Failed to revoke lease due to empty access token not allowed #237
Assignees
Labels
bug
Something isn't working
Comments
5 tasks
|
@Claudiordev @elestedt Even though the message above does not include the command to set access token for |
|
Yes. User has been able to retrieve tokens, then this appears. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
The path under the "artifactory/user_token/", is being managed by the artifactory plugin. Every time a refresh token is request, a lease is created in Vault, but due to a error on "missing access_token", related in the #236, the following error shows every time the vault automatically tries to revoke the lease:
"2025-01-03T14:27:12.776Z [ERROR] expiration: failed to revoke lease: lease_id=artifactory/user_token/bppmanap/0dAs9vq5DZEHNuK6fs9aQ6is error="failed to revoke entry: resp: (*logical.Response)(nil) err: empty access token not allowed" attempts=4 next_attempt=3m46.307019948s"This is making the lease count in vault increase reaching the max lease count on it, disabling the users from logging in.
This instance is configured with the exceptional case of a configuration without a access token:
vault write artifactory/config/admin url=***vault write artifactory/config/admin use_expiring_tokens=truevault write artifactory/config/admin default_description="Generated by Vault" max_ttl=14400 default_ttl=3600vault write artifactory/config/user_token use_expiring_tokens=truevault write artifactory/config/user_token default_description="Generated by Vault" max_ttl=14400 default_ttl=3600vault write artifactory/config/user_token scope="applied-permissions/user"vault write artifactory/config/user_token audience="jfrt@* jfxr@*"Artifactory version: 7.98.7
Vault version: 1.18.2
Vault plugin version: 1.8.4
To Reproduce
Steps to reproduce the behavior:
Requirements for and issue
curlit at$host/artifactory/api/system/versionThe text was updated successfully, but these errors were encountered: