Dedicated UI token configuration parameter for Consul Server

[sky-philipalmeida]

Notice

The present request applies to Consul Server instances

Feature Description

After activating ACL on the consul server I bumped into an issue.

I want to set up service checks for the Consul Server itself but to do that I need to specify a default token with the proper permission to register service checks.

The problem is, when you specify a default token with access such as service write the UI is affected and no longer protected, seems default token on a server instance will be used as the default token for the UI also.

The present feature request pruposes the creation of a parameter that enables to specify a token only for the UI and another as the default decoupling functions such as add service checks for a consul server instances from the UI default token permissions.

Hope this makes sense to you :)

[blake]

I want to set up service checks for the Consul Server itself but to do that I need to specify a default token with the proper permission to register service checks.

Are you trying to register services and checks on the Consul servers by specifying them in the agent config file? If so, you'll want to use the config_file_service_registration token that was introduced in Consul 1.15.0 instead of the default token so that you can avoid the permission issue you've highlighted.