Open knorx opened 2 years ago
When the token should be renewed, this also needs a policy. I have added this to the merge request as well:
path "auth/token/renew-self" {
capabilities = ["update"]
}
I'm going to think on this, I'm going to do my best to come up with a better way to determine v2 vs. v1. It might even be better to make this an explicit config option, though this would break functionality for people expecting this behavior.
I just connected fabio to our vault and got stuck in a permission issue. Fabio always reported:
The fun part is that this path is not documented as necessary policy entry in the vault section. I checked the code and fount the function kvPreflightVersionRequest as culprit, which should report the version of the kv secrets store. We use kv2. It works when the following section is added to the fabio policy in vault:
This should be part of the documentation.