From 670c9522a554b78ad47824de11a8344ff9fe88c6 Mon Sep 17 00:00:00 2001
From: Chris Capurso <1036769+ccapurso@users.noreply.github.com>
Date: Fri, 17 Mar 2023 09:09:25 -0400
Subject: [PATCH] update link policy fetch URL (#19371)

* update link policy fetch URL

* fix fmt
---
 .../hcp_link/capabilities/api_capability/token_manager.go  | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/vault/hcp_link/capabilities/api_capability/token_manager.go b/vault/hcp_link/capabilities/api_capability/token_manager.go
index ab84da802c..f5acb7a515 100644
--- a/vault/hcp_link/capabilities/api_capability/token_manager.go
+++ b/vault/hcp_link/capabilities/api_capability/token_manager.go
@@ -91,10 +91,6 @@ func (t *HCPLinkTokenManager) fetchPolicy() (string, error) {
 		return "", fmt.Errorf("error creating HTTP request: %w", err)
 	}
 
-	query := req.URL.Query()
-	query.Add("cluster_id", t.scadaConfig.Resource.ID)
-	req.URL.RawQuery = query.Encode()
-
 	retryableReq, err := retryablehttp.FromRequest(req)
 	if err != nil {
 		return "", fmt.Errorf("error adding HTTP request retry wrapping: %w", err)
@@ -168,10 +164,11 @@ func (t *HCPLinkTokenManager) updateInLinePolicy() {
 func NewHCPLinkTokenManager(scadaConfig *scada.Config, core *vault.Core, logger hclog.Logger) (*HCPLinkTokenManager, error) {
 	tokenLogger := logger.Named("token_manager")
 
-	policyURL := fmt.Sprintf("https://%s/vault/2020-11-25/organizations/%s/projects/%s/link/policy",
+	policyURL := fmt.Sprintf("https://%s/vault-link/2022-11-07/organizations/%s/projects/%s/link/policy/%s",
 		scadaConfig.HCPConfig.APIAddress(),
 		scadaConfig.Resource.Location.OrganizationID,
 		scadaConfig.Resource.Location.ProjectID,
+		scadaConfig.Resource.ID,
 	)
 
 	m := &HCPLinkTokenManager{