我遵守保管库政策
path "/secrets/global/*" { capabilities = ["read", "create", "update", "delete", "list"] }
此政策是否会允许我访问全局下的所有路径,如
/secrets/global/common/*
/secrets/global/notsocommoon/app1/*
/secrets/global/notsocommoon/app1/module1/*
答案 0 :(得分:0)
是的。保管箱会将所有功能授予/secrets/global/及其子目录。
由于我们可以向同一策略添加多个路径,因此,如果要限制少数功能,则可以像这样
#mypolicy.hcl
path "/secrets/global/*" { capabilities = ["read", "create", "update", "delete", "list"] }
path "/secrets/global/myteam/passwords/*" { capabilities = ["read"] }