Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Test example-app kv put secret helloworld error #200

Open
erivandosena opened this issue Apr 7, 2023 · 1 comment
Open

Test example-app kv put secret helloworld error #200

erivandosena opened this issue Apr 7, 2023 · 1 comment

Comments

@erivandosena
Copy link

erivandosena commented Apr 7, 2023

Once the pod is ready, the secret is injected into the pod at the following location:

kubectl -n example-app exec basic-secret-db4ddc86b-zpnsh -- sh -c "cat /vault/secrets/helloworld"

error:
cat: can't open '/vault/secrets/helloworld': No such file or directory
command terminated with exit code 1

LOG:
1/4/22024295247 ==> Vault agent started! Log data will stream in below:
1/4/22024398495
1/4/22024414645 ==> Vault agent configuration:
1/4/22024443986
1/4/22024455525 Cgo: disabled
1/4/22024469960 Log Level: info
1/4/22024675330 2023-04-07T16:13:56.023Z [INFO] sink.file: creating file sink
1/4/22024694224 Version: Vault v1.12.1, built 2022-10-27T12:32:05Z
1/4/22024728631 Version Sha: e34f8a14fb7a88af4640b09f3ddbb5646b946d9c
1/4/22024755294
1/4/22024697872 2023-04-07T16:13:56.023Z [INFO] sink.file: file sink configured: path=/home/vault/.vault-token mode=-rw-r-----
1/4/22025261478 2023-04-07T16:13:56.025Z [INFO] auth.handler: starting auth handler
1/4/22025298705 2023-04-07T16:13:56.025Z [INFO] auth.handler: authenticating
1/4/22025811413 2023-04-07T16:13:56.025Z [INFO] sink.server: starting sink server
1/4/22029323107 2023-04-07T16:13:56.029Z [INFO] template.server: starting template server
1/4/22029517175 2023-04-07T16:13:56.029Z [INFO] (runner) creating new runner (dry: false, once: false)
1/4/22031638351 2023-04-07T16:13:56.031Z [INFO] (runner) creating watcher
1/4/22198868986 2023-04-07T16:13:56.198Z [INFO] auth.handler: authentication successful, sending token to sinks
1/4/22198911578 2023-04-07T16:13:56.198Z [INFO] auth.handler: starting renewal process
1/4/22198991707 2023-04-07T16:13:56.198Z [INFO] template.server: template server received new token
1/4/22199006713 2023-04-07T16:13:56.198Z [INFO] sink.file: token written: path=/home/vault/.vault-token
1/4/22199015510 2023-04-07T16:13:56.198Z [INFO] (runner) stopping
1/4/22199033551 2023-04-07T16:13:56.198Z [INFO] (runner) creating new runner (dry: false, once: false)
1/4/22199196060 2023-04-07T16:13:56.198Z [INFO] sink.server: sink server stopped
1/4/22199215216 2023-04-07T16:13:56.199Z [INFO] sinks finished, exiting
1/4/22199292162 2023-04-07T16:13:56.199Z [INFO] (runner) creating watcher
1/4/22199523179 2023-04-07T16:13:56.199Z [INFO] (runner) starting
1/4/22249444615 2023-04-07T16:13:56.249Z [INFO] auth.handler: renewed auth token
1/4/22348536721 2023-04-07T16:13:59.348Z [WARN] vault.read(secret/basic-secret/helloworld): failed to check if secret/basic-secret/helloworld is KVv2, assume not: Error making API request.
1/4/22348590024
1/4/22348609166 URL: GET http://vault.vault.svc:8200/v1/sys/internal/ui/mounts/secret/basic-secret/helloworld
1/4/22348624994 Code: 403. Errors:
1/4/22348639080
1/4/22348656473 * preflight capability check returned 403, please ensure client's policies grant access to path "secret/basic-secret/helloworld/"
1/4/22351554521 2023-04-07T16:13:59.351Z [WARN] (view) vault.read(secret/basic-secret/helloworld): vault.read(secret/basic-secret/helloworld): Error making API request.
1/4/22351590552
1/4/22351608274 URL: GET http://vault.vault.svc:8200/v1/secret/basic-secret/helloworld
1/4/22351617795 Code: 403. Errors:
1/4/22351624826
1/4/22351632320 * 1 error occurred:
1/4/22351677704 * permission denied

@shkpk
Copy link

shkpk commented Apr 9, 2023

1/4/22348656473 * preflight capability check returned 403, please ensure client's policies grant access to path "secret/basic-secret/helloworld/"

most probably policy is not created correctly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants