Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Credential Store creation fails when using Vault namespace #1597

Closed
grantorchard opened this issue Oct 13, 2021 · 1 comment · Fixed by #1660
Closed

Credential Store creation fails when using Vault namespace #1597

grantorchard opened this issue Oct 13, 2021 · 1 comment · Fixed by #1660
Assignees
@mgaffney
Milestone
0.7.0

Comments

@grantorchard
Copy link
Contributor

Describe the bug
Credential stores cannot be registered against a Vault namespace.

To Reproduce
Steps to reproduce the behavior:

  1. Generate a token vault token create -policies=boundary_credential_store -orphan -period=60 -renewable=true
  2. Add vault URL, token, and namespace to UI. Click save
  3. Error response:
credentialstores.(Service).createInRepo: unable to create credential store: vault.(Repository).CreateCredentialStore: unable to lookup vault token: vault.(client).lookupToken: vault: http://127.0.0.1:8200: unknown: error #0: Error making API request. URL: GET http://127.0.0.1:8200/v1/auth/token/lookup-self Code: 403. Errors: * permission denied

Please note that this works as expected in the default/root namespace of Vault.

Expected behavior
Token checks query occur within the configured namespace.

Additional context
This is a blocker for configuration of Boundary with HCP Vault which doesn't give access to the root namespace, and defaults into the "admin" namespace.
@mgaffney mgaffney self-assigned this Oct 20, 2021
@jefferai jefferai mentioned this issue Nov 3, 2021
Merged
jefferai added a commit that referenced this issue Nov 3, 2021
@jefferai
Pass namespace to the Vault client
24b952d 
The namespace was plumbed all the way through the API but isn't actually
set on the client when it is created.

Fixes #1597
@jefferai jefferai added this to the 0.7.0 milestone Nov 3, 2021
jefferai added a commit that referenced this issue Nov 3, 2021
@jefferai
Pass namespace to the Vault client (#1660)
03de1c4 
The namespace was plumbed all the way through the API but isn't actually
set on the client when it is created.

Fixes #1597
@grantorchard
Copy link
Contributor Author

Thanks Jeff.

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@mgaffney mgaffney

Labels
None yet
Projects
None yet
Milestone
0.7.0
Development

Successfully merging a pull request may close this issue.

Pass namespace to the Vault client hashicorp/boundary
3 participants
@jefferai @mgaffney @grantorchard