ACL¶
-
class
consulate.api.acl.ACL(uri, adapter, datacenter=None, token=None)¶ The ACL endpoints are used to create, update, destroy, and query ACL tokens.
-
clone(acl_id)¶ Clone an existing ACL returning the new ACL ID
Parameters: acl_id (str) – The ACL id Return type: bool Raises: consulate.exceptions.Forbidden Raises: consulate.exceptions.NotFound
-
create(name, acl_type='client', rules=None)¶ The create endpoint is used to make a new token. A token has a name, a type, and a set of ACL rules.
The
nameproperty is opaque to Consul. To aid human operators, it should be a meaningful indicator of the ACL’s purpose.acl_typeis either client or management. A management token is comparable to a root user and has the ability to perform any action including creating, modifying, and deleting ACLs.By contrast, a client token can only perform actions as permitted by the rules associated. Client tokens can never manage ACLs. Given this limitation, only a management token can be used to make requests to the create endpoint.
rulesis a HCL string defining the rule policy. See `https://consul.io/docs/internals/acl.html`_ for more information on defining rules.The call to create will return the ID of the new ACL.
Parameters: Return type: Raises: consulate.exceptions.Forbidden
-
destroy(acl_id)¶ Delete the specified ACL
Parameters: acl_id (str) – The ACL id Return type: bool Raises: consulate.exceptions.Forbidden Raises: consulate.exceptions.NotFound
-
info(acl_id)¶ Return a dict of information about the ACL
Parameters: acl_id (str) – The ACL id Return type: dict Raises: consulate.exceptions.Forbidden Raises: consulate.exceptions.NotFound
-
update(acl_id, name, acl_type='client', rules=None)¶ Update an existing ACL, updating its values or add a new ACL if the ACL Id specified is not found.
Parameters: Return type: Raises: consulate.exceptions.Forbidden
-