Request error: method=GET url=/v1/agent/self

smutel · March 1, 2022, 3:50pm

Hello,

I am using consul as a terraform backend to store tfstate files.
Each time I am running terraform, I have several error messages like:

[ERROR] agent.http: Request error: method=GET url=/v1/agent/self from=127.0.0.1:34108 error="Permission denied"

Did I forget something in the config ?
Did I forget something in the ACL config ?

Here is my default ACL policy:

node_prefix "" {
  policy = "read"
}

service_prefix "" {
  policy = "read"
}

query_prefix "" {
  policy = "read"
}

Here is my ACL policy for terraform:

acl = "write"

key_prefix "" {
  policy = "read"
}

key_prefix "terraform/" {
  policy = "write"
}

session_prefix "" {
  policy = "write"
}

Here is my ACL policy for agents (consul servers):

node "node01" {
  policy = "write"
}

node "node02" {
  policy = "write"
}

Here is my ACL policy for agents (client):

node_prefix "" {
  policy = "write"
}

service_prefix "" {
  policy = "write"
}
```node_prefix "" {
  policy = "write"
}

service_prefix "" {
  policy = "write"
}

Thanks.

blake · March 1, 2022, 5:35pm

Hi @smutel,

You need to add agent:read permission to your ACL policy used by Terraform.

agent_prefix "" {
  policy = "read"
}

The documentation for the agent rules can be found here: https://www.consul.io/docs/security/acl/acl-rules#agent-rules.