Cannot update existing AppRole

Rukenshia · June 17, 2020, 1:25pm

Hello there,

we’re trying to restrict our existing AppRoles so that they can only be used by certain CIDRs. Looking at the API docs at https://www.vaultproject.io/api-docs/auth/approle, it should be possible by writing to /auth/approle/role/:role_name/token-bound-cidrs.

When trying this using

vault write /auth/approle/role/my-role/token-bound-cidrs token_bound_cidrs=my-cidr

vault returns a 500 with the error message “role_id already in use”.

Our current vault version is 1.2.2. The documentation didn’t mention that this should not be possible, so I’m wondering whether this is the intended behavior (especially because a 500 error is returned).

Cheers,

Jan

jubinjacobthomas · July 20, 2023, 10:08am

@Rukenshia Were you able to fix this issue ?

maxb · July 20, 2023, 10:27am

If you have a problem, I’d strongly encourage starting a new topic and describing your own issue, rather than continuing a 3 year old topic mentioning a very old Vault version.

Rukenshia1 · July 20, 2023, 12:34pm

Hi,

we ended up recreating all the required AppRoles, so no, we didn’t find a solution if I remember correctly

jubinjacobthomas · July 20, 2023, 12:47pm

Thank you for the response