Policy for token in consul for fabio

[tomaprzem]

I have implemented Consul 1.5.1 with options: acl_enable = true and default_policy = deny.
I would like to create a policy and token for fabio.
What should the policy configuration look like?
I tested several configurations and always got errors
"[WARN] Error initializing backend. Unexpected response code: 403 (Permission denied)"
I know that master token works correctly.
Fabio version is 1.5.11 in docker.

[scalp42]

@tomaprzem our current policy for an environment called dev-usw2-dev1:

node_prefix {
  "" {
    policy = "read"
  }
}
service {
  fabio {
    policy = "write"
  }
}
service_prefix {
  "" {
    policy = "write"
  }
}
key_prefix {
  "fabio/dev-usw2-dev1" {
    policy = "write"
  }
}
key {
  "fabio/noroute.html" {
    policy = "write"
  }
}
agent {
  "fabio-i-09e2f4e889c35818b" {
    policy = "read"
  }
}

Hopefully it helps.

It can be probably be tweaked as you're allowing Fabio to register any kind of service, might want to restrict per env for example with a service prefix like "dev".

This is not a concern for us but YMMV. Please make sure you understand the policy carefully.