-
Notifications
You must be signed in to change notification settings - Fork 140
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] Response code 400 (Bad Request) when using approle auth #235
Comments
Hey @adamtharani. Are you sure, your |
Hey @steveteuber, yes I had just generated everything at the time of setup, I also did confirm by manually making an HTTP request with the same credentials and got a token back |
I think its more of an issue with the policy associated with the approle you created. I was getting the same error when the policy was not right. |
Hi @nivedita-p I can confirm I can pull out the secrets by manually loggin in with the approle info or even by using Is there away to enable debugging on this module as I couldn't find anything in the logs which is helpful. What prilivages do I need to work with your action? The following are my polices. Default policy
cert-admin policy
Can you spot anything I am missing? GHA workflow snippet
Personal notes on creating approle Create approle for dnsrobocert and assign policies
Replace dynamic secret with static for approle push (needed for GHA)
Create roleid file
Data entered via CLI
I am switching over, or trying to from using Thanks in advance. Kind Regards, Simon Update:Iv'e recreated the roleid using the info I supplied above, whats strange is, im getting a bit further. I have also found that you can enable debugging on the runners, which I wanst aware of which shows the following info now. Much better :) So I still think its a permissions issue like you said, but idk what I am missing? can anyone enlighten me? Many thanks Final UpdateThis has been resolved. The solution I have posted #271 (comment) for completeness. |
I am experiencing the same issue with v2.4.2. If I use clear-text strings for roleId and secretId authentication works, but if I use ${{secrets.ROLE_ID_TEST}} I get a 400 error. I have verified that the values stored in GitHub Secrets are 100% correct with no extraneous whitespace or quotes, etc. Below is an excerpt from my workflow file
Here is my debug log from the get-secrets step in the workflow
And the debug log from the get-secrets-backup
|
Describe the bug
When trying to use the approle method to authenticate vault, the action breaks with a
Response code 400 (Bad Request)
To Reproduce
Expected behavior
The action to return my secrets.
Log Output
Error: Response code 400 (Bad Request)
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: