ACL/API endpoint mapping?

As I go through the exercise of configuring consul ACLs I keep running into this thing where I am reading through the API documents and it notes at the bottom of a given endpoint what ACL is required for the endpoint, but there is no way to cross reference what other endpoints are given access via an ACL. Is there really no document that gives the reverse mapping of ACL to api endpoint? The existing documentation seems like it may lead to accidentally granting unintended access.

Hi @drawks, thank you for your feedback. We are actually in the process of developing this documentation. In the meantime, is there a specific API endpoint we can help with ?

A simple table or chart that shows a mapping of ACLs to API endpoints would be great. It isn’t a matter of “I know the endpoint, what is the appropriate ACL?” the current documentation is already written to address that, the issue is more “the docs say I need this ACL for a given endpoint, what other endpoints am I ALSO granting access to when I set this ACL?”

Hi @drawks,

Thank you again for the feedback. It sounds really useful to make it easier to understand which endpoints are made accessible when a given permission is granted.

We’ve been thinking about how best to present this information within our docs site. We have a really, really early PR draft in which we’re exploring options. This is a preview of what the page could look like (still not polished at all).

We welcome any feedback you have to offer, for example:

  1. How well (or not) would something like this give you what you were looking for?
  2. Do you have any suggestions for things we could try or improve?

Thanks again!

1 Like