search

AcalephStorage / consul-alerts

A simple daemon to send notifications based on Consul health checks
GNU General Public License v2.0
825 stars 191 forks source link

Incorrect policy given in README #284

Open jakubgs opened 2 years ago

jakubgs commented 2 years ago

I used the policy that's recommended in the Configuration seciont of README:

key "consul-alerts" {
  policy = "write"
}

service "" {
  policy = "read"
}

event "" {
  policy = "read"
}

session "" {
  policy = "write"
}

But that resulted in errors like these from consul-alerts:

[ERROR] watch.watch: Watch errored: type=checks error="Unexpected response code: 403 (rpc error making call: ACL not found)" retry=3m0s

And these on the Consul agent side:

[ERROR] agent.http: Request error: method=PUT url=/v1/session/create?dc=he-eu-hel1&token=<hidden> from=127.0.0.1:60866 error="rpc error making call: Permission denied"

Changing the policy from session to session_prefix did fix that though:

service_prefix "" { 
  policy = "write" 
}

Not sure what that's about, but maybe this helps someone.

jakubgs commented 2 years ago

Actually, after a bunch of fiddling this is what works:

key_prefix "consul-alerts/" {
  policy = "write"
}

service_prefix "" {
  policy = "read"
}

node_prefix "" {
  policy = "read"
}

event_prefix "" {
  policy = "read"
}

session_prefix "" {
  policy = "write"
}