Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request. Searching for pre-existing feature requests helps us consolidate datapoints for identical requirements into a single place, thank you!
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
If you are interested in working on this issue or have submitted a pull request, please leave a comment.
When using a TerminatingGateway and ACLs it is necessary to update the terminating-gateway-token acl policy to have service: write for that service
service "example-https" { policy = "write" }
or configure the policy with
service_prefix "" { policy = "write" }
to avoid the manual step but reduce security.
It would be nice if while registering a service with a terminating gateway (preferably via CRD) that this policy was updated automatically
Community Note
Related to: https://github.com/hashicorp/consul/issues/12605
Feature Description
When using a TerminatingGateway and ACLs it is necessary to update the terminating-gateway-token acl policy to have service: write for that service
service "example-https" { policy = "write" }
or configure the policy with
service_prefix "" { policy = "write" }
to avoid the manual step but reduce security.
It would be nice if while registering a service with a terminating gateway (preferably via CRD) that this policy was updated automatically