consul watch within namespace #9353
Assignees
Labels
type/bug
Feature does not function as expected
Comments
blake
added a commit
that referenced
this issue
Aug 5, 2021
Remove unnecessary query to determine node name when using `consul watch`. Fixes #9353
blake
added a commit
that referenced
this issue
Aug 8, 2021
Replace call to /agent/self with /status/leader to verify agent reachability before initializing a watch. This endpoint is not guarded by ACLs, and as such can be queried by any unauthenticated API client. Fixes #9353
blake
added a commit
that referenced
this issue
Aug 9, 2021
Replace call to /agent/self with /status/leader to verify agent reachability before initializing a watch. This endpoint is not guarded by ACLs, and as such can be queried by any API client regardless of their permissions. Fixes #9353
hc-github-team-consul-core
pushed a commit
that referenced
this issue
Aug 9, 2021
Replace call to /agent/self with /status/leader to verify agent reachability before initializing a watch. This endpoint is not guarded by ACLs, and as such can be queried by any API client regardless of their permissions. Fixes #9353
hc-github-team-consul-core
pushed a commit
that referenced
this issue
Aug 9, 2021
Replace call to /agent/self with /status/leader to verify agent reachability before initializing a watch. This endpoint is not guarded by ACLs, and as such can be queried by any API client regardless of their permissions. Fixes #9353
hc-github-team-consul-core
pushed a commit
that referenced
this issue
Aug 9, 2021
Replace call to /agent/self with /status/leader to verify agent reachability before initializing a watch. This endpoint is not guarded by ACLs, and as such can be queried by any API client regardless of their permissions. Fixes #9353
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
trying to watch over a KV entry in a namespace, but gets permission denied errors when using the namespace-management token.
Еxpectation is to be able to do use consul watch command in a namespace.
When running a consul watch command in the default namespace, it executes normally:
consul watch -type=keyprefix -prefix=redis/
[
{
"Key": "redis/config/minconns",
"CreateIndex": 9601002,
"ModifyIndex": 9601002,
"LockIndex": 0,
"Flags": 0,
"Value": "NTY0Mw==",
"Session": "",
"Namespace": "default"
}
]
However, when this is run within a namespace (using namespace operator token), a 403 error is returned:
consul watch -type=keyprefix -prefix=redis/
Error querying Consul agent: Unexpected response code: 403 (Permission denied)
Looking at docs and source code, it seems that consul watch command does not support namespace functionality.
https://github.com/hashicorp/consul-enterprise/blob/master/command/watch/watch.go
Filing this bug report as requested from @mikemorris .
The text was updated successfully, but these errors were encountered: