0

While trying to debug patroni connection to consul, I tried to write simple python connector to consul myself.

That's what I'm doing(python3, Centos7)

import consul
c = consul.Consul(host='consul-host',port=port,token='some-token')
c.kv.get('/v1/kv/some/long/path/bar')

That's what I'm getting(same error as patroni produces):

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python3.6/site-packages/consul/base.py", line 554, in get
    params=params)
  File "/usr/local/lib/python3.6/site-packages/consul/std.py", line 22, in get
    self.session.get(uri, verify=self.verify, cert=self.cert)))
  File "/usr/local/lib/python3.6/site-packages/consul/base.py", line 223, in cb
    CB._status(response, allow_404=allow_404)
  File "/usr/local/lib/python3.6/site-packages/consul/base.py", line 181, in _status
    raise ACLPermissionDenied(response.body)
consul.base.ACLPermissionDenied: rpc error making call: Permission denied

Curl works fine with that token.

curl --header "X-Consul-Token:some-token" http://consul-host:port/v1/kv/some/long/path/bar | jq .

[
  {
    "LockIndex": 0,
    "Key": "/v1/kv/some/long/path/bar",
    "Flags": 0,
    "Value": "Zm9v",
    "CreateIndex": 2951475,
    "ModifyIndex": 2951475
  }
]

Any ideas on what am I doing wrong? Thanks.

Daniil Aksenov
  • 1

1 Answers1

0

Your traceback is pointing to consul/base.py:554:

return self.agent.http.get(
    CB.json(index=True, decode=decode, one=one),
    '/v1/kv/%s' % key,
    params=params)

Since you're passing key '/v1/kv/some/long/path/bar' it will hit endpoint http://consul-host:port/v1/kv/v1/kv/some/long/path/bar and not http://consul-host:port/v1/kv/some/long/path/bar

darw
  • 178
  • 7