approle error #3344
Comments
|
This issue has been one of those that which can't be easily reproduced. It is uncertain at this point as to what causes the secondary index of an existing role to get vanished. However, #3561 adds a workaround to this problem. Reading the role creates an index if its missing and returns a warning about the same. Closing this issue for now. Please report back with your use case if you witness that warning. |
|
FWIW, I'm having this problem consistently... I'll let you know if I see that warning. I'm using the Consul back end. I never saw it using the test version of Vault (with the in-memory store). |
|
@Alan-R There is a bunch of new locking we've added to the new version in addition to the warning, so hopefully it's sorted...but do let us know if you see the warning! |
|
I'm currently running your container - so upgrading would be somewhat annoying. It kind of depends on how soon your next release will come out with the fix. |
Why cannot this approle generate the token?
Other approles work well
[root@SHCLITVM0595 ~]# vault read -tls-skip-verify auth/approle/role/core-baseinfra/role-id Key Value
role_id ea0c4c49-aa4b-49df-1106-92668f38e9d9
[root@SHCLITVM0595 ~]# vault write -tls-skip-verify -f auth/approle/role/core-baseinfra/secret-id Key Value
secret_id 9f84e052-1d97-427a-922a-5a47b95fa850
secret_id_accessor 06da6044-af44-d1db-3213-40536344a213
[root@SHCLITVM0595 ~]# vault write -tls-skip-verify auth/approle/login role_id=ea0c4c49-aa4b-49df-1106-92668f38e9d9 secret_id=9f84e052-1d97-427a-922a-5a47b95fa850
Error writing data to auth/approle/login: Error making API request.
URL: PUT https://127.0.0.1:8200/v1/auth/approle/login
Code: 400. Errors:
[root@SHCLITVM0595 ~]# vault read -tls-skip-verify auth/approle/role/core-baseinfra
Key Value
bind_secret_id true
bound_cidr_list
period 0
policies [default test]
secret_id_num_uses 40
secret_id_ttl 600
token_max_ttl 1800
token_num_uses 10
token_ttl 1200
The text was updated successfully, but these errors were encountered: