search

kubevault / project

Enhancements & Issues for KubeVault
https://kubevault.com
Apache License 2.0
7 stars 0 forks source link

VaultPolicy creation fails due to missing keys in policy #106

Open mhamann opened 4 years ago

mhamann commented 4 years ago

According to the docs for KubeVault v0.3.0, a VaultPolicy manifest could look something like this:

apiVersion: policy.kubevault.com/v1alpha1
kind: VaultPolicy
metadata:
  name: db-pxc
spec:
  vaultRef:
    name: vault
  policy:
    path:
      pxc-secret/*:
        capabilities:
        - create
        - read
        - update
        - delete

Attempting to apply that to a cluster where KubeVault is installed yields the following validation errors:

The VaultPolicy "db-pxc" is invalid: 
* spec.policy.apiVersion: Required value: must not be empty
* spec.policy.kind: Required value: must not be empty

I don't see those fields specified in the CRD, so I don't understand why this error is being returned.

I'm testing this on Kubernetes 1.17.11.

A workaround is to use policyDocument HCL field instead of the policy object.

maximianobnymellon commented 2 years ago

having same issue, is there an update here?