尽管设置 CONSUL_HTTP_TOKEN,Consul acl create 的权限仍被拒绝
Consul acl create getting permission denied despite setting CONSUL_HTTP_TOKEN
我用npm consul客户端。
我已将 CONSUL_HTTP_TOKEN 设置为环境变量,并尝试使用 consul.acl.create 创建令牌,但我得到 Permission denied
//code
const express = require("express");
const consul = require("consul")();
console.log('Bootstrap token is ', process.env.CONSUL_HTTP_TOKEN);
consul.acl.create((err, result) => {
if(err) {
console.error('found error', err);
}});
输出为:
Bootstrap token is AccessorID: 9d0d8271-b8aa-6b03-c4f5-dce653853653
consul_1 | SecretID: f4a6ffc0-2a16-517e-d1c5-645eaaeb5f7a
consul_1 | Description: Bootstrap Token (Global Management)
consul_1 | Local: false
consul_1 | Create Time: 2021-03-19 20:19:16.9918012 +0000 UTC
consul_1 | Policies:
consul_1 | 00000000-0000-0000-0000-000000000001 - global-management
2021-03-19T20:19:17.139Z [ERROR] agent.http: Request error: method=PUT url=/v1/acl/create from=127.0.0.1:43776 error="Permission denied"
consul_1 | 2021-03-19T20:19:17.139Z [DEBUG] agent.http: Request finished: method=PUT url=/v1/acl/create from=127.0.0.1:43776 latency=170.7µs
consul_1 | found error Error: Permission denied
consul_1 | at create (/app/node_modules/papi/lib/errors.js:14:5)
consul_1 | at Object.response [as Response] (/app/node_modules/papi/lib/errors.js:38:15)
consul_1 | at IncomingMessage.<anonymous> (/app/node_modules/papi/lib/client.js:592:26)
consul_1 | at IncomingMessage.emit (events.js:326:22)
consul_1 | at endReadableNT (_stream_readable.js:1241:12)
consul_1 | at processTicksAndRejections (internal/process/task_queues.js:84:21) {
consul_1 | isPapi: true,
consul_1 | isResponse: true,
consul_1 | statusCode: 403
consul_1 | }
Config.json :
{
"acl": {
"enabled": true,
"default_policy": "deny",
"enable_token_persistence": true
}
}
Consul 客户端包不会自动使用来自 CONSUL_HTTP_TOKEN 环境变量的 Consul 令牌。您必须明确定义一个令牌,以便在初始化 Consul 客户端或每个请求时使用。
例如:
import consul from 'consul';
// Read Consul token from environment variable
const bootstrapToken = process.env.CONSUL_HTTP_TOKEN;
// Initialize the Consul client
// Set a token to be used by default for every request
const defaultClientOptions = {
defaults: {
token: bootstrapToken
}
}
const consulClient = new consul(defaultClientOptions);
// Query KV store for key 'test'
let kvQueryOptions = { key: 'test' }
consulClient.kv.get(kvQueryOptions, function (err, result) {
if (err) throw err;
if (!result) {
console.log(`Key '${kvQueryOptions.key}' does not exist.`)
return;
}
result.forEach(item => {
console.log(item);
});
});
// Query for key 'test2'
// Override the default token with a different token for this request
kvQueryOptions = {
key: 'test2',
token: 'C601F13E-AF45-4674-B6AB-BA50299DA0A4'
}
consulClient.kv.get(kvQueryOptions, function (err, result) {
if (err) throw err;
if (!result) {
console.log(`Key '${kvQueryOptions.key}' does not exist.`)
return;
}
result.forEach(item => {
console.log(item);
});
});
我用npm consul客户端。
我已将 CONSUL_HTTP_TOKEN 设置为环境变量,并尝试使用 consul.acl.create 创建令牌,但我得到 Permission denied
//code
const express = require("express");
const consul = require("consul")();
console.log('Bootstrap token is ', process.env.CONSUL_HTTP_TOKEN);
consul.acl.create((err, result) => {
if(err) {
console.error('found error', err);
}});
输出为:
Bootstrap token is AccessorID: 9d0d8271-b8aa-6b03-c4f5-dce653853653
consul_1 | SecretID: f4a6ffc0-2a16-517e-d1c5-645eaaeb5f7a
consul_1 | Description: Bootstrap Token (Global Management)
consul_1 | Local: false
consul_1 | Create Time: 2021-03-19 20:19:16.9918012 +0000 UTC
consul_1 | Policies:
consul_1 | 00000000-0000-0000-0000-000000000001 - global-management
2021-03-19T20:19:17.139Z [ERROR] agent.http: Request error: method=PUT url=/v1/acl/create from=127.0.0.1:43776 error="Permission denied"
consul_1 | 2021-03-19T20:19:17.139Z [DEBUG] agent.http: Request finished: method=PUT url=/v1/acl/create from=127.0.0.1:43776 latency=170.7µs
consul_1 | found error Error: Permission denied
consul_1 | at create (/app/node_modules/papi/lib/errors.js:14:5)
consul_1 | at Object.response [as Response] (/app/node_modules/papi/lib/errors.js:38:15)
consul_1 | at IncomingMessage.<anonymous> (/app/node_modules/papi/lib/client.js:592:26)
consul_1 | at IncomingMessage.emit (events.js:326:22)
consul_1 | at endReadableNT (_stream_readable.js:1241:12)
consul_1 | at processTicksAndRejections (internal/process/task_queues.js:84:21) {
consul_1 | isPapi: true,
consul_1 | isResponse: true,
consul_1 | statusCode: 403
consul_1 | }
Config.json :
{
"acl": {
"enabled": true,
"default_policy": "deny",
"enable_token_persistence": true
}
}
Consul 客户端包不会自动使用来自 CONSUL_HTTP_TOKEN 环境变量的 Consul 令牌。您必须明确定义一个令牌,以便在初始化 Consul 客户端或每个请求时使用。
例如:
import consul from 'consul';
// Read Consul token from environment variable
const bootstrapToken = process.env.CONSUL_HTTP_TOKEN;
// Initialize the Consul client
// Set a token to be used by default for every request
const defaultClientOptions = {
defaults: {
token: bootstrapToken
}
}
const consulClient = new consul(defaultClientOptions);
// Query KV store for key 'test'
let kvQueryOptions = { key: 'test' }
consulClient.kv.get(kvQueryOptions, function (err, result) {
if (err) throw err;
if (!result) {
console.log(`Key '${kvQueryOptions.key}' does not exist.`)
return;
}
result.forEach(item => {
console.log(item);
});
});
// Query for key 'test2'
// Override the default token with a different token for this request
kvQueryOptions = {
key: 'test2',
token: 'C601F13E-AF45-4674-B6AB-BA50299DA0A4'
}
consulClient.kv.get(kvQueryOptions, function (err, result) {
if (err) throw err;
if (!result) {
console.log(`Key '${kvQueryOptions.key}' does not exist.`)
return;
}
result.forEach(item => {
console.log(item);
});
});