Table: consul_acl_policy - Query Consul ACL Policies using SQL
Consul ACL (Access Control List) Policies are a set of rules that control the actions that a client can perform in a Consul cluster. These policies are used to restrict the operations a token can perform based on its assigned policies. ACL Policies provide a flexible way to control access to data and APIs.
Table Usage Guide
The consul_acl_policy
table provides insights into ACL Policies within HashiCorp's Consul. As a DevOps engineer, explore policy-specific details through this table, including the rules, descriptions, and associated metadata. Utilize it to uncover information about policies, such as their specific rules, the actions they allow or deny, and to verify the overall security configuration of your Consul cluster.
Important Notes
- You need to specify the
token
parameter in theconsul.spc
file to be able to query this table.
Examples
Basic info
Explore the specific policies within your ACL system to understand their rules, descriptions, and indices. This can help in managing access control and ensuring security within your system.
select id, name, rules, description, create_index, modify_index, namespace, partitionfrom consul_acl_policy;
select id, name, rules, description, create_index, modify_index, namespace, partitionfrom consul_acl_policy;
List policies that are present in default namespace
Explore which policies are present in the default namespace, allowing you to assess the elements within your system's default settings. This can help you maintain better control over your system's security and access rules.
select id, name, rules, description, create_index, modify_index, namespace, partitionfrom consul_acl_policywhere namespace = 'default';
select id, name, rules, description, create_index, modify_index, namespace, partitionfrom consul_acl_policywhere namespace = 'default';
List policies which are attached to ACL tokens
Discover the segments that consist of policies linked to ACL tokens. This is useful for understanding the security measures in place and managing access control within your system.
select id, name, rules, description, create_index, modify_indexfrom consul_acl_policywhere id in ( select p ->> 'ID' from consul_acl_token, jsonb_array_elements(policies) as p );
select id, name, rules, description, create_index, modify_indexfrom consul_acl_policywhere id in ( select json_extract(p.value, '$.ID') from consul_acl_token, json_each(policies) as p );
Schema for consul_acl_policy
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
address_url | text | The address URL. | |
create_index | bigint | The index when the acl policy was created. | |
datacenters | jsonb | The datacenters of the acl policy. | |
description | text | The description of the acl policy. | |
hash | jsonb | The hash of the acl policy. | |
id | text | = | The id of the acl policy. |
modify_index | bigint | The index when the acl policy was last modified. | |
name | text | The name of the acl policy. | |
namespace | text | = | Namespace is the namespace the ACL policy is associated with. |
partition | text | Partition is the partition the ACL policy is associated with. | |
rules | text | The set of rules of the acl policy. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
title | text | The title of the acl policy. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- consul
You can pass the configuration to the command with the --config
argument:
steampipe_export_consul --config '<your_config>' consul_acl_policy