javascript - 尽管设置了 CONSUL_HTTP_TOKEN,但领事 acl 创建权限被拒绝
问题描述
我使用npm 领事客户端。
我已设置CONSUL_HTTP_TOKEN为环境变量,并尝试使用创建令牌,consul.acl.create但我得到了Permission denied
//code
const express = require("express");
const consul = require("consul")();
console.log('Bootstrap token is ', process.env.CONSUL_HTTP_TOKEN);
consul.acl.create((err, result) => {
if(err) {
console.error('found error', err);
}});
输出是:
Bootstrap token is AccessorID: 9d0d8271-b8aa-6b03-c4f5-dce653853653
consul_1 | SecretID: f4a6ffc0-2a16-517e-d1c5-645eaaeb5f7a
consul_1 | Description: Bootstrap Token (Global Management)
consul_1 | Local: false
consul_1 | Create Time: 2021-03-19 20:19:16.9918012 +0000 UTC
consul_1 | Policies:
consul_1 | 00000000-0000-0000-0000-000000000001 - global-management
2021-03-19T20:19:17.139Z [ERROR] agent.http: Request error: method=PUT url=/v1/acl/create from=127.0.0.1:43776 error="Permission denied"
consul_1 | 2021-03-19T20:19:17.139Z [DEBUG] agent.http: Request finished: method=PUT url=/v1/acl/create from=127.0.0.1:43776 latency=170.7µs
consul_1 | found error Error: Permission denied
consul_1 | at create (/app/node_modules/papi/lib/errors.js:14:5)
consul_1 | at Object.response [as Response] (/app/node_modules/papi/lib/errors.js:38:15)
consul_1 | at IncomingMessage.<anonymous> (/app/node_modules/papi/lib/client.js:592:26)
consul_1 | at IncomingMessage.emit (events.js:326:22)
consul_1 | at endReadableNT (_stream_readable.js:1241:12)
consul_1 | at processTicksAndRejections (internal/process/task_queues.js:84:21) {
consul_1 | isPapi: true,
consul_1 | isResponse: true,
consul_1 | statusCode: 403
consul_1 | }
配置.json:
{
"acl": {
"enabled": true,
"default_policy": "deny",
"enable_token_persistence": true
}
}
解决方案
Consul 客户端包不会自动使用CONSUL_HTTP_TOKEN环境变量中的 Consul 令牌。您必须显式定义一个令牌,以便在初始化 Consul 客户端时或为每个请求使用。
例如:
import consul from 'consul';
// Read Consul token from environment variable
const bootstrapToken = process.env.CONSUL_HTTP_TOKEN;
// Initialize the Consul client
// Set a token to be used by default for every request
const defaultClientOptions = {
defaults: {
token: bootstrapToken
}
}
const consulClient = new consul(defaultClientOptions);
// Query KV store for key 'test'
let kvQueryOptions = { key: 'test' }
consulClient.kv.get(kvQueryOptions, function (err, result) {
if (err) throw err;
if (!result) {
console.log(`Key '${kvQueryOptions.key}' does not exist.`)
return;
}
result.forEach(item => {
console.log(item);
});
});
// Query for key 'test2'
// Override the default token with a different token for this request
kvQueryOptions = {
key: 'test2',
token: 'C601F13E-AF45-4674-B6AB-BA50299DA0A4'
}
consulClient.kv.get(kvQueryOptions, function (err, result) {
if (err) throw err;
if (!result) {
console.log(`Key '${kvQueryOptions.key}' does not exist.`)
return;
}
result.forEach(item => {
console.log(item);
});
});
推荐阅读
- sql-server - 在 SQL Server 中为两个日期之间的每一天添加一行,其中包含小时数
- python - 在 GUI 中捕获特定的组合键
- django - 在通用 UpdateView 中限制下拉结果
- unix - 用于替换 .csv 文件第一列的 Unix 命令
- reactjs - Hooks 更改后,何时在 ReactJS 中使用无状态和有状态组件?
- scala - scala中的saveasTextFile(“路径”)
- html - Materialize SideNav 固定不适合 div
- angular - ScrollView 在 NativeScript 中不滚动
- python - 使用 pandas 清理海量数据集
- coinbase-api - 如何使用 Coinbase API 为 XRP 交易设置存款标签?