Consul Sessions not working?

AstraLuma · September 23, 2024, 2:44pm

Ok, I’m experimenting with fly consul, and I need sessions and locks. When I try to create an (appropriate prefixed) session, I just get 403 errors. In both Go (official client) and Python (py-consul).

KV works. The session name is prefixed. I just know py-consul does this by calling /v1/session/create (and I think golang is doing something similar, based on the splunking).

Either I’m missing something basic, or Fly’s Consul isn’t configured like it used to be?

AstraLuma · September 23, 2024, 2:56pm

import logging
import os
import urllib.parse

import consul

logging.basicConfig(level='DEBUG')

url = urllib.parse.urlparse(os.environ['FLY_CONSUL_URL'])
client = consul.Consul(host=url.hostname, port=url.port or 443, scheme=url.scheme, token=url.password)
prefix = url.path.strip('/')

client.kv.put(f'{prefix}/spam', 'eggs')
client.kv.get(f'{prefix}/spam')
client.session.create(f'{prefix}/foobar')

DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): consul-na.fly-shared.net:443
DEBUG:urllib3.connectionpool:https://consul-na.fly-shared.net:443 "PUT /v1/kv/<app>/spam?token=<token> HTTP/11" 200 None
DEBUG:urllib3.connectionpool:https://consul-na.fly-shared.net:443 "GET /v1/kv/<app>/spam?token=<token> HTTP/11" 200 None
DEBUG:urllib3.connectionpool:https://consul-na.fly-shared.net:443 "PUT /v1/session/create HTTP/11" 403 None
Traceback (most recent call last):
  File "/test.py", line 15, in <module>
    client.session.create(f'{prefix}/foobar')
  File "/usr/lib/python3.12/site-packages/consul/api/session.py", line 64, in create
    return self.agent.http.put(CB.json(is_id=True), "/v1/session/create", params=params, data=data)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/consul/std.py", line 23, in put
    return callback(self.response(self.session.put(uri, data=data, verify=self.verify, cert=self.cert)))
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/consul/callback.py", line 57, in cb
    CB._status(response, allow_404=allow_404)
  File "/usr/lib/python3.12/site-packages/consul/callback.py", line 20, in _status
    raise ACLPermissionDenied(response.body)
consul.exceptions.ACLPermissionDenied: rpc error making call: Permission denied

AstraLuma · September 23, 2024, 3:11pm

It looks like py-consul might have a bug where it doesn’t send authentication with session-related API calls. Which isn’t great.

But afaict (I’m not that good with go), the official go module doesn’t have this bug.

system · September 30, 2024, 3:11pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
FLY_CONSUL_URL no such host Questions / Help	10	361	April 4, 2024
Sneak peak: global lock service	2	2592	April 25, 2021
Postgres having issues: `cannot create kv store` postgres , consul	5	257	December 14, 2023
enable_consul does not result in FLY_CONSUL_URL env var present consul , litefs	3	136	April 9, 2024
Fly Consul Questions / Help	1	934	March 3, 2022

Consul Sessions not working?

Related topics