Describe the bug
After upgrading Artifactory plugin from 1.8.0 to 1.8.5, I can't issue tokens with applied-permissions/admin scope anymore.
Vault version: 1.18.3+ent
Artifactory plugin version: 1.8.5
Artifactory Cloud 7.105.2 (but I see the same with self-hosted Artifactory instance)
The role:
vault read artifactory/roles/test
Key Value
--- -----
default_ttl 1h
include_reference_token false
max_ttl 3h
refreshable false
role test
scope applied-permissions/admin
username admin
The secret engine version:
vault secrets list -detailed
Path Plugin Accessor Default TTL Max TTL Force No Cache Replication Seal Wrap External Entropy Access Options Description UUID Version Running Version Running SHA256 Deprecation Status
---- ------ -------- ----------- ------- -------------- ----------- --------- ----------------------- ------- ----------- ---- ------- --------------- -------------- ------------------
artifactory/ artifactory artifactory_3a4aeac3 system system false replicated false false map[] Artifactory secrets engine f8762b4f-8233-bcbd-67a9-257debbf6937 v1.8.5 v1.8.5 a32ad9592ebb65cf1d98a1ca59cea3e95d5479a070147cde4b2e0cd8576dcf9e n/a
The attempt to issue token:
vault read artifactory/token/test
Error reading artifactory/token/test: Error making API request.
Namespace: ns_stargate/ns_dev_devexartifactorysaasaccess/
URL: GET http://127.0.0.1:8200/v1/artifactory/token/test
Code: 500. Errors:
* 1 error occurred:
* could not create access token:
TRACE logs:
2025-02-04T08:47:43.915Z [DEBUG] secrets.artifactory.artifactory_3a4aeac3.artifactory.artifactory-secrets-plugin-1.8.5: initialize maxLeaseTTL to system value: maxLeaseTTL=86400 func=pathTokenCreatePerform timestamp=2025-02-04T08:47:43.915Z
2025-02-04T08:47:43.915Z [DEBUG] secrets.artifactory.artifactory_3a4aeac3.artifactory.artifactory-secrets-plugin-1.8.5: using role MaxTTL: func=pathTokenCreatePerform role.MaxTTL=10800 timestamp=2025-02-04T08:47:43.915Z
2025-02-04T08:47:43.915Z [DEBUG] secrets.artifactory.artifactory_3a4aeac3.artifactory.artifactory-secrets-plugin-1.8.5: Max lease TTL (sec): func=pathTokenCreatePerform maxLeaseTTL=10800 timestamp=2025-02-04T08:47:43.915Z
2025-02-04T08:47:43.915Z [DEBUG] secrets.artifactory.artifactory_3a4aeac3.artifactory.artifactory-secrets-plugin-1.8.5: using role DefaultTTL: func=pathTokenCreatePerform role.DefaultTTL=3600 timestamp=2025-02-04T08:47:43.915Z
2025-02-04T08:47:43.915Z [DEBUG] secrets.artifactory.artifactory_3a4aeac3.artifactory.artifactory-secrets-plugin-1.8.5: TTL (sec): func=pathTokenCreatePerform ttl=3600 timestamp=2025-02-04T08:47:43.915Z
2025-02-04T08:47:43.915Z [DEBUG] secrets.artifactory.artifactory_3a4aeac3.artifactory.artifactory-secrets-plugin-1.8.5: fetching Artifactory version: func=getVersion timestamp=2025-02-04T08:47:43.915Z
2025-02-04T08:47:43.937Z [DEBUG] secrets.artifactory.artifactory_3a4aeac3.artifactory.artifactory-secrets-plugin-1.8.5: found Artifactory version: func=getVersion version=7.105.2 timestamp=2025-02-04T08:47:43.937Z
2025-02-04T08:47:43.938Z [TRACE] secrets.artifactory.artifactory_3a4aeac3.artifactory.artifactory-secrets-plugin-1.8.5: comparing versions: func=checkVersion v1=7.105.2 v2=7.50.3 timestamp=2025-02-04T08:47:43.937Z
2025-02-04T08:47:43.955Z [ERROR] secrets.artifactory.artifactory_3a4aeac3.artifactory.artifactory-secrets-plugin-1.8.5: got non-200 status code: func=CreateToken message="" statusCode=400 timestamp=2025-02-04T08:47:43.955Z
If I revert plugin to 1.8.0, I can issue token without any problems using the same role:
vault secrets list -detailed
Path Plugin Accessor Default TTL Max TTL Force No Cache Replication Seal Wrap External Entropy Access Options Description UUID Version Running Version Running SHA256 Deprecation Status
---- ------ -------- ----------- ------- -------------- ----------- --------- ----------------------- ------- ----------- ---- ------- --------------- -------------- ------------------
artifactory/ artifactory artifactory_3a4aeac3 system system false replicated false false map[] Artifactory secrets engine f8762b4f-8233-bcbd-67a9-257debbf6937 v1.8.0 v1.8.0 24d704d6ac4d5423593657a4a5c85c8a929c1c441c335b06a867f892566e382e n/a
vault read artifactory/token/test
Key Value
--- -----
lease_id artifactory/token/test/OcJpHknfwevip2Y1mW4zx1In.C81fY
lease_duration 1h
lease_renewable true
access_token eyJ2ZXIixxxxxxxxxxxxxxxxx
expires_in 0
reference_token n/a
refresh_token n/a
role test
scope applied-permissions/admin
token_id daabfad5-5c18-4faf-8bd1-a520030f9ff2
username admin
Requirements for and issue
Expected behavior
I expect token issuance with the applied-permissions/admin scope to work in version 1.8.5.
Describe the bug
After upgrading Artifactory plugin from 1.8.0 to 1.8.5, I can't issue tokens with
applied-permissions/adminscope anymore.Vault version: 1.18.3+ent
Artifactory plugin version: 1.8.5
Artifactory Cloud 7.105.2 (but I see the same with self-hosted Artifactory instance)
The role:
The secret engine version:
The attempt to issue token:
TRACE logs:
If I revert plugin to 1.8.0, I can issue token without any problems using the same role:
Requirements for and issue
curlit at$host/artifactory/api/system/versionExpected behavior
I expect token issuance with the
applied-permissions/adminscope to work in version 1.8.5.