From e28bed17fbcb0a212adcbb925002831023a4757e Mon Sep 17 00:00:00 2001 From: Blake Covarrubias Date: Thu, 5 Aug 2021 02:14:53 -0700 Subject: [PATCH 1/2] cli: Test API access using /status/leader in consul watch Replace call to /agent/self with /status/leader to verify agent reachability before initializing a watch. This endpoint is not guarded by ACLs, and as such can be queried by any unauthenticated API client. Fixes #9353 --- command/watch/watch.go | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/command/watch/watch.go b/command/watch/watch.go index 915463330d9b..f4e9211c9c6a 100644 --- a/command/watch/watch.go +++ b/command/watch/watch.go @@ -158,13 +158,19 @@ func (c *cmd) Run(args []string) int { return 1 } - // Create and test the HTTP client + // Create and test that the API is accessible before starting a blocking + // loop for the watch. + // + // Consul does not have a /ping endpoint, so the /status/leader endpoint + // will be used as a substitute since it does not require an ACL token to + // query, and will always return a response to the client, unless there is a + // network communication error. client, err := c.http.APIClient() if err != nil { c.UI.Error(fmt.Sprintf("Error connecting to Consul agent: %s", err)) return 1 } - _, err = client.Agent().NodeName() + _, err = client.Status().Leader() if err != nil { c.UI.Error(fmt.Sprintf("Error querying Consul agent: %s", err)) return 1 From c0494792e244edd04e2f2fb28d28507e18564499 Mon Sep 17 00:00:00 2001 From: Blake Covarrubias Date: Sun, 8 Aug 2021 11:07:46 -0700 Subject: [PATCH 2/2] Update changelog --- .changelog/10795.txt | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 .changelog/10795.txt diff --git a/.changelog/10795.txt b/.changelog/10795.txt new file mode 100644 index 000000000000..361500836a47 --- /dev/null +++ b/.changelog/10795.txt @@ -0,0 +1,4 @@ +```release-note:bug +cli: Fix a bug which prevented initializing a watch when using a namespaced +token. +```