policies on role '%s' have changed, cannot renew

[igouss]

Hi, I got this exception, I'm not sure what to-do about this. How can I handle this token renewal error?

ApplicationEventListener ERROR --- vault authenticationEvent=LoginToken [renewable=true, leaseDuration=PT1H30M] 
org.springframework.web.client.HttpClientErrorException$BadRequest: 400 Bad Request: [{"errors":["policies on role '%s' have changed, cannot renew"]}
]
    at org.springframework.web.client.HttpClientErrorException.create(HttpClientErrorException.java:101)
    at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:186)
    at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:125)
    at org.springframework.web.client.ResponseErrorHandler.handleError(ResponseErrorHandler.java:63)
    at org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:819)
    at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:777)
    at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:711)
    at org.springframework.web.client.RestTemplate.postForObject(RestTemplate.java:437)
    at org.springframework.vault.authentication.LifecycleAwareSessionManager.doRenew(LifecycleAwareSessionManager.java:231)
    at org.springframework.vault.authentication.LifecycleAwareSessionManager.renewToken(LifecycleAwareSessionManager.java:206)
    ... 9 common frames omitted
Wrapped by: org.springframework.vault.authentication.VaultTokenRenewalException: Cannot renew token: Status 400 Bad Request policies on role '%s' have changed, cannot renew; nested exception is org.springframework.web.client.HttpClientErrorException$BadRequest: 400 Bad Request: [{"errors":["policies on role '%s' have changed, cannot renew"]}
]
    at org.springframework.vault.authentication.LifecycleAwareSessionManager.renewToken(LifecycleAwareSessionManager.java:210)
    at org.springframework.vault.authentication.LifecycleAwareSessionManager.lambda$scheduleRenewal$2(LifecycleAwareSessionManager.java:341)
    at org.springframework.scheduling.support.DelegatingErrorHandlingRunnable.run(DelegatingErrorHandlingRunnable.java:54)
    at org.springframework.scheduling.concurrent.ReschedulingRunnable.run(ReschedulingRunnable.java:95)
    at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
    at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
    at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
    at java.base/java.lang.Thread.run(Thread.java:829)

[mp911de]

The renewal has failed because the underlying policies for the Vault role have changed. The error message policies on role '%s' have changed, cannot renew comes from Vault. In our LifecycleAwareSessionManager, the token is dropped and no longer renewed. Upon the next Vault interaction, your application should re-login and things should work as previously.