Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AWS auth backend docs for policies, array vs string #3347

Closed
jhmartin opened this issue Sep 18, 2017 · 3 comments
Closed

AWS auth backend docs for policies, array vs string #3347

jhmartin opened this issue Sep 18, 2017 · 3 comments
Milestone
0.9.1

Comments

@jhmartin
Copy link
Contributor

jhmartin commented Sep 18, 2017
edited

The documentation for the policies block of a AWS auth role definition shows an array but only accepts a string.

Environment:

  • Vault Version: Vault v0.8.2 ('9afe7330e06e486ee326621624f2077d88bc9511')
  • Operating System/Architecture: Linux e1be6d98e302 4.9.31-moby Initial Website Import #1 SMP Sat Jun 24 06:29:23 UTC 2017 x86_64 Linux (docker)

Expected Behavior:
AWS auth role created

Actual Behavior:
Role failed due to incorrect datatype:

{"errors":["Error converting input [default dev] for field policies: '' expected type 'string', got unconvertible type '[]interface {}'"]}

Steps to Reproduce:
Mount the AWS authentcation backend.
Create a role in form:

{
  "bound_iam_principal_arn" : "arn:aws:iam::x:role/x",  
   "role_tag": "",
  "policies": ["default", "dev"],
  "max_ttl": 1800000
}

Attempt to load it:

curl -kvis https://localhost:8200/v1/auth/aws/role/testrole -H "X-Vault-Token: $ROOTTOKEN" -XPOST -d @/tmp/b

Request fails.

Retry with policies as a string:

{
  "bound_iam_principal_arn" : "arn:aws:iam::x:role/x",  
  "role_tag": "",
  "policies": "default,dev",
  "max_ttl": 1800000
}

returns a complaint about the number binds.

References:
https://www.vaultproject.io/api/auth/aws/index.html#sample-payload-5 shows the policies an array.
@jhmartin jhmartin changed the title AWS backend docs for policies, array vs string AWS auth backend docs for policies, array vs string Sep 18, 2017
@jefferai
Copy link
Member

This should be fixed in the upcoming 0.8.3.

@taemon1337
Copy link

taemon1337 commented Sep 20, 2017
edited

This same issue is also present in the '/auth/token/roles/:role_name' endpoint with at least the 'allowed_policies' field.

I have not checked any other fields but the api docs state the field is a List [], but it fails stating its expecting a 'string', same as this issue.

Also, the documentation for the same endpoint says the 'period' field should be a 'string' but the call fails because its trying to parse an integer:
[ERR] core: failed to run existence check: Error converting input for field period: strconv.ParseInt: parsing "": invalid syntax

Also, the 'explicit_max_ttl' field...
[ERR] core: failed to run existence check: Error converting input for field explicit_max_ttl: strconv.ParseInt: parsing "": invalid syntax

@jefferai jefferai added this to the 0.9.1 milestone Dec 2, 2017
@jefferai
Copy link
Member

jefferai commented Dec 2, 2017

@taemon1337 we will address that in 0.9.1.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.9.1
Development

No branches or pull requests
3 participants
@jefferai @jhmartin @taemon1337