From 37145a7e2af0c5a50c7d3170e6282e460f77d27e Mon Sep 17 00:00:00 2001
From: hc-github-team-secure-vault-core
 <82990506+hc-github-team-secure-vault-core@users.noreply.github.com>
Date: Thu, 30 Mar 2023 11:39:33 -0400
Subject: [PATCH] backport of commit 670c9522a554b78ad47824de11a8344ff9fe88c6
 (#19605)

Co-authored-by: Chris Capurso <1036769+ccapurso@users.noreply.github.com>
---
 .../hcp_link/capabilities/api_capability/token_manager.go  | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/vault/hcp_link/capabilities/api_capability/token_manager.go b/vault/hcp_link/capabilities/api_capability/token_manager.go
index 312473c3681d..4b0018efdf56 100644
--- a/vault/hcp_link/capabilities/api_capability/token_manager.go
+++ b/vault/hcp_link/capabilities/api_capability/token_manager.go
@@ -88,10 +88,6 @@ func (t *HCPLinkTokenManager) fetchPolicy() (string, error) {
 		return "", fmt.Errorf("error creating HTTP request: %w", err)
 	}
 
-	query := req.URL.Query()
-	query.Add("cluster_id", t.scadaConfig.Resource.ID)
-	req.URL.RawQuery = query.Encode()
-
 	retryableReq, err := retryablehttp.FromRequest(req)
 	if err != nil {
 		return "", fmt.Errorf("error adding HTTP request retry wrapping: %w", err)
@@ -165,10 +161,11 @@ func (t *HCPLinkTokenManager) updateInLinePolicy() {
 func NewHCPLinkTokenManager(scadaConfig *scada.Config, core *vault.Core, logger hclog.Logger) (*HCPLinkTokenManager, error) {
 	tokenLogger := logger.Named("token_manager")
 
-	policyURL := fmt.Sprintf("https://%s/vault/2020-11-25/organizations/%s/projects/%s/link/policy",
+	policyURL := fmt.Sprintf("https://%s/vault-link/2022-11-07/organizations/%s/projects/%s/link/policy/%s",
 		scadaConfig.HCPConfig.APIAddress(),
 		scadaConfig.Resource.Location.OrganizationID,
 		scadaConfig.Resource.Location.ProjectID,
+		scadaConfig.Resource.ID,
 	)
 
 	m := &HCPLinkTokenManager{