Catalog acl policy catalog service empty

I set an acl token and policy as follow (with terraform) :

resource "consul_acl_policy" "kws-dev" {
  name = "kws-dev"
  rules = <<-RULE
    service_prefix "" {
      policy = "write"

resource "consul_acl_token" "kws-dev-token" {
  description = "kws-dev token"
  policies = ["${}"]

The token allows me to list services /v1/catalog/services
but when I try to query a specific one, the response is just empty /v1/catalog/service/a-real-service-in-catalog

With the bootstrap token I can get the service detail on the exact same endpoint

Someone knows what policy should I add ?

Hi @Gnoale,

The /v1/catalog/service/:service endpoint requires a token have both node:read and service:read privileges. This is called out in the second table in the ACL Required column.

This slightly modified policy will allow that token to retrieve catalog details for a specific service.

node_prefix "" {
  policy = "read"

service_prefix "" {
  policy = "write"

Thanks a lot for your help, I missed the acl table column :confused: