如何将保管库策略分配给 ldap 组/用户
[英]How to assign a vault policy to a ldap group/user
问题描述
I am trying to use vault in my application.
我正在尝试在我的应用程序中使用保险库。 The authentication mechanism i am using is LDAP.我使用的身份验证机制是 LDAP。 I have done the configuration and my users are able to login to vault but they are not able to see any secret engines that I created as a root user.我已经完成了配置,我的用户可以登录到 vault,但他们看不到我作为 root 用户创建的任何秘密引擎。
For example I have enabled a secret engine secrets/kv and created 2 keys inside it.例如,我启用了一个秘密引擎secrets/kv并在其中创建了 2 个密钥。 What i want is my ldap users to read/write secrets directly from UI.我想要的是我的 ldap 用户直接从 UI 读/写机密。 My policy file looks like this -我的政策文件看起来像这样 -
path "secret/kv"
{
capabilities = ["read", "update", "list"]
}
path "auth/*"
{
capabilities = ["create", "read", "update", "delete", "list", "sudo"]
}
And use issued the below command to write the data - vault write auth/ldap/groups/ldap-group policies=my-policy并使用发出以下命令写入数据 - vault write auth/ldap/groups/ldap-group policies=my-policy
Still the users can't see the kv engine on the UI to read/write secrets.用户仍然无法在 UI 上看到 kv 引擎来读/写机密。
Let me know if anyone can help me with this.如果有人可以帮助我,请告诉我。
1 个解决方案
解决方案1
0 2020-12-23 21:46:48
This policy should solve your issue.You don't need to prefix the path with secret .此策略应该可以解决您的问题。您不需要在路径前加上secret前缀。
path "kv/*"
{
capabilities = ["read", "update", "list"]
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.