Consul ACL Role Create
Command: consul acl role create
The acl role create command creates new roles.
Usage
Usage: consul acl role create [options] [args]
API Options
-ca-file=<value>- Path to a CA file to use for TLS when communicating with Consul. This can also be specified via theCONSUL_CACERTenvironment variable.-ca-path=<value>- Path to a directory of CA certificates to use for TLS when communicating with Consul. This can also be specified via theCONSUL_CAPATHenvironment variable.-client-cert=<value>- Path to a client cert file to use for TLS whenverify_incomingis enabled. This can also be specified via theCONSUL_CLIENT_CERTenvironment variable.-client-key=<value>- Path to a client key file to use for TLS whenverify_incomingis enabled. This can also be specified via theCONSUL_CLIENT_KEYenvironment variable.-http-addr=<addr>- Address of the Consul agent with the port. This can be an IP address or DNS address, but it must include the port. This can also be specified via theCONSUL_HTTP_ADDRenvironment variable. In Consul 0.8 and later, the default value is http://127.0.0.1:8500, and https can optionally be used instead. The scheme can also be set to HTTPS by setting the environment variableCONSUL_HTTP_SSL=true. This may be a unix domain socket usingunix:///path/to/socketif the agent is configured to listen that way.-tls-server-name=<value>- The server name to use as the SNI host when connecting via TLS. This can also be specified via theCONSUL_TLS_SERVER_NAMEenvironment variable.-token=<value>- ACL token to use in the request. This can also be specified via theCONSUL_HTTP_TOKENenvironment variable. If unspecified, the query will default to the token of the Consul agent at the HTTP address.-token-file=<value>- File containing the ACL token to use in the request instead of one specified via the-tokenargument orCONSUL_HTTP_TOKENenvironment variable. This can also be specified via theCONSUL_HTTP_TOKEN_FILEenvironment variable.
-datacenter=<name>- Name of the datacenter to query. If unspecified, the query will default to the datacenter of the Consul agent at the HTTP address.-stale- Permit any Consul server (non-leader) to respond to this request. This allows for lower latency and higher throughput, but can result in stale data. This option has no effect on non-read operations. The default value is false.
Command Options
-description=<string>- A description of the role.-meta- Indicates that role metadata such as the content hash and raft indices should be shown for each entry.-name=<string>- The new role's name. This flag is required.-node-identity=<value>- Name of a node identity to use for this role. May be specified multiple times. Format isNODENAME:DATACENTER. Added in Consul 1.8.1.-policy-id=<value>- ID of a policy to use for this role. May be specified multiple times-policy-name=<value>- Name of a policy to use for this role. May be specified multiple times-service-identity=<value>- Name of a service identity to use for this role. May be specified multiple times. Format is theSERVICENAMEorSERVICENAME:DATACENTER1,DATACENTER2,...-format={pretty|json}- Command output format. The default value ispretty.
Enterprise Options
-namespace=<string>- Specifies the namespace to query. If not provided, the namespace will be inferred from the request's ACL token, or will default to thedefaultnamespace. Namespaces are a Consul Enterprise feature added in v1.7.0.
Examples
Create a new role with one policy:
$ consul acl role create -name "crawler" -description "web crawler role" -policy-name "crawler-kv"
ID: 57147d87-6bf7-f794-1a6e-7d038c4e4ae9
Name: crawler
Description: web crawler role
Policies:
2f8f99c7-edd9-2f09-7e4b-a1f519eb4fc2 - crawler-kv
Create a new role with one service identity:
$ consul acl role create -name archiver -description 'archiver role' -service-identity "archiver:dc2"
ID: a365fdc9-ac71-e754-0645-7ab6bd747301
Name: archiver
Description: archiver role
Service Identities:
archiver (Datacenters: dc2)