Closed lagrianitis closed 7 years ago
You get this permission denied error because of your policy. Specifically
path "secret/" {
policy = "write"
}
needs a * added to it to allow recursive lookups for nested directories (ie secret/somedir/somesecret):
path "secret/*" {
policy = "write"
}
Without the wildcard you can list secret/ fine using the cli, but secret/somedir/foo gets permission denied. Adding the wildcard allows the app (as well as the cli) do the lookups it needs on each folder.
The app needs to handle this better and just not display these paths on that page instead of the current error page. I'll work on getting that fixed.
Let me know if that policy change fixes things for you.
I updated the code to handle these exceptions for secrets in 92c016695779e824d98f02ab121f948187d72d0c and everything else in 8e78e4f64263e426f677c9f8b8cc85d5c8d143b7
I'm going to close this for now, If you still have issues feel free to re-open this.
Hello I am using vault 0.6.2 with ldap authentication. I am stuck in the following bug/error:
Vault Policy:
vault policies secret
vault auth -method=ldap username=testuser
In Vault-ui I am able to authenticate using my ldap credentials:
I can also get the policies :
Any other option will give me a permission denied with similar uwsgi exception (ie secrets:):
because of it nginx is giving a 502 bad gateway.
I can access secrets normally with my ldap user using the vault cli.
Any pointers or help would be appreciated.