400 (request "Bad Request") The specified username is not a valid email address.

hashicorp / vault-plugin-database-mongodbatlas

Mozilla Public License 2.0

10 stars 8 forks source link

400 (request "Bad Request") The specified username is not a valid email address. #7

Closed Throckmortra closed 4 years ago

Throckmortra commented 4 years ago

Hi, when following along with the docs here: https://www.vaultproject.io/docs/secrets/databases/mongodbatlas/

I'm getting this error:

Error reading database/creds/admin: Error making API request.

URL: GET https://redacted/v1/database/creds/admin
Code: 500. Errors:

* 1 error occurred:
    * POST https://cloud.mongodb.com/api/atlas/v1.0/groups/redacted/databaseUsers: 400 (request "Bad Request") The specified username is not a valid email address.

I'm running vault 1.4

themantissa commented 4 years ago

@Throckmortra without more information on what was included and the project this is hard to track down. Would communicating directly via email work for you? melissa.plunkett@mongodb.com or communicate directly via the Atlas support portal to our team and we can see what's going on? I've also included a longer guide here: https://www.mongodb.com/blog/post/manage-atlas-database-secrets-hashicorp-vault

themantissa commented 4 years ago

I will add that we've seen some interesting errors when putting the creation statement on more than one line so also try changing it to one line: creation_statements='{ "database_name": "admin", "roles [{"databaseName":"admin","roleName":"atlasAdmin"}]}'

Throckmortra commented 4 years ago

thanks Melissa I will email you

themantissa commented 4 years ago

Update:

The error message from Atlas is now more clear. If anyone encounters an error like:

POST https://cloud.mongodb.com/api/atlas/v1.0/groups/GROUPID/databaseUsers: 400 (request "Bad Request") The specified username v-user.name-admin-RANDOMSTRING-RANDOMSTRING is not valid for an Atlas database user.

It means that the username the vault command is run under has a special character in it that Atlas does not allow for database usernames, e.g. the period in the name above. Atlas database username can only contain ASCII letters, numbers, hyphens, and underscores, and should begin with a letter or number so if your Vault username does not adhere to this requirement the request will fail.

Current workaround is to use with a Vault username that adheres to the standard.

We are also investigating an option to properly handle this situation.

cc @thetonymaster

themantissa commented 4 years ago

Fix merged and will be in 1.4.2. @Throckmortra please let us know if experience any further issues after that release. Thanks!

Throckmortra commented 4 years ago

thank you so much @themantissa !

kalafut commented 4 years ago

Fixed in #9