-
-
Notifications
You must be signed in to change notification settings - Fork 313
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Why is ACL ID read-only? #192
Comments
It may have been read-only at the time that it was made. @mdelagrange or @michaeltchapman do you guys know? I haven't worked with acls much. |
I don't know if there is a good puppet reason to make it read-only, but @rytutis is correct that it can be set in the API. |
Right, this feature wasn't added until consul https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#051-may-13-2015 |
There's nothing special about the attribute's treatment in the provider afaict so changing it to read-write shouldn't be an issue. |
I've been bang my head on my keyboard for a little while now. Is there a way to configured the Anonymous Token's policy via this module? Simply trying to disable write perms for annoymous.
I keep getting Connection Refused like consul isn't up yet when consul_acl makes the api call. EDIT:
|
@reppard it should work. I configure the Anonymous Token in much the same way without issue. Maybe it's a problem with your ACL token? |
@mdelagrange Thanks for the input. I've confirmed it to be timing with this terrible hack job
Should I create another issue you think? Seems like a poll and wait could be added for this api call. |
Yeah I'd recommend that. I've also experienced acl timeouts when I make a puppet change that leads to a consul restart. My guess is that Consul returns from startup before the API is available, but it could also be an issue in the puppet-consul logic somewhere. |
@reppard Feel free to open a separate issue and I can take a look. I think the general consensus here is to make this write as well, have some time this week I can look into this. If anyone else wants to work on this feel free. |
@aj-jester Thanks man! I created another issue. I want to use consul as a secret storage backend for vault. seems silly to have an anon policy that can read and write to everything for this use case. If I have time I may look into a possible solution and submit a PR if I get one going. Thanks for the great work. |
@mdelagrange good to close? |
yeah i think that will do it |
Hi,
https://github.com/solarkennedy/puppet-consul/blob/master/lib/puppet/type/consul_acl.rb#L40
Consul allows setting the ID when creating a token, wonder why is it read only in puppet-consul?
The text was updated successfully, but these errors were encountered: