Ember Data Request GET /v1/sys/policies/acl returned a 500 Payload (application/json)

Hello all, first post to the group :slight_smile:

I inherited a vault 1.6.1 + consul cluster and Im experiencing some issues with 2 separate areas.

When i try to view the polices - i get the following error in the UI
Ember Data Request GET /v1/sys/policies/acl returned a 500 Payload (application/json) [object Object]

I get the similar error when trying to access one of our secrets
Ember Data Request GET /v1/secret/config/ returned a 500 Payload (application/json) [object Object]

When accessing via the CLI i get the same 500 error trying to list either of these 2 sections

however, I CAN access the secrets within the /secret/config/ via the UI and CLI if i specify the absolute path to the secret, as well as access other secrets in locations (i.e. secret/data secret/backup and so on)

I cannot access the policies this way, its either a 500 error above, or a 404 not found.

All of our processes are still working, automated jobs can get secrets and so on, so technically things are not “broken”. Its just the 500 errors

Any suggestions on where to start poking around?

Thanks in advance

Chris

I’d look at increasing the verbosity of the logging of the Vault service to see if you’re hitting any backend errors while hitting those endpoints.

What @jeffsanicola said, and also are you using Curl against Vault? Or you trying to pull the policies from Consul? They’re not the same thing.

Thanks Jeff - we will be turning up logging on the next maintenance window - I will post anything we learn from the logs

as for the commands:
Listing the secret/config fails:

curl -H “X-Vault-Token: XXXXXXXXXXX” -X LIST https://vault-1myhost.com:8200/v1/secret/config
{“errors”:[“internal error”]}

but accessing the contents like this works:

curl -H “X-Vault-Token: XXXXXXXXXXX” -X GET https://vault-1myhost.com:8200/v1/secret/config/my-secret

Direct CLI on the server yeilds the same results:

vault list secret/config/
Error listing secret/config/: Error making API request.

URL: GET https://vault-1.myhost.com:8200/v1/secret/config?list=true
Code: 500. Errors:

  • internal error

but reading its contents works

vault read secret/config/my-secret
Key Value


refresh_interval 8760h

the UI exhibits the same behavior as well,

if i click on “config” under secret i get the error in the subject line

Ember Data Request GET /v1/secret/config/ returned a 500 Payload (application/json) [object Object] internal error

but if i type the path directly to the my-secret it works fine.

All commands are executed against vault, all data is stored in consul.

Thanks for the guidance

Chris

What are you trying to do (and don’t say “run these commands”) What is the purpose of your commands.

You can’t LIST a config, it’s a map.

This isn’t valid either. Assuming this is a KV2, you’re missing the data path.

Again, can’t list a config.

$ curl -s -X GET -H "X-Vault-Token: $(vault print token)" https://vault/v1/secret/config | jq .{
  "request_id": "c7b8067a-3840-debd-b1b0-8a5248011e79",
  "lease_id": "",
  "renewable": false,
  "lease_duration": 0,
  "data": {
    "cas_required": false,
    "delete_version_after": "0s",
    "max_versions": 0
  },
  "wrap_info": null,
  "warnings": null,
  "auth": null
}