我正在将Hashicorp保管库与Jenkins集成在一起,并尝试使用承担角色来生成动态机密,但得到权限被拒绝的错误。
我遵循了以下步骤来创建策略和詹金斯代码,但没有帮助。
https://learn.hashicorp.com/vault/identity-access-management/iam-authentication
https://github.com/jenkinsci/hashicorp-vault-plugin
我不确定应该定义什么库策略。
path "auth/approle/login" capabilities = [ "create", "read" ]
path "secret/aws*" capabilities = ["create", "read", "update", "delete", "list", "sudo"]
> Caused: com.datapipe.jenkins.vault.exception.VaultPluginException:
> could not read from vault: Vault responded with HTTP status code: 403
> Response body: {"errors":["1 error occurred:\n\t* permission
> denied\n\n"]} at path: aws/sts/VaultTFE-Sandbox
请帮助!!!
答案 0 :(得分:0)
问题是错误消息中提到了
位于路径:aws / sts / VaultTFE-Sandbox
但是您的政策中提到了
react-native eject
react-native link
应该将其更改为
path "secret/aws*"