Policy: Not working when I have a policy starting with wildcard #8835
Description
Describe the bug
I wanted to create a rule that match any kv engine with the secret name sth inside the engine.
For example, I had an automation that would generate a kv engine with a generated name. Inside that engine, we would create the secret sth. But I want to create a general account that could fit in all the product from this automation
So, I was setting up the policy with the following rules
path "*/sth/*" {
// sth
}But it didn't work as expected.
To Reproduce
Steps to reproduce the behavior:
- Create the policy as describe above
- Assign this policy to particular account.
- Try to use that account to read the secret
Expected behavior
That account should be able to retrieve the secret
Environment:
- Vault Server Version (retrieve with
vault status):
Key Value
--- -----
Recovery Seal Type shamir
Initialized true
Sealed false
Total Recovery Shares 1
Threshold 1
Version 1.3.4+prem
Cluster Name vault
Cluster ID 1233ec64-f4dc-551a-9490-fca261574418
HA Enabled true
HA Cluster https://10.127.4.2:8201
HA Mode active
Last WAL 20396364
- Vault CLI Version (retrieve with
vault version):
Vault v1.3.4
- Server Operating System/Architecture:
Debian
Vault server configuration file(s):
Cannot get the configuration for the time being.
Additional context
Add any other context about the problem here.