Here’s my HCP Vault Namespace structure:
admin/
- terraform-modules-global/
Here, I want to create a child namespace of the parent namespace using the Vault Admin Token.
admin/
- terraform-modules-global/
- global/
But I get the following error:
Error: error writing to Vault: Error making API request. Namespace: terraform-modules-global/terraform-modules URL: PUT https://HCP_VAULT_URL:8200/v1/sys/namespaces/global Code: 403. Errors: * 1 error occurred: * permission denied ```
I am trying this through Terraform Cloud.
data "tfe_outputs" "hcp-vault" {
organization = "nftbank"
workspace = "hcp-vault-global"
}
provider "vault" {
address = data.tfe_outputs.hcp-vault.values.vault_public_endpoint
token = data.tfe_outputs.hcp-vault.values.vault_admin_token # This was created via the hcp_vault_cluster_admin_token resource.
}
locals {
terraform-modules = {
environments = [
"global",
]
}
}
resource "vault_namespace" "terraform-modules" {
path = "terraform-modules"
}
# Try option 1
resource "vault_namespace" "terraform-modules" {
for_each = toset(local.terraform-modules.environments)
path = "terraform-modules-${each.value}"
namespace = "terraform-modules"
}
# Try option 2
provider "vault" {
address = data.tfe_outputs.hcp-vault.values.vault_public_endpoint
token = data.tfe_outputs.hcp-vault.values.vault_admin_token # This was created via the hcp_vault_cluster_admin_token resource.
namespace = "terraform-modules"
alias = "terraform-modules"
}
resource "vault_namespace" "terraform-modules" {
for_each = toset(local.terraform-modules.environments)
path = "terraform-modules-${each.value}"
provider = vault.terraform-modeuls
}
Both options fail. terraform-modules namespace is created normally, but child namespaces are not created.