I have an admin policy assigned to a github auth, and I’m able to login with it to get a token and then issue commands against our cluster. I noticed that I get different results from the same exact command, sometimes alternating to “permission denied” responses, or, I don’t get all the expected results, but just a sub set of them. I confirm that I’ve got the right policies attached to my token; I understand the path conventions and configuration of policies, and yet, still bizarre behavior. this is not inspiring a great deal of confidence… Where would I start to troubleshoot this? I’ve got several other weird, unexpected and bizarre issues as well, but I’ll start with this one, as it’s the most offensive. I’m not claiming that vault is buggy, although I think it just might be, but there’s clearly an issue somewhere, and I’m trying to determine the nature of my issue. cluster service is spun up using aws ecs, with an s3 storage engine, for our initial testing phase. server and clients are using v1.5.0
For starters… I’d ask to see:
- Cluster design/load balancers/each instance’s config file(s)
- Vault status for each node
- the “admin” policy
- Github auth method config
- Commands and results that are indicative of the suspect behavior
- Other issues you have. Seems like something else is at play.