Cannot update existing AppRole

Rukenshia · June 17, 2020, 1:25pm

Hello there,

we’re trying to restrict our existing AppRoles so that they can only be used by certain CIDRs. Looking at the API docs at https://www.vaultproject.io/api-docs/auth/approle, it should be possible by writing to /auth/approle/role/:role_name/token-bound-cidrs.

When trying this using

vault write /auth/approle/role/my-role/token-bound-cidrs token_bound_cidrs=my-cidr

vault returns a 500 with the error message “role_id already in use”.

Our current vault version is 1.2.2. The documentation didn’t mention that this should not be possible, so I’m wondering whether this is the intended behavior (especially because a 500 error is returned).

Cheers,

Jan

jubinjacobthomas · July 20, 2023, 10:08am

@Rukenshia Were you able to fix this issue ?

maxb · July 20, 2023, 10:27am

If you have a problem, I’d strongly encourage starting a new topic and describing your own issue, rather than continuing a 3 year old topic mentioning a very old Vault version.

Rukenshia1 · July 20, 2023, 12:34pm

Hi,

we ended up recreating all the required AppRoles, so no, we didn’t find a solution if I remember correctly

jubinjacobthomas · July 20, 2023, 12:47pm

Thank you for the response

Topic		Replies	Views
Unable to update existing approle Vault	4	354	July 20, 2023
Update an approle Vault	4	3655	March 24, 2022
How to set up a periodic token with unlimited renewal Vault	6	4343	September 10, 2020
Question about approle constraints Vault vault	2	296	February 2, 2023
What does it mean if I'm unable to "Read Approle"? Vault	0	297	October 20, 2020

Cannot update existing AppRole

Related topics