Update "terminating-gateway-token" ACL policy when registering a server with a terminating gateway

[barrymars]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request. Searching for pre-existing feature requests helps us consolidate datapoints for identical requirements into a single place, thank you!
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.

---

Related to: https://github.com/hashicorp/consul/issues/12605

Feature Description

When using a TerminatingGateway and ACLs it is necessary to update the terminating-gateway-token acl policy to have service: write for that service service "example-https" { policy = "write" }

or configure the policy with service_prefix "" { policy = "write" }

to avoid the manual step but reduce security.

It would be nice if while registering a service with a terminating gateway (preferably via CRD) that this policy was updated automatically

[lkysow]

Thanks Barry, I agree this would be an excellent change.