Writing to an OIDC Identity Token role with a template containing nested JSON objects causes an error: unbalanced templating characters. Vault thinks the }} in the template is a malformed template variable.
Error writing data to identity/oidc/role/my-test-service: Error making API request.
URL: PUT https://myvaultinstance.com/v1/identity/oidc/role/my-test-service
Code: 400. Errors:
* error parsing template: unbalanced templating characters
To Reproduce
Write to an oidc role with a json template that contains }} a part of a nested object:
vault write identity/oidc/role/my-test-service \
client_id="test" \
key="test" \
ttl="14400" \
template="{\"name\":\"my-test-service\",\"notifications\":{\"topics\":[\"test-topic\"]}}"
base 64 encoding has the same issue:
vault write identity/oidc/role/my-test-service \
client_id="test" \
key="test" \
ttl="14400" \
template="eyJuYW1lIjoibXktdGVzdC1zZXJ2aWNlIiwibm90aWZpY2F0aW9ucyI6eyJ0b3BpY3MiOlsidGVzdC10b3BpYyJdfX0K"
As a workaround, I’ve saved the role with the template with a space in between the curly braces. This works but is an unfortunate workaround.
template="{\"name\":\"my-test-service\",\"notifications\":{\"topics\":[\"test-topic\"]} }"
This is using Vault 1.17.5
Any suggestions to resolve/escape the } characters? Or is this a bug in Vault?