hashicorp
Consul ESM incompatible with Consul 1.21.5 due to KV validation
Hey all,
I looks like Consul ESM is incompatible with Consul v1.21.5 due to a new KV key validation rules introduced as a security fix. ESM creates internal keys using colon (:) characters which are now rejected by Consul's KV store. Consul Change: [GH-22682] https://github.com/hashicorp/consul/pull/22682
Environment
Consul Version: 1.21.5 Consul ESM Version: 0.9.1 (latest) Platform: Docker/Linux
Issue Description
After upgrading Consul to 1.21.5, Consul ESM fails to operate with the following error: 2025-09-25T12:46:54.269Z [WARN] consul-esm: Error querying for node watch list: error="Unexpected response code: 500 (invalid key name, keys should respect the "^[a-zA-Z0-9,_./\-?&=]+$" format)"
I writes always a key with the name of the Service and the Instanceid with a colon (:) in the middle. Based on the Regex, the colon is not allowed!
ESM Error Logs
log2025-09-25T12:46:54.262Z [DEBUG] consul-esm: Registered ESM service with Consul 2025-09-25T12:46:54.262Z [INFO] consul-esm: Trying to obtain leadership... 2025-09-25T12:46:54.269Z [WARN] consul-esm: Error querying for node watch list: error="Unexpected response code: 500 (invalid key name, keys should respect the "^[a-zA-Z0-9,_./\-?&=]+$" format)" 2025-09-25T12:46:54.281Z [INFO] consul-esm: Obtained leadership 2025-09-25T12:46:54.285Z [INFO] consul-esm: Updating external node list: items=0
Not sure if anyone else would like to chime in on the PR improving this KV validation feature
https://github.com/hashicorp/consul/pull/22863
