backport of commit 670c952 (hashicorp#19605)

Co-authored-by: Chris Capurso <1036769+ccapurso@users.noreply.github.com>
fopina · Mar 30, 2023 · 37145a7 · 37145a7
1 parent b500045
commit 37145a7
Showing 1 changed file with 2 additions and 5 deletions.
diff --git a/vault/hcp_link/capabilities/api_capability/token_manager.go b/vault/hcp_link/capabilities/api_capability/token_manager.go
@@ -88,10 +88,6 @@ func (t *HCPLinkTokenManager) fetchPolicy() (string, error) {
 		return "", fmt.Errorf("error creating HTTP request: %w", err)
 	}
 
-	query := req.URL.Query()
-	query.Add("cluster_id", t.scadaConfig.Resource.ID)
-	req.URL.RawQuery = query.Encode()
-
 	retryableReq, err := retryablehttp.FromRequest(req)
 	if err != nil {
 		return "", fmt.Errorf("error adding HTTP request retry wrapping: %w", err)
@@ -165,10 +161,11 @@ func (t *HCPLinkTokenManager) updateInLinePolicy() {
 func NewHCPLinkTokenManager(scadaConfig *scada.Config, core *vault.Core, logger hclog.Logger) (*HCPLinkTokenManager, error) {
 	tokenLogger := logger.Named("token_manager")
 
-	policyURL := fmt.Sprintf("https://%s/vault/2020-11-25/organizations/%s/projects/%s/link/policy",
+	policyURL := fmt.Sprintf("https://%s/vault-link/2022-11-07/organizations/%s/projects/%s/link/policy/%s",
 		scadaConfig.HCPConfig.APIAddress(),
 		scadaConfig.Resource.Location.OrganizationID,
 		scadaConfig.Resource.Location.ProjectID,
+		scadaConfig.Resource.ID,
 	)
 
 	m := &HCPLinkTokenManager{