You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
Unable to update an approle after creation on auth/approle/role/:role-name endpoint
VaultSharp Version
1.13.0.1
Vault Version
1.15.0
Does this work with Vault CLI?
Yes
Sample Code Snippet
// Works when it does not exists
vaultClient.V1.Auth.AppRole.WriteRoleAsync("my-role",new AppRoleRoleModel
{TokenPolicies=newList<string>{policy},BindSecretId=false,TokenTimeToLive=30,TokenMaximumTimeToLive=30,TokenBoundCIDRs=newList<string>{"127.0.0.1/32"},}).Wait();// Does not work after it's created
vaultClient.V1.Auth.AppRole.WriteRoleAsync("my-role",new AppRoleRoleModel
{TokenPolicies=newList<string>{policy},BindSecretId=false,TokenTimeToLive=30,TokenMaximumTimeToLive=30,TokenBoundCIDRs=newList<string>{"127.0.0.1/32"},}).Wait();
Exception Details/Stack Trace/Error Message
Unhandled exception. System.AggregateException: One or more errors occurred. ({"errors":["local_secret_ids can only be modified during role creation"]}
)
---> VaultSharp.Core.VaultApiException: {"errors":["local_secret_ids can only be modified during role creation"]}
at VaultSharp.Core.Polymath.MakeRequestAsync[TResponse](String resourcePath, HttpMethod httpMethod, Object requestData, IDictionary`2 headers, Boolean rawResponse, Action`1 postResponseAction)
at VaultSharp.Core.Polymath.MakeVaultApiRequest[TResponse](String resourcePath, HttpMethod httpMethod, Object requestData, Boolean rawResponse, Action`1 postResponseAction, String wrapTimeToLive, Boolean unauthenticated)
at VaultSharp.Core.Polymath.MakeVaultApiRequest(String resourcePath, HttpMethod httpMethod, Object requestData, Boolean rawResponse, Boolean unauthenticated)
at VaultSharp.V1.AuthMethods.AppRole.AppRoleAuthMethodProvider.WriteRoleAsync(String roleName, AppRoleRoleModel appRoleRoleModel, String mountPoint)
--- End of inner exception stack trace ---
at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken)
at System.Threading.Tasks.Task.Wait()
at Project.AppRoleManagerHandler.ConfigureAppRoleWithPolicy(IVaultClient vaultClient, String policy, String appRoleName, List`1 ipFilter, String appRoleIdDirectoryPath, String envVariableName, Action`1 options) in C:\Project\AppRoleManagerHandler.cs:line 36
at System.Threading.Tasks.Task.<>c.<ThrowAsync>b__128_1(Object state)
at System.Threading.QueueUserWorkItemCallbackDefaultContext.Execute()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading.PortableThreadPool.WorkerThread.WorkerThreadStart()
at System.Threading.Thread.StartCallback()
A possible solution could be to have a UpdateAppRoleModel and CreateAppRoleModel where the CreateAppRoleModel could inherit UpdateAppRoleModel and define the property local_secret_ids.
I know that there are API endpoints to update certain parts of the role but I want to give it my full role definition when to modify everything in one request instead of doing many small ones.
The text was updated successfully, but these errors were encountered:
Describe the bug
Unable to update an approle after creation on
auth/approle/role/:role-nameendpointVaultSharp Version
1.13.0.1
Vault Version
1.15.0
Does this work with Vault CLI?
Yes
Sample Code Snippet
Exception Details/Stack Trace/Error Message
Any additional info
As far as I can see, the AppRole API does not expect a
local_secret_idsproperty when updating a role. https://developer.hashicorp.com/vault/api-docs/v1.14.x/auth/approle#create-update-approle.A possible solution could be to have a
UpdateAppRoleModelandCreateAppRoleModelwhere theCreateAppRoleModelcould inheritUpdateAppRoleModeland define the propertylocal_secret_ids.I know that there are API endpoints to update certain parts of the role but I want to give it my full role definition when to modify everything in one request instead of doing many small ones.
The text was updated successfully, but these errors were encountered: