With a super-admin level of permission, I'm getting an HTTP 403 error still when attempting to update just 1 field on the kubernetes auth method's configuration:
~/workspace $ vault patch auth/kubernetes/config kubernetes_host=https://kube.example.com:443 kubernetes_ca_cert=@./my-cert.pem token_reviewer_jwt="$JWT"
Error writing data to auth/kubernetes/config: Error making API request.
URL: PATCH https://vault.example.com/v1/auth/kubernetes/config
Code: 403. Errors:
* 1 error occurred:
* permission denied
Judging from the source code, it seems path_config.go doesn't support PATCH, but does that mean I need to retain a copy of the Token Reviewer JWT (and any other secrets used to configure it) when I want to update the Root CA cert pool it observes? Or perhaps if I want to switch from a pinned certificate approach to the system's observed CA cert pool?
With a super-admin level of permission, I'm getting an HTTP 403 error still when attempting to update just 1 field on the kubernetes auth method's configuration:
Judging from the source code, it seems
path_config.godoesn't supportPATCH, but does that mean I need to retain a copy of the Token Reviewer JWT (and any other secrets used to configure it) when I want to update the Root CA cert pool it observes? Or perhaps if I want to switch from a pinned certificate approach to the system's observed CA cert pool?