Hi,
I’m having a little trouble getting my user-login properly setup on my local workstation.
There are already numerous policies defined in our vault and I have full root access to one of the vault instances that also has full permissions to the whole vault.
There is a admin-policy which contains among others the following:
# List existing policies
path "sys/policy" {
capabilities = ["read", "list"]
}
# Create and manage ACL policies broadly across Vault
path "sys/policy/*" {
capabilities = ["create", "read", "update", "delete", "list", "sudo"]
}
And my user has that policy assigned, it shows up in both token_policies and policies after doing a local vault login.
However, I am unable to properly interact with the policies facility:
> vault policy list
Error listing policies: Error making API request.
URL: GET https://my.fancy.vault:8200/v1/sys/policies/acl?list=true
Code: 403. Errors:
* 1 error occurred:
* permission denied
What confuses me most is that plain listing of that path works perfectly fine:
> vault list sys/policy
Keys
----
admin-policy
[...]
default
[...]
root
Please advise on how to further debug/resolve that.