Problem with setting role grants

simonfrey · December 17, 2020, 3:02pm

I try to connect to a target with following command:

boundary connect -target-id ttcp_YrLzMjBym4 -listen-port 9200

When I add a grant to my role like following it works (obviously, as it is a wildcard):

id=*;type=*;actions=authorize-session

when trying to narrow the scope down to only that certain target I can not connect anymore:

id=ttcp_YrLzMjBym4;type=*;actions=authorize-session

Error output with the second grant configuration:

Error from controller when performing authorize-session against target: 
Error information:
  Code:
  Message:             Forbidden
  Status:              403

jeff · December 18, 2020, 5:57pm

This is https://github.com/hashicorp/boundary/pull/839 which will be fixed in the shortly-upcoming 0.1.3. Sorry about that!

simonfrey · December 21, 2020, 10:13am

Thanks for the info! When will 0.1.3 be available in the ubuntu repos? I see it is released on the github page, but neither the ubuntu repo nor the HC download page points to it yet.

ywyt738 · December 28, 2020, 8:18am

On 0.1.3 It doesn’t work.

jorhett · December 28, 2020, 7:31pm

Did you recreate it? On 0.1.2 it would have lowercased the grant thus causing it to (still) not match. Remove the grant and add it again if you haven’t already.

ywyt738 · December 29, 2020, 5:35am

Thanks. I recreated the role. It’s ok.

Topic		Replies	Views
Message Forbidden 403 to target host with roles administraotr Boundary	14	2170	October 27, 2020
Giving access to newly creating users Boundary	2	715	October 17, 2020
Authorize session to a single target not working Boundary	14	2929	November 19, 2020
Question about Role/Grant on HCP Boundary Boundary	10	435	April 26, 2023
Role Permissions Boundary	3	161	April 22, 2024

Problem with setting role grants

Related topics