Hi,
I am trying to integrate consul with keycloak and use jwt tokens to write to KV store.
I created auth-method as follows:
{
"Name": "keycloak",
"Type": "jwt",
"Description": "keycloak auth server",
"Config": {
"BoundAudiences": [
"broker",
"account"
],
"JWKSURL": "https://keycloack/auth/realms/matrix/protocol/openid-connect/certs",
"ClaimMappings": {
"given_name": "first_name",
"family_name": "last_name",
"azp": "azp",
"matrix_role": "matrix_role"
},
"ListClaimMappings": {
"groups": "groups"
}
}
}
Also created binding:
{
"Description": "my-api binding",
"AuthMethod": "keycloak",
"Selector": "value.name!=vault",
"BindType": "role",
"BindName": "matrix-apis-test"
}
Created a matrix-apis-test role and policy
{
"key_prefix": {
"": {
"policy": "read"
},
"matrix-api/": {
"policy": "write"
},
"foo/private/": {
"policy": "deny"
}
},
"key": {
"foo/bar/secret": {
"policy": "deny"
}
}
}
When trying to write to matrix-api/registry/test
[ERROR] agent.http: Request error: method=PUT url=/v1/kv/matrix-api/registry/test?dc=dc-1&flags=3304740253564472344 error="ACL not found"
Am I missing something?
I am running latest 1.8.3 version with acl enabled