Hashicorp Vault reading creds - failed to find entry for connection with name: db_name

Question

I dont know if I did something wrong or not.

But here is my configuration.

// payload.json
{
  "plugin_name": "postgresql-database-plugin",
  "allowed_roles": "*",
  "connection_url": "postgresql://{{username}}:{{password}}@for-testing-vault.rds.amazonaws.com:5432/test-app",
  "username": "test",
  "password": "testtest"
}

then run this command:

curl --header "X-Vault-Token: ..." --request POST --data @payload.json http://ip_add.us-west-1.compute.amazonaws.com:8200/v1/database/config/postgresql

roles configuration:

// readonlypayload.json
{
  "db_name": "test-app",
  "creation_statements": ["CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}';
   GRANT SELECT ON ALL TABLES IN SCHEMA public TO \"{{name}}\";"],
  "default_ttl": "1h",
  "max_ttl": "24h"
}

then run this command:

curl --header "X-Vault-Token: ..." --request POST --data @readonlypayload.json http://ip_add.us-west-1.compute.amazonaws.com:8200/v1/database/roles/readonly

Then created a policy:

path "database/creds/readonly" {
  capabilities = [ "read" ]
}

path "/sys/leases/renew" {
  capabilities = [ "update" ]
}

and run this to get the token:

curl --header "X-Vault-Token: ..." --request POST --data '{"policies": ["db_creds"]}' http://ip_add.us-west-1.compute.amazonaws.com:8200/v1/auth/token/create | jq

executed this command to get the values:

VAULT_TOKEN=... consul-template.exe -template="config.yml.tpl:config.yml" -vault-addr "http://ip_add.us-west-1.compute.amazonaws.com:8200" -log-level debug

Then I receive this errors:

URL: GET http://ip_add.us-west-1.compute.amazonaws.com:8200/v1/database/creds/readonly
Code: 500. Errors:

* 1 error occurred:
        * failed to find entry for connection with name: "test-app"

Any suggestions will be appreciated, thanks!

EDIT: Tried also this command on the server vault read database/creds/readonly

Still returning

* 1 error occurred:
        * failed to find entry for connection with name: "test-app"

Answer 1

For those coming to this page via Googling for this error message, this might help:

Unfortunately the Vault database/role's parameter db_name is a bit misleading. The value needs to match a database/config/ entry, not an actual database name per se. The GRANT statement itself is where the database name is relevant, the db_name is just a reference to the config name, which may or may not match the database name. (In my case, the configs have other data such as environment prefixing the DB name.)