baschno/buun-stack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(jupyterhub): fix vault policies

Browse Source
This commit is contained in:
Masaki Yatsu
2025-09-19 15:20:45 +09:00
parent 7f87dfeb41
commit 34ecf7fd28
1 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
jupyterhub/jupyterhub-admin-policy.hcl
View File

@@ -34,16 +34,26 @@ path "auth/token/renew-self" {
capabilities = ["update"] capabilities = ["update"]
} }
# Create user-specific policies dynamically # Create user-specific policies dynamically (new API)
path "sys/policies/acl/jupyter-user-*" { path "sys/policies/acl/jupyter-user-*" {
capabilities = ["create", "read", "update", "delete"] capabilities = ["create", "read", "update", "delete"]
} }
# Read user policies to allow token creation with these policies # Create user-specific policies dynamically (old API for hvac compatibility)
path "sys/policy/*" {
capabilities = ["create", "read", "update", "delete", "sudo"]
}
# Read user policies to allow token creation with these policies (new API)
path "sys/policies/acl/*" { path "sys/policies/acl/*" {
capabilities = ["read", "list"] capabilities = ["read", "list"]
} }
# Read user policies to allow token creation with these policies (old API for hvac compatibility)
path "sys/policy/*" {
capabilities = ["read", "list"]
}
# System capabilities check # System capabilities check
path "sys/capabilities-self" { path "sys/capabilities-self" {
capabilities = ["read"] capabilities = ["read"]