Comments (5)
Hello @depesz,
I tested, this works for me.
Here are my reproduction steps...
Steps
Configure basic Consul with tokens:
Create file consul-token.hcl:
acl {
enabled = true
default_policy = "deny"
down_policy = "extend-cache"
}
Start Consul with this file
consul agent -dev -config-file=consul-token.hcl
Configure ACLs
consul acl bootstrap
=>
AccessorID: 646b41dc-b508-0e74-fcbb-67c7c7d7741c
SecretID: 7f5ebb8b-a57c-9354-76ad-e2b2e29f56dd
Description: Bootstrap Token (Global Management)
Local: false
Create Time: 2022-08-26 23:53:10.374542 +0200 CEST
Policies:
00000000-0000-0000-0000-000000000001 - global-management
=> Retrieve the token value displayed as SecretID => in this example 7f5ebb8b-a57c-9354-76ad-e2b2e29f56dd
Create the test script
#!/usr/bin/env ruby
# frozen_string_literal: true
require 'diplomat'
consul_token = ENV["MY_TOKEN"] || nil
Diplomat.configure do |config|
config.acl_token = consul_token
end if consul_token
puts Diplomat::Health.service('consul', { 'x-consul-index': 42, 'wait': '5s' })
puts Diplomat::Datacenter::get()
puts Diplomat::Kv.put("global/some/key", "random_value")
puts Diplomat::Kv.get("global/some/key" )
And make it executable:
chmod a+x test.rb
Now, let's validate this works:
Without token:
./test.rb
dc1
Traceback (most recent call last):
[...]
<REDACTED>/faraday-2.5.2/lib/faraday/response/raise_error.rb:20:in `on_complete': the server responded with status 403 (Faraday::ForbiddenError)
With token
MY_TOKEN=7f5ebb8b-a57c-9354-76ad-e2b2e29f56dd ./test.rb
#<OpenStruct Node={"ID"=>"8f4feaae-9d98-252f-06dc-ad94548b3472", "Node"=>"mynode", "Address"=>"127.0.0.1", "Datacenter"=>"dc1", "TaggedAddresses"=>nil, "Meta"=>nil, "CreateIndex"=>13, "ModifyIndex"=>13}, Service={"ID"=>"consul", "Service"=>"consul", "Tags"=>[], "Address"=>"", "Meta"=>{"non_voter"=>"false", "raft_version"=>"3", "read_replica"=>"false", "serf_protocol_current"=>"2", "serf_protocol_max"=>"5", "serf_protocol_min"=>"1", "version"=>"1.10.1"}, "Port"=>8300, "Weights"=>{"Passing"=>1, "Warning"=>1}, "EnableTagOverride"=>false, "Proxy"=>{"Mode"=>"", "MeshGateway"=>{}, "Expose"=>{}}, "Connect"=>{}, "CreateIndex"=>13, "ModifyIndex"=>13}, Checks=[{"Node"=>"b188lfC02DJ1HZMD6M", "CheckID"=>"serfHealth", "Name"=>"Serf Health Status", "Status"=>"passing", "Notes"=>"", "Output"=>"Agent alive and reachable", "ServiceID"=>"", "ServiceName"=>"", "ServiceTags"=>[], "Type"=>"", "ExposedPort"=>0, "Definition"=>{}, "CreateIndex"=>13, "ModifyIndex"=>13}]>
dc1
true
random_value
With a wrong token
MY_TOKEN=some_wrong_token ./test.rb
Traceback (most recent call last):
[...]
<REDACTED>/faraday-2.5.2/lib/faraday/response/raise_error.rb:20:in `on_complete': the server responded with status 403 (Faraday::ForbiddenError)
[...]
<REDACTED>/diplomat-2.6.4/lib/diplomat/rest_client.rb:262:in `rescue in send_get_request': the server responded with status 403 (Diplomat::AclNotFound)
So, most probably there is a little mistake or some weird environment variable somewhere. Can you try with my steps and confirm this works?
Alternative
Most methods of diplomat also support per request token.
On my side, this is my preferred method, because Diplomat::configure has side effects, so I try to avoid it as much as possible (it changes the token for the whole instance of library).
So it is perfectly possible to write this code:
#!/usr/bin/env ruby
# frozen_string_literal: true
require 'diplomat'
consul_token = ENV["MY_TOKEN"] || nil
puts Diplomat::Kv.get("global/some/key", {:token=>consul_token} )
=> which works the same way, but with more flexibility (because you can use several tokens in the same diplomat instance)
$ MY_TOKEN=7f5ebb8b-a57c-9354-76ad-e2b2e29f56dd ./test.rb
random_value
$ ./test.rb
Traceback (most recent call last):
2: from ./test.rb:9:in `<main>'
1: from <REDACTED>/diplomat-2.6.4/lib/diplomat/rest_client.rb:57:in `method_missing'
<REDACTED>/diplomat-2.6.4/lib/diplomat/kv.rb:78:in `get': status 403: Permission denied (Diplomat::UnknownStatus)
Please if this works, can you close the issue?
Otherwise, could you specify your:
- Consul version
- Faraday version
- Diplomat version
- OS
Kind Regards
from diplomat.
Sooo. I can't do any tests, because appranently admins changed environment so that I can now query consul without providing token at all.
So, sorry about notice, this can be close (I'm closing the ticket), but right now all works with just:
require 'diplomat'
puts Diplomat::Kv.get("some/key", { :http_addr => "http://consul:8500" } )
from diplomat.
@depesz still the steps I gave you let you test on your machine on a Consul agent in dev mode... (so, no need for infrastructure)
from diplomat.
While I understand, I have no idea how to setup consul. what it needs, what is dev mode and so on. I just have "consul" in prod environmetn, and need to get data out of it. which didn't work, but now it apparently does :) So, everything is well for me.
from diplomat.
@depesz Just download it for your architecture and you are done: https://www.consul.io/downloads
from diplomat.
Related Issues (20)
- /v1/catalog/register is broken after upgrade to v2.1.2 HOT 1
- Support Consul 1.4.0+ ACL system HOT 2
- Add support for Consul 1.5.x ACL tokens HOT 2
- Add support for Consul 1.5.x Auth Method and Binding Rule HTTP APIs HOT 2
- Improve error message in case of missing ACL
- 2.3.0: syntax error in file lib/diplomat/rest_client.rb:243 ? HOT 4
- It is unable to retrieve service configuration from consul HOT 2
- Add support for Operator Autopilot API HOT 5
- Due to faraday 1.1 release diplomat only works on ruby 2.4+
- Unable to use multiple tags when querying for services HOT 2
- Bump faraday requirement HOT 1
- Register HTTP checks HOT 3
- Add support for default datacenter HOT 3
- Broken link to API documentation HOT 3
- Register entities via agent
- Add blocking read support for service health endpoint HOT 3
- Faraday 2.0.0 breaks diplomat HOT 4
- Faraday 1.x can bypass Diplomat::QueryAlreadyExists HOT 1
- Kv.put() method with Consul v1.10.1 results in KV entries that are visible via CLI/API, but not UI HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from diplomat.