intention command is used to interact with Connect
intentions. It exposes commands for
creating, updating, reading, deleting, checking, and managing intentions.
This command is available in Consul 1.2 and later.
consul intention <subcommand>
For the exact documentation for your Consul version, run
consul intention -h
to view the complete list of subcommands.
Usage: consul intention <subcommand> [options] [args] ... Subcommands: check Check whether a connection between two services is allowed. create Create intentions for service connections. delete Delete an intention. list Lists all intentions. get Show information about an intention. match Show intentions that match a source or destination.
For more information, examples, and usage about a subcommand, click on the name of the subcommand in the sidebar.
Create an intention to allow "web" to talk to "db":
$ consul intention create web db
Create an intention to deny "db" from initiating connections to any service:
$ consul intention create -deny db '*' Created: db => * (deny)
Test whether a "web" is allowed to connect to "db":
$ consul intention check web db
List all intentions:
$ consul intention list
Find all intentions for communicating to the "db" service:
$ consul intention match db
»Source and Destination Naming
Intention commands commonly take positional arguments referred to as
DST in the command documentation. These can take several forms:
|the named service in the current namespace|
|any service in the current namespace|
Enterprisethe named service in a specific namespace in the default partition
Enterpriseany service in the specified namespace in the default partition
Enterpriseany service in any namespace in the default partition
Enterprisethe named service in a specific namespace
Enterpriseany service in the specified namespace in a specific partition
Enterpriseany service in any namespace in the a specific partition