Tokens. It provides a flexible way to manage service-to-service authorization and enforce security policies across your network. Consul ACL Binding Rules helps you maintain the integrity and security of your services by ensuring that only authorized identities can interact with your system.
Table Usage Guide
The consul_acl_binding_rule
table provides insights into ACL Binding Rules within HashiCorp Consul. As a Security Engineer, explore rule-specific details through this table, including rule properties, associated service, and rule status. Utilize it to uncover information about rules, such as the binding rule configuration, the service associated with each rule, and the current status of each rule.
Important Notes
- You need to specify the
token
parameter in theconsul.spc
file to be able to query this table.
Examples
Basic info
Discover the segments that use different authentication methods within your system by analyzing the settings of your ACL binding rules. This can help you pinpoint specific locations where certain types of binding rules are used, aiding in system security and configuration management.
select id, auth_method, bind_name, bind_type, create_index, namespace, partitionfrom consul_acl_binding_rule;
select id, auth_method, bind_name, bind_type, create_index, namespace, partitionfrom consul_acl_binding_rule;
List rules that are present in default namespace
Uncover the details of access control list (ACL) binding rules that are set in the default namespace. This is useful for auditing security configurations and ensuring that the default namespace is not overly exposed.
select id, auth_method, bind_name, bind_type, create_index, namespace, partitionfrom consul_acl_binding_rulewhere namespace = 'default';
select id, auth_method, bind_name, bind_type, create_index, namespace, partitionfrom consul_acl_binding_rulewhere namespace = 'default';
List service type binding rules
Analyze the settings to understand the binding rules associated with a particular service type. This can help in managing access control lists (ACLs) more effectively by pinpointing specific services.
select id, auth_method, bind_name, bind_type, create_index, namespace, partitionfrom consul_acl_binding_rulewhere bind_type = 'service';
select id, auth_method, bind_name, bind_type, create_index, namespace, partitionfrom consul_acl_binding_rulewhere bind_type = 'service';
Show auth methods related to the binding rule
Analyze the settings to understand the relationship between authorization methods and binding rules, which can help in identifying any inconsistencies or discrepancies in access control. This is particularly useful in enhancing security measures and ensuring proper access management.
select a.name as auth_method_name, a.type as auth_method_type, a.create_index as auth_method_create_index, b.id as binding_rule_id, b.bind_type as bind_typefrom consul_acl_binding_rule as b left join consul_acl_auth_method as a on b.auth_method = a.name;
select a.name as auth_method_name, a.type as auth_method_type, a.create_index as auth_method_create_index, b.id as binding_rule_id, b.bind_type as bind_typefrom consul_acl_binding_rule as b left join consul_acl_auth_method as a on b.auth_method = a.name;
Schema for consul_acl_binding_rule
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
address_url | text | The address URL. | |
auth_method | text | = | The name of the auth method for which this rule applies to. |
bind_name | text | The binding name of the ACL binding rule. | |
bind_type | text | The binding type of the ACL binding rule. | |
create_index | bigint | Create index of the ACL binding rule. | |
description | text | The description of the acl binding rule. | |
id | text | = | An internally generated UUID for this rule and is controlled by Consul. |
modify_index | bigint | Modify index of the ACL binding rule. | |
namespace | text | = | Namespace is the namespace the ACL binding rule is associated with. |
partition | text | Partition is the partition the ACL binding rule is associated with. | |
selector | text | An expression that matches against verified identity attributes returned from the auth method during login. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
title | text | The title of the acl binding rule. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- consul
You can pass the configuration to the command with the --config
argument:
steampipe_export_consul --config '<your_config>' consul_acl_binding_rule