Code: 500 * "my-role" is not an allowed role

rajssgit · June 30, 2020, 3:31am

Hi.

I am testing Oracle plugin using vault-plugin-database-oracle , as per documentation https://www.vaultproject.io/docs/secrets/databases/oracle I have followed all the steps till role creation and it is failing when try to generate Dynamic Credentials

vault --version Vault v1.2.3

I am getting below error

vault read database/roles/my-role
Key Value

creation_statements [CREATE USER user_c IDENTIFIED BY user_c; GRANT CONNECT TO user_c; GRANT CREATE SESSION TO user_c;]
db_name my-oracle-database
default_ttl 10h
max_ttl 24h
renew_statements
revocation_statements
rollback_statements

Failing at the below step

vault read database/creds/my-role
Error reading database/creds/my-role: Error making API request.

URL: GET http://127.0.0.1:8200/v1/database/creds/my-role
Code: 500. Errors:

1 error occurred:
- “my-role” is not an allowed role

Please advise

rajssgit · June 30, 2020, 3:37am

Any suggestion on documentation/architecture of how vault metadata interacts with database will be helpful.?

mikegreen · June 30, 2020, 7:57pm

Double check the vault write database/config - are you setting:
allowed_roles=“my-role”

rajssgit · June 30, 2020, 10:26pm

Thanks much Mike, I was able to get through the issue.

Topic		Replies	Views
Unable to generate database credentials, Error "role used to generate credentials is not an allowed role" Vault hcp-terraform , vault	1	807	September 7, 2022
Error: Configuring Oracle Vault DB Plugin Vault	10	2479	October 13, 2022
"role" for read-only database Vault	0	423	November 30, 2022
Vault provider doesn't support static-roles for PostgreSQL Terraform Providers	2	590	November 28, 2019
Error: Oracle DB Plugin Install Vault	0	575	November 10, 2020

Code: 500 * "my-role" is not an allowed role

Failing at the below step

Related topics