Hi. I have the following AppRole created with approle.tf
Thereafter i use the following command to get the token
vault write auth/jenkins_app/login role_id=a13af278-ab23-8881-3229-ebb51ec8e4a9 secret_id=xxxx
Which gives me a new token.
I use this token to create subspaces under my root namespace
for ex myrootnamespace/mysubnamespace. However i keep getting the following error messages
URL: PUT https://vault-staging.tools.domain/v1/aws/credentials
Code: 403. Errors:
* 1 error occurred:
* permission denied
on ../modules/vault-bootstrap/main.tf line 99, in resource "vault_generic_secret" "aws_secret":
99: resource "vault_generic_secret" "aws_secret" {
Error: error writing to Vault: Error making API request.
URL: PUT https://vault-staging.tools.domain/v1/global/credentials
Code: 403. Errors:
* 1 error occurred:
* permission denied
on ../modules/vault-bootstrap/main.tf line 113, in resource "vault_generic_secret" "global_secret":
113: resource "vault_generic_secret" "global_secret" {
Error: error writing to Vault: Error making API request.
URL: PUT https://vault-staging.tools.domain/v1/sac_k8s_robot/credentials
Code: 403. Errors:
* 1 error occurred:
* permission denied
on ../modules/vault-bootstrap/main.tf line 126, in resource "vault_generic_secret" "robot_k8config_secret":
126: resource "vault_generic_secret" "robot_k8config_secret" {
I have pasted the information in the above gist. What permissions are needed for the approle created token to work with subnamespaces.
Kevin