duplicate role_id - Githubissues

hashicorp / vault-plugin-secrets-azure

Vault Azure Secrets plugin

Mozilla Public License 2.0

26 stars 19 forks source link

duplicate role_id #15

Closed ahisette closed 6 years ago

ahisette commented 6 years ago

Hello, I want to configure a role with the same azure role on different scope.

vault write providers/azure/roles/my-role ttl=30m azure_roles=-<<EOF
[
    {
        "role_name": "Contributor",
        "scope": "/subscriptions/XXXXXXXX/resourceGroups/RG1"                                                                                                 
    },
    {
        "role_name": "Contributor",
        "scope": "/subscriptions/XXXXXXXX/resourceGroups/RG2"
    }
]
EOF

Code: 400. Errors:

* duplicate role_id:'/subscriptions/XXXXXXXX/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c'

How I can do this ?

Thanks

kalafut commented 6 years ago

Thanks for the issue report. This is a bug. The uniqueness check should be against role_id+scope, not just role_id alone. A fix is in review now. After that is merged, you can build the plugin yourself, or wait until it appears in the next Vault release as a built-in.

A workaround prior to updating would be to create another role with the same permissions.

Thanks.

ahisette commented 6 years ago

Thank you for your speed of execution and the quality of work

ehsanhub commented 5 years ago

Hi kalafut

I am running to the same issue on Vault v0.11.4 , do we need to upgrade and if yes to what version ?

Thanks

kalafut commented 5 years ago

@ehsanhub It was added as part of Vault 1.0 https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#100-december-3rd-2018 . Note that you can also build this plugin as a standalone binary and use it with your current version of Vault.