Any consul agent that can write to a service can deregister another agent's service?


During my testing, it appears that if a Consul Agent has an ACL to write to a given Service, then it has the ability to modify/deregister other Consul Agents from the same service in the catalog. I don’t think I can create an ACL that allows an Agent to only write it’s own information and not affect other agents that also contribute to the same service?

If there’s no way to do this, is this not a security concern? I’d expect one agent in a cluster should not have the power to deregister an entire service from all other Agents in the cluster.

If I’ve misunderstood something, please let me know.