Auto Config, custom policies and default tokens

Hi folks!

I’m using Auto Config in my Consul cluster with Vault and I have to say it’s very nice feature especially for automation.

I’m actually using Gitlab CI/CD pipelines to create a key/policy/role for any VM deployed in order to get a JWT which is then used by an Ansible Consul role to install and configure my client agent. It works like a charm, at the end of the process, the client has magically joined the cluster using a local Auto Config Token.

Now, I would like to be able to assign a custom policy as the default policy to any new Auto Config Token. Is there a way to achieve that?

Also, is it possible to set the Auto Config Token distributed by the cluster to the client as the default token on the client agent? So far, if I want to deploy a Consul client with DNS capabilities, with auto config I don’t see how to automatically set the token returned by the Auto config mechanism as the default or agent token. Is that possible?

I hope this is clear enough

Thanks guys!

Auto-Config does not currently support user defined policy or setting the default token in addition to the agent token. These do sound like really good ideas though and I would encourage you to head over to github.com/hashicorp/consul and open up a feature request for these.

Thanks you for the information. I guess since I couldn’t find the answer in the documentation it was self explanatory. I’ll have to stick with the ACL stanza to deploy some specific nodes then.

I’ll take the time to open a feature request cause that would really be time saving.