I use node-identity tokens to more easily let consul nodes join the cluster.
I’ve tried associating such a node-identity token with a new policy (that allow registering a praticular service), but what it did was to remove the permissions that come with node-identity tokens (such as node:write) and exclusively added the permissions in the policy I’ve associated it with.
onsul acl token update -accessor-id 768bf4fc-9503-c206-c36b-b0e00db7158b -policy-name prom_sv_write
Using -append-policy-name instead of -policy-name didn’t make a difference.
How can I use node-identity tokens with additional policies?