You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm setting up a Vault on GCE demo and granted the permissions at https://www.vaultproject.io/docs/auth/gcp.html#required-permissions to client and server but it seems when authenticating from a GCE instance (using vault agent fwiw) the Vault node needs to do a compute.instances.get request, which isn't listed anywhere in the docs. Am I missing something or was this an update that hasn't yet been reflected in the docs?
May 23 04:30:10 vault-demo vault[785]: 2019-05-23T04:30:10.673Z [ERROR] auth.handler: error authenticating: error="Error making API request.
May 23 04:30:10 vault-demo vault[785]: URL: PUT https://10.127.13.37:8200/v1/auth/gcp/login
May 23 04:30:10 vault-demo vault[785]: Code: 400. Errors:
May 23 04:30:10 vault-demo vault[785]: * error when attempting to find instance (project rcanty-project-0119, zone: us-east4-a, instance: vault-demo) :unable to find instance associated with token: googleapi: Error 403: Required 'compute.instances.get' permission for 'projects/rcanty-project-0119/zones/us-east4-a/instances/vault-demo', forbidden" backoff=2.733056585
Ah, we just didn't document this properly. We call instance.get to make sure it's still running and a valid instance, and to get things like labels to confirm against the role. I'll update the docs.
I'm setting up a Vault on GCE demo and granted the permissions at https://www.vaultproject.io/docs/auth/gcp.html#required-permissions to client and server but it seems when authenticating from a GCE instance (using
vault agent
fwiw) the Vault node needs to do acompute.instances.get
request, which isn't listed anywhere in the docs. Am I missing something or was this an update that hasn't yet been reflected in the docs?Vault Version (both client and server)
The text was updated successfully, but these errors were encountered: