时间戳

首页 > 解决方案 > 拒绝 root 在 Vault 中查找令牌的权限

hashicorp-vault - 拒绝 root 在 Vault 中查找令牌的权限

问题描述

我使用根令牌登录到保管库。

我试着

$ vault token lookup

但我不断得到

Error looking up token: Error making API request.

URL: GET https://106.120.137.192:8200/v1/auth/token/lookup-self
Code: 403. Errors:

* permission denied

我有跟踪级别的保管库日志,但没有相关事件。

我启用了审核日志以查看发生了什么,但它们没有给我任何提示。


[
  {
    "time": "2021-10-21T15:34:17.647568529Z",
    "type": "request",
    "auth": {
      "token_type": "default"
    },
    "request": {
      "id": "1d5d7f5f-94ca-e281-c0b2-5ffbceccb0dc",t
      "operation": "read",
      "mount_type": "token",
      "client_token": "hmac-sha256:75f6fc0b19c105af0f2c27fd180742eef282c38d346fc732771bfaa2d1ce2ea6",
      "namespace": {
        "id": "root"
      },
      "path": "auth/token/lookup-self",
      "remote_address": "172.18.0.1"
    },
    "error": "permission denied"
  },
  {
    "time": "2021-10-21T15:34:17.647692649Z",
    "type": "response",
    "auth": {
      "token_type": "default"
    },
    "request": {
      "id": "1d5d7f5f-94ca-e281-c0b2-5ffbceccb0dc",
      "operation": "read",
      "mount_type": "token",
      "client_token": "hmac-sha256:75f6fc0b19c105af0f2c27fd180742eef282c38d346fc732771bfaa2d1ce2ea6",
      "namespace": {
        "id": "root"
      },
      "path": "auth/token/lookup-self",
      "remote_address": "172.18.0.1"
    },
    "response": {
      "mount_type": "token",
      "data": {
        "error": "hmac-sha256:9493ed1bac12e9a7fae0e03c488dd1d5f46bcc33ea36ee2c1e5ca92acd683c81"
      }
    },
    "error": "1 error occurred:\n\t* permission denied\n\n"
  }
]

我还可以做些什么?

我正在运行 Vault 1.7.0

标签: hashicorp-vault

解决方案

好的。我发现当我在 localhost 上运行相同的命令时,问题不会发生,即针对 Vault 的本地实例。

推荐阅读