intention command is used to interact with Connect
intentions. It exposes commands for
creating, updating, reading, deleting, checking, and managing intentions.
This command is available in Consul 1.2 and later.
Intentions may also be managed via the HTTP API.
consul intention <subcommand>
For the exact documentation for your Consul version, run
consul intention -h to view
the complete list of subcommands.
Usage: consul intention <subcommand> [options] [args] ... Subcommands: check Check whether a connection between two services is allowed. create Create intentions for service connections. delete Delete an intention. get Show information about an intention. match Show intentions that match a source or destination.
For more information, examples, and usage about a subcommand, click on the name of the subcommand in the sidebar.
Create an intention to allow "web" to talk to "db":
$ consul intention create web db
Create an intention to deny "db" from initiating connections to any service:
$ consul intention create -deny db '*' Created: db => * (deny)
Test whether a "web" is allowed to connect to "db":
$ consul intention check web db
Find all intentions for communicating to the "db" service:
$ consul intention match db
»Source and Destination Naming
Intention commands commonly take positional arguments referred to as
DST in the command documentation. These can take several forms:
|the named service in the current namespace|
|any service in the current namespace|
Enterprisethe named service in a specific namespace
Enterpriseany service in the specified namespace
Enterpriseany service in any namespace