Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Getting 403 error after updating to v2 of vault-action #144

Closed
vitek-urbanec opened this issue Oct 26, 2020 · 2 comments
Closed

[BUG] Getting 403 error after updating to v2 of vault-action #144

vitek-urbanec opened this issue Oct 26, 2020 · 2 comments
Labels
bug Something isn't working

Comments

@vitek-urbanec
Copy link

vitek-urbanec commented Oct 26, 2020
edited
Loading

Describe the bug
I'm updating to v2 of your nice vault-action, because the v1 is setting envvars in a way that's going to be decommissioned soon. I keep getting 403 error.

To Reproduce

          - name: secrets
            id: secrets
            uses: hashicorp/[email protected]
            with:
              tlsSkipVerify: true
              url: https://ourmightyvault.ourcompany.com
              method: approle
              roleId: ${{ secrets.VAULT_APPROLE_GITHUB_ACTIONS_ROLE_ID }}
              secretId: ${{ secrets.VAULT_APPROLE_GITHUB_ACTIONS_SECRET_ID }}
              secrets: |
                 ***

Expected behavior
Retrieving the secrets from the vault

Log Output

##[debug]Evaluating condition for step: 'secrets'
##[debug]Evaluating: success()
##[debug]Evaluating success:
##[debug]=> true
##[debug]Result: true
##[debug]Starting: secrets
##[debug]Loading inputs
##[debug]Evaluating: secrets.VAULT_APPROLE_GITHUB_ACTIONS_ROLE_ID
##[debug]Evaluating Index:
##[debug]..Evaluating secrets:
##[debug]..=> Object
##[debug]..Evaluating String:
##[debug]..=> 'VAULT_APPROLE_GITHUB_ACTIONS_ROLE_ID'
##[debug]=> '***'
##[debug]Result: '***'
##[debug]Evaluating: secrets.VAULT_APPROLE_GITHUB_ACTIONS_SECRET_ID
##[debug]Evaluating Index:
##[debug]..Evaluating secrets:
##[debug]..=> Object
##[debug]..Evaluating String:
##[debug]..=> 'VAULT_APPROLE_GITHUB_ACTIONS_SECRET_ID'
##[debug]=> '***'
##[debug]Result: '***'
##[debug]Loading env
Run hashicorp/[email protected]
  with:
    tlsSkipVerify: true
    url: https://ourmightyvault.ourcompany.com
    method: approle
    roleId: ***
    secretId: ***
    secrets: ***
  
    exportEnv: true
    exportToken: false
::group::Get Vault Secrets
Get Vault Secrets
  ##[debug]Retrieving Vault Token from v1/auth/approle/login endpoint
  ##[debug]✔ Vault Token successfully retrieved
  ::group::Token Info
Token Info
  ##[debug]Operating under policies: ["default","github_actions"]
  ##[debug]Token Metadata: {"role_name":"github_actions"}
  ::endgroup::
::endgroup::

Error: Response code 403 (Forbidden)
##[debug]Node Action run completed with exit code 1
##[debug]Finishing: secrets

Additional context
this worked fine with v1.x of the vault-action
@vitek-urbanec vitek-urbanec added the bug Something isn't working label Oct 26, 2020
@vitek-urbanec
Copy link
Author

This was actually caused by the different way of secret scope reference. Closing.

@soakes soakes mentioned this issue Oct 26, 2021
Closed
@shivangbhar
Copy link

Hi @vitek-urbanec , what do you mean by secret scope reference here?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vitek-urbanec @shivangbhar