我的保险库有以下政策
path "/secrets/global/*" { capabilities = ["read", "create", "update", "delete", "list"] }
此策略是否允许我访问全局下的所有路径
/secrets/global/common/*
/secrets/global/notsocommoon/app1/*
/secrets/global/notsocommoon/app1/module1/*
最佳答案
是的。 Vault 会将所有功能授予 /secrets/global/ 及其子目录。
由于我们可以向同一策略添加多个路径,因此如果我们想要限制某些功能特定路径,我们可以这样做
#mypolicy.hcl
path "/secrets/global/*" { capabilities = ["read", "create", "update", "delete", "list"] }
path "/secrets/global/myteam/passwords/*" { capabilities = ["read"] }
关于hashicorp-vault - 带有通配符的保管库策略路径,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/61804037/