Amazon web services 访问vault Approvle的角色id时出现权限被拒绝错误
我正在尝试使用terraform为jenkins创建一个访问vault的通道。我已将策略添加到角色中。但是,当我试图检索角色id和secretid以将角色作为凭据传递给jenkins时,它会给我错误信息。代码如下: #创建应用程序角色Amazon web services 访问vault Approvle的角色id时出现权限被拒绝错误,amazon-web-services,jenkins,terraform,hashicorp-vault,Amazon Web Services,Jenkins,Terraform,Hashicorp Vault,我正在尝试使用terraform为jenkins创建一个访问vault的通道。我已将策略添加到角色中。但是,当我试图检索角色id和secretid以将角色作为凭据传递给jenkins时,它会给我错误信息。代码如下: #创建应用程序角色 resource "vault_approle_auth_backend_role" "app-proj-jenkins-readonly" { backend = "appro
resource "vault_approle_auth_backend_role" "app-proj-jenkins-readonly" {
backend = "approle"
role_name = "app-proj-jenkins-readonly"
token_period = 1800 // 30 Minutes
secret_id_num_uses = 0
token_policies = [
vault_policy.app-proj-jenkins-readonly.name,
]
token_bound_cidrs = local.*******_jenkins_bound_cidr_list
}
policy for the role:
# Role needs Read and List so it can get the role-id
path "auth/approle/role/app-proj-jenkins-readonly/*" {
capabilities = ["create", "read", "update", "list", "sudo"]
}
When I am trying to access the role-id through vault cli through below cmds:
vault read auth/approle/role/app-proj-jenkins-readonly/*/role-id
Error reading from: [object Object].
URL: /v1/%5Bobject%20Object%5D
Code: 403
Errors:
1 error occurred:
* permission denied
vault read auth/approle/role/app-proj-jenkins-readonly/role-id
Error reading from: auth/approle/role/app-proj-jenkins-readonly/role-id.
URL: /v1/auth/approle/role/app-proj-jenkins-readonly/role-id
Code: 403
Errors:
1 error occurred:
* permission denied
@gic186你能帮忙吗??