Open LiilyZhang opened 6 months ago
This is from in e2edev, for a regular user under userdev org, he can:
userdev
$ hzn sm secret add --secretKey test_secret --secretDetail "Secret-2" user/userdevreg/hw-secret-2 -u userdevreg:userdevregpw Secret "user/userdevreg/hw-secret-2" successfully added to the secrets manager $ hzn sm secret list "user/userdevreg" -u userdevreg:userdevregpw Error: Permission denied, user "userdevreg" cannot list secret "/user/userdevreg" in organization "userdev" $ hzn sm secret list "user/userdevreg/hw-secret-2" -u userdevreg:userdevregpw { "exists": true } $ hzn sm secret read "user/userdevreg/hw-secret-2" -u userdevreg:userdevregpw { "key": "test_secret", "value": "Secret-2" }
Admin user in the same org is able to list this user secret:
$ hzn sm secret list "user/userdevreg" -u userdevadmin:userdevadminpw [ "hw-secret-2" ]
Vault plugin logs from agbot:
I0123 18:54:37.875899 7 vault.go:135] Vault Plugin: listing secrets for user userdev/userdevreg in userdev I0123 18:54:37.875922 7 vault.go:217] Vault Plugin: url: http://vault:8200/v1/openhorizon/metadata/userdev/user/userdevreg I0123 18:54:37.875952 7 vault.go:679] Vault Plugin: logging in to vault as userdev/userdevreg I0123 18:54:37.912228 7 http.go:155] Vault Plugin: received HTTP code: 200 I0123 18:54:37.912332 7 vault.go:716] Vault Plugin: logged into the vault as user userdev/userdevreg I0123 18:54:37.912344 7 vault.go:226] Vault Plugin: listing secrets as user userdev/userdevreg I0123 18:54:37.913571 7 http.go:155] Vault Plugin: received HTTP code: 403 I0123 18:54:37.913625 7 vault.go:240] Vault Plugin: HTTP: 403, listing userdev secrets response: {"errors":["1 error occurred:\n\t* permission denied\n\n"]}
This is from in e2edev, for a regular user under
userdevorg, he can:Admin user in the same org is able to list this user secret:
Vault plugin logs from agbot: