Okay, so I managed to try adding a host entry and ended up adding it twice, but now can’t delete the wrong one. It shows owned by admin. And was loaded into the root policy (yeah, I know. But playing in test.).
So, tried loading a delete policy:
conjur list shows it as:
Account_Name:host:my_host
Web interface shows the host as owned by admin
Any pointers on deleting welcomed. Have a feeling I’ll be needing to get good at it, eh.
Hi Barry:
Yeah, there is definitely variety in the way host identities are represented.
your policy should read:
- !delete
record: !host my_host
Hope all is well.
Jody
Jody, doing okay here, other than painting myself into corners, eh.
Tried that form for the policy and the command:
conjur policy load root policy/0005b_host.yml
since that’s what I used to load it initially, and got the error:
No such file or directory
Do I need the --delete flag as well when I load the policy?
Probably should add that I also used the FQDN for the host name, so it has periods in it:
lxxxyy.domain1.domain2.com
Yeah. Should have looked at the right documentation section, and not tried to do in middle of a meeting…
Yes, you do need to use the --delete flag when loading a delete policy. Whatever you do, don’t use --replace though. It’ll nuke everything. The periods shouldn’t matter. Spaces can be escaped with \ or quoting the whole string with double quotes.
Jody, as always, thanks!
That did it.
Now, to just create the host the right way, eh. :]