steampipe plugin install consul

Table: consul_acl_policy - Query Consul ACL Policies using SQL

Consul ACL (Access Control List) Policies are a set of rules that control the actions that a client can perform in a Consul cluster. These policies are used to restrict the operations a token can perform based on its assigned policies. ACL Policies provide a flexible way to control access to data and APIs.

Table Usage Guide

The consul_acl_policy table provides insights into ACL Policies within HashiCorp's Consul. As a DevOps engineer, explore policy-specific details through this table, including the rules, descriptions, and associated metadata. Utilize it to uncover information about policies, such as their specific rules, the actions they allow or deny, and to verify the overall security configuration of your Consul cluster.

Important Notes

  • You need to specify the token parameter in the consul.spc file to be able to query this table.

Examples

Basic info

Explore the specific policies within your ACL system to understand their rules, descriptions, and indices. This can help in managing access control and ensuring security within your system.

select
id,
name,
rules,
description,
create_index,
modify_index,
namespace,
partition
from
consul_acl_policy;
select
id,
name,
rules,
description,
create_index,
modify_index,
namespace,
partition
from
consul_acl_policy;

List policies that are present in default namespace

Explore which policies are present in the default namespace, allowing you to assess the elements within your system's default settings. This can help you maintain better control over your system's security and access rules.

select
id,
name,
rules,
description,
create_index,
modify_index,
namespace,
partition
from
consul_acl_policy
where
namespace = 'default';
select
id,
name,
rules,
description,
create_index,
modify_index,
namespace,
partition
from
consul_acl_policy
where
namespace = 'default';

List policies which are attached to ACL tokens

Discover the segments that consist of policies linked to ACL tokens. This is useful for understanding the security measures in place and managing access control within your system.

select
id,
name,
rules,
description,
create_index,
modify_index
from
consul_acl_policy
where
id in (
select
p ->> 'ID'
from
consul_acl_token,
jsonb_array_elements(policies) as p
);
select
id,
name,
rules,
description,
create_index,
modify_index
from
consul_acl_policy
where
id in (
select
json_extract(p.value, '$.ID')
from
consul_acl_token,
json_each(policies) as p
);

Schema for consul_acl_policy

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
address_urltextThe address URL.
create_indexbigintThe index when the acl policy was created.
datacentersjsonbThe datacenters of the acl policy.
descriptiontextThe description of the acl policy.
hashjsonbThe hash of the acl policy.
idtext=The id of the acl policy.
modify_indexbigintThe index when the acl policy was last modified.
nametextThe name of the acl policy.
namespacetext=Namespace is the namespace the ACL policy is associated with.
partitiontextPartition is the partition the ACL policy is associated with.
rulestextThe set of rules of the acl policy.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
titletextThe title of the acl policy.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- consul

You can pass the configuration to the command with the --config argument:

steampipe_export_consul --config '<your_config>' consul_acl_policy