Request error: method=GET url=/v1/agent/self

smutel · March 1, 2022, 3:50pm

Hello,

I am using consul as a terraform backend to store tfstate files.
Each time I am running terraform, I have several error messages like:

[ERROR] agent.http: Request error: method=GET url=/v1/agent/self from=127.0.0.1:34108 error="Permission denied"

Did I forget something in the config ?
Did I forget something in the ACL config ?

Here is my default ACL policy:

node_prefix "" {
  policy = "read"
}

service_prefix "" {
  policy = "read"
}

query_prefix "" {
  policy = "read"
}

Here is my ACL policy for terraform:

acl = "write"

key_prefix "" {
  policy = "read"
}

key_prefix "terraform/" {
  policy = "write"
}

session_prefix "" {
  policy = "write"
}

Here is my ACL policy for agents (consul servers):

node "node01" {
  policy = "write"
}

node "node02" {
  policy = "write"
}

Here is my ACL policy for agents (client):

node_prefix "" {
  policy = "write"
}

service_prefix "" {
  policy = "write"
}
```node_prefix "" {
  policy = "write"
}

service_prefix "" {
  policy = "write"
}

Thanks.

blake · March 1, 2022, 5:35pm

Hi @smutel,

You need to add agent:read permission to your ACL policy used by Terraform.

agent_prefix "" {
  policy = "read"
}

The documentation for the agent rules can be found here: https://www.consul.io/docs/security/acl/acl-rules#agent-rules.

Topic		Replies	Views
Consul backend for Terraform - Minimum ACL policies Consul	1	1609	December 23, 2019
Consul Provider Unable to Read Role that exists Consul	0	139	December 15, 2023
RPC failed to server: method=Coordinate.Update server=192.168.1.1:8300 error="rpc error making call: Permission denied" Consul	2	1504	February 1, 2023
Cannot get consul server instance running Consul	7	902	November 28, 2022
Consul Agent access to KV denied by ACL Consul acl	8	7768	August 11, 2020

Request error: method=GET url=/v1/agent/self

Related Topics