-
Notifications
You must be signed in to change notification settings - Fork 466
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can't create mongodb secret-engine #1611
Comments
Actually, it gets stranger. I'm having a similar problem configuring PKI now: secrets:
- type: pki
description: Vault PKI Backend
config:
default_lease_ttl: 168h
max_lease_ttl: 720h
configuration:
config:
- name: urls
issuing_certificates: https://vault-0.secuity:8200/v1/pki/ca
crl_distribution_points: https://vault-0.security:8200/v1/pki/crl
root/generate:
- name: exported
common_name: vault.vault
create_only: true
save_to: "secret/data/pki/ca"
roles:
- name: default
allowed_domains: localhost,pod,svc,default
allow_subdomains: true
generate_lease: true
ttl: 30m And this results in: {"level":"info","msg":"adding secret engine (pki)","time":"2022-05-09T08:15:08Z"}
{"level":"error","msg":"error configuring vault: error configuring secret engines for vault: error adding secrets engines: error mounting into vault: Error making API request.\n\nURL: POST https://vault.security:8200/v1/sys/mounts\nCode: 405. Errors:\n\n* 1 error occurred:\n\t* unsupported operation\n\n","time":"2022-05-09T08:15:08Z"} But, secrets:
- path: secret
type: kv
description: General secrets.
options:
version: 2 still works fine and I can create the engine through the UI without issue |
I'm having the same issue with pki, I'd be happy if I was getting better logging |
Okay turns out I needed to add |
@dmolik Can you post an example, pls? |
one thing to note here (bumped into this as I was attempting to find out how to enable the use of VSW with the mongodb plugin) is that the |
Describe the bug:
I want to use the configurer to create a db secrets engine (MongoDB) for dynamic creds.
Expected behaviour:
I expect a db engine called "mongo" to be created with a set of roles that can be used to dynamically create creds.
Steps to reproduce the bug:
I have installed vault using the bank-vaults operator in my
security
namespace. Here's my config:I think that's a pretty normal config. When I apply it I see vault, the UI works fine and I can log in and look around, and in the UI I can see the policies and the
/secrets
kv engine have all been created properly as per the config. I see no problems in connectivity.What I do see is an error in the config pod:
At the core of which is
Unsupported Operation
. I see no other errors in any other container in any other pod. I can see that the error is coming from vault itself. I have tried the same thing without the roles to narrow down the error, but I get the same result.It might be worth noting that I can create the db with the vault cli like this:
Environment details:
/kind bug
The text was updated successfully, but these errors were encountered: