You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
It is possible for a single entity to end up with multiple entity aliases of the same name and mount. However, this is not allowed when trying to create an entity alias. The following error message is returned if aliases with the same name for the same mount are attempted:
Error writing data to identity/entity-alias: Error making API request.
URL: PUT http://127.0.0.1:8200/v1/identity/entity-alias
Code: 500. Errors:
* 1 error occurred:
* duplicate identity name
To Reproduce
Steps to reproduce the behavior:
Start vault server -dev -dev-root-token-id=root in a separate terminal.
Run vault auth enable userpass
Run vault write auth/userpass/users/bsmith password="training" policies="team-qa"
Run vault login -method=userpass username=bsmith password=training
Run accessor=$(vault auth list -format=json | jq -r '.["userpass/"].accessor')
Run alias=$(vault write -format=json identity/entity-alias name="bob" canonical_id=$entity_id mount_accessor=$accessor)
Run vault write identity/entity-alias/id/$(echo $alias | jq -r '.data.id') name=bsmith // Triggers a merge. Renames the implicitly created entity-alias name
Observe warning - identity: alias is already tied to a different entity; these entities are being merged:
Observe the merged entity is returned for the previous namebob when calling lookup - vault write -format=json identity/lookup/entity alias_name=bob alias_mount_accessor=$accessor
Expected behavior
Step 8 above should be rejected with an error about a duplicate identity name.
Identity lookup by alias using previous alias name should return no results.
Environment:
Vault Server Version (retrieve with vault status): 1.7.0
Vault CLI Version (retrieve with vault version): Vault v1.7.0 (4e222b8)
The text was updated successfully, but these errors were encountered:
I was trying a approle login, I don't see the error duplicate identity name in v1.5.4 even after having duplicate aliases, but it does complain in 1.7.0
Describe the bug
It is possible for a single entity to end up with multiple entity aliases of the same name and mount. However, this is not allowed when trying to create an entity alias. The following error message is returned if aliases with the same name for the same mount are attempted:
To Reproduce
Steps to reproduce the behavior:
vault server -dev -dev-root-token-id=root
in a separate terminal.vault auth enable userpass
vault write auth/userpass/users/bsmith password="training" policies="team-qa"
vault login -method=userpass username=bsmith password=training
accessor=$(vault auth list -format=json | jq -r '.["userpass/"].accessor')
entity_id=$(vault write -format=json identity/entity name="bob-smith" policies="base" | jq -r '.data.id')
alias=$(vault write -format=json identity/entity-alias name="bob" canonical_id=$entity_id mount_accessor=$accessor)
vault write identity/entity-alias/id/$(echo $alias | jq -r '.data.id') name=bsmith
// Triggers a merge. Renames the implicitly created entity-alias nameidentity: alias is already tied to a different entity; these entities are being merged:
vault read -format=json identity/entity/id/$(echo $alias | jq -r '.data.canonical_id')
bob
when calling lookup -vault write -format=json identity/lookup/entity alias_name=bob alias_mount_accessor=$accessor
Expected behavior
Environment:
vault status
): 1.7.0vault version
): Vault v1.7.0 (4e222b8)The text was updated successfully, but these errors were encountered: