vault
vault copied to clipboard
hashicorp
BUG: Too many arguments (expected 2, got 3)
vault policy write read-only my-policy.hcl --address=http://localhost:8200
Too many arguments (expected 2, got 3)
Following https://developer.hashicorp.com/vault/docs/commands/policy/write.
What I am doing wrong? How can I pass the --address flag?
The only workaround is to expose the address via the VAULT_ADDR environment variable. However, this BUG still stands.
Hi @droslean,
If you reorder the arguments to pass the --address argument directly after the write it should work. Any of the arguments listed from the --help of vault policy write --help should appear before the policy name and file arguments.
vault policy write --address=http://localhost:8200 read-only my-policy.hcl
Hi @droslean,
I'm sorry but I'll need more information of what you are seeing, such as version of vault (vault version) you are running and the error you are seeing as I can not reproduce the issue you are reporting.
❯ unset VAULT_ADDR
❯ vault server -dev -dev-root-token-id="devroot" -dev-listen-address=127.0.0.1:10000 &> /dev/null &
[1] 9267
❯ vault policy read --address=http://localhost:10000 read-only
No policy named: read-only
❯ vault policy write --address=http://localhost:10000 read-only my-policy.hcl
Success! Uploaded policy: read-only
❯ vault policy read --address=http://localhost:10000 read-only
path "secret/foo" {
capabilities = ["read"]
}
@stevendpclark I am using Vault v1.7.2 (db0e4245d5119b5929e611ea4d9bf66e47f3f208)
The command is vault policy write read-only my-policy.hcl --address=http://localhost:8200
I tried
-
vault --address=http://localhost:8200 policy write read-only my-policy.hcl -
vault policy --address=http://localhost:8200 write read-only my-policy.hcl -
vault policy write --address=http://localhost:8200 read-only my-policy.hcl -
vault policy write read-only --address=http://localhost:8200 my-policy.hcl
All of them are failing with:
Too many arguments (expected 2, got 3)
Hi @droslean,
I'm not sure what to tell you, I still can not reproduce the error you are reporting.
❯ unset VAULT_ADDR
❯ ~/.vvm/vault_1.7.2 server -dev -dev-root-token-id="devroot" -dev-listen-address=127.0.0.1:10000 &> /dev/null &
❯ ~/.vvm/vault_1.7.2 version
Vault v1.7.2 (db0e4245d5119b5929e611ea4d9bf66e47f3f208)
❯ ~/.vvm/vault_1.7.2 policy read --address=http://localhost:10000 read-only
No policy named: read-only
❯ ~/.vvm/vault_1.7.2 policy write --address=http://localhost:10000 read-only my-policy.hcl
Success! Uploaded policy: read-only
❯ ~/.vvm/vault_1.7.2 policy read --address=http://localhost:10000 read-only
path "secret/foo" {
capabilities = ["read"]
}
You should be getting a usage output/errors for the first two in your list and the "Too many arguments" error for the 4th version listed. Only the third version in your list should actually work assuming you have setup VAULT_TOKEN properly, the my-policy.hcl file exists and it contains a valid policy.
I still get the errors. Perhaps I am using a problematic release. Let me try to replicate the issue with the latest version.
I'm also unable to replicate this using Vault 1.7.2.
@droslean I suspect something specific to your environment is causing havoc here. I tried every command you listed in this comment and received varying results.
As you can see from my screenshots, I got different results every time. The 1st, 2nd, and 4th commands all failed, but I only received the error about too many arguments on the 4th command. The first 2 failed for different reasons. The third one succeeded.
If you're getting the "too many arguments" error for all 4 of those commands, it makes me think something is overriding your vault CLI command somehow. Is vault aliased to something? Is there something in your path named vault that's not the vault CLI tool?
Regardless, I don't think this is a bug with Vault.
@raskchanky It's not a bug. It's just how vault cli works... It seems that the global flags need to be in a specific place. /shrug