You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
When you have an approle with default token type and token_num_uses>0 and you want to change it to a batch token (which implies token_num_uses=0) the update fails when done in a single requset
To Reproduce
$ vault write auth/approle/role/rolename bind_secret_id=false secret_id_bound_cidrs=10.90.28.0/22 secret_id_num_uses=0 secret_id_ttl=10m token_policies=policy token_ttl=5m token_max_ttl=10m token_num_uses=2 token_type=default
Success! Data written to: auth/approle/role/rolename
$ vault write auth/approle/role/rolename bind_secret_id=false secret_id_bound_cidrs=10.90.28.0/22 secret_id_num_uses=0 secret_id_ttl=10m token_policies=policy token_ttl=5m token_max_ttl=10m token_num_uses=0 token_type=batch
Code: 400. Errors:
* 'token_type' cannot be 'batch' or 'default_batch' when set to generate tokens with limited use count
The workaround is to update the approle first to token_num_uses=0 and default token_type and then change the token type (or delete and recreate which cycles the roleid)
Expected behavior
The change can be done in one call instead of two.
Environment:
Vault Server Version: 1.6.3
Vault CLI Version: 1.6.3
Server Operating System/Architecture: debian buster
The text was updated successfully, but these errors were encountered:
Describe the bug
When you have an approle with default token type and token_num_uses>0 and you want to change it to a batch token (which implies token_num_uses=0) the update fails when done in a single requset
To Reproduce
The workaround is to update the approle first to token_num_uses=0 and default token_type and then change the token type (or delete and recreate which cycles the roleid)
Expected behavior
The change can be done in one call instead of two.
Environment:
The text was updated successfully, but these errors were encountered: