Catalog acl policy catalog service empty

Gnoale · November 20, 2020, 3:20pm

Hello,
I set an acl token and policy as follow (with terraform) :

resource "consul_acl_policy" "kws-dev" {
  name = "kws-dev"
  rules = <<-RULE
    service_prefix "" {
      policy = "write"
    }
  RULE
}

resource "consul_acl_token" "kws-dev-token" {
  description = "kws-dev token"
  policies = ["${consul_acl_policy.kws-dev.name}"]
}

The token allows me to list services /v1/catalog/services
but when I try to query a specific one, the response is just empty /v1/catalog/service/a-real-service-in-catalog

With the bootstrap token I can get the service detail on the exact same endpoint

Someone knows what policy should I add ?

blake · December 6, 2020, 11:37am

Hi @Gnoale,

The /v1/catalog/service/:service endpoint requires a token have both node:read and service:read privileges. This is called out in the second table in the ACL Required column.

This slightly modified policy will allow that token to retrieve catalog details for a specific service.

node_prefix "" {
  policy = "read"
}

service_prefix "" {
  policy = "write"
}

Gnoale · December 8, 2020, 9:43am

Thanks a lot for your help, I missed the acl table column