情况如下:我创建了一个用户
vault write auth/userpass/users/'username' password='password' policies=default
使用默认策略和添加的路径
"secret/db_pass/*" {
capabilities = ["create","read","delete","update","list"]
}
在默认策略中。但是当我试图访问secret/时,虽然我在策略文件中添加了权限,但我收到错误'You don't have access to secret/,。
难道我做错了什么?有些温柔的灵魂可以帮忙吗?如果需要任何其他信息,请与我们联系。
不确定,但似乎政策结构已经改变。要访问“secret / db_pass /”,您应该有权访问secret /本身。所以,我用2个政策来实现它。一个用于访问secret /和其他用于secret / db_pass /。
path "secret/" {
capabilities = ["list"]
}
path "secret/db_pass/*"
{ capabilities = ["create","read","delete","update","list"]
}