Consul
Consul ACL Role Read
Command: consul acl role read
Corresponding HTTP API Endpoints: [GET] /v1/acl/role/:id, [GET] /v1/acl/role/name/:name
The acl role read command reads and displays a roles details.
The table below shows this command's required ACLs. Configuration of blocking queries and agent caching are not supported from commands, but may be from the corresponding HTTP endpoint.
| ACL Required |
|---|
acl:read |
Usage
Usage: consul acl role read [options] [args]
Command Options
-id=<string>- The ID of the role to read. It may be specified as a unique ID prefix but will error if the prefix matches multiple role IDs.-meta- Indicates that role metadata such as the content hash and raft indices should be shown for each entry.-name=<string>- The name of the role to read.-format={pretty|json}- Command output format. The default value ispretty.
Enterprise Options
-partition=<string>- Enterprise Specifies the partition to query. If not provided, the partition is inferred from the request's ACL token, or defaults to thedefaultpartition.
-namespace=<string>- Specifies the namespace to query. If not provided, the namespace will be inferred from the request's ACL token, or will default to thedefaultnamespace. Namespaces are a Consul Enterprise feature added in v1.7.0.
API Options
-ca-file=<value>- Path to a CA file to use for TLS when communicating with Consul. This can also be specified via theCONSUL_CACERTenvironment variable.-ca-path=<value>- Path to a directory of CA certificates to use for TLS when communicating with Consul. This can also be specified via theCONSUL_CAPATHenvironment variable.-client-cert=<value>- Path to a client cert file to use for TLS whenverify_incomingis enabled. This can also be specified via theCONSUL_CLIENT_CERTenvironment variable.-client-key=<value>- Path to a client key file to use for TLS whenverify_incomingis enabled. This can also be specified via theCONSUL_CLIENT_KEYenvironment variable.-http-addr=<addr>- Address of the Consul agent with the port. This can be an IP address or DNS address, but it must include the port. This can also be specified via theCONSUL_HTTP_ADDRenvironment variable. In Consul 0.8 and later, the default value is http://127.0.0.1:8500, and https can optionally be used instead. The scheme can also be set to HTTPS by setting the environment variableCONSUL_HTTP_SSL=true. This may be a unix domain socket usingunix:///path/to/socketif the agent is configured to listen that way.-tls-server-name=<value>- The server name to use as the SNI host when connecting via TLS. This can also be specified via theCONSUL_TLS_SERVER_NAMEenvironment variable.-token=<value>- ACL token to use in the request. This can also be specified via theCONSUL_HTTP_TOKENenvironment variable. If unspecified, the query will default to the token of the Consul agent at the HTTP address.-token-file=<value>- File containing the ACL token to use in the request instead of one specified via the-tokenargument orCONSUL_HTTP_TOKENenvironment variable. This can also be specified via theCONSUL_HTTP_TOKEN_FILEenvironment variable.
-datacenter=<name>- Name of the datacenter to query. If unspecified, the query will default to the datacenter of the Consul agent at the HTTP address.-stale- Permit any Consul server (non-leader) to respond to this request. This allows for lower latency and higher throughput, but can result in stale data. This option has no effect on non-read operations. The default value is false.
Examples
Get role details:
$ consul acl role read -id 57147d87-6bf7-f794-1a6e-7d038c4e4ae9
ID: 57147d87-6bf7-f794-1a6e-7d038c4e4ae9
Name: crawler
Description: web crawler role
Policies:
2f8f99c7-edd9-2f09-7e4b-a1f519eb4fc2 - crawler-kv
Get role details by name:
$ consul acl role read -name archiver
ID: a365fdc9-ac71-e754-0645-7ab6bd747301
Name: archiver
Description: archiver role
Service Identities:
archiver (Datacenters: dc2)