feat(jupyterhub): Vault integration

2025-08-31 14:47:29 +09:00
parent 9a1d4fd16f
commit f529223c56
6 changed files with 376 additions and 5 deletions
--- a/jupyterhub/vault-policy.hcl
+++ b/jupyterhub/vault-policy.hcl
@@ -0,0 +1,21 @@
+# JupyterHub user policy for Vault access
+
+# Read access to shared jupyter resources
+path "secret/data/jupyter/shared/*" {
+    capabilities = ["read", "list"]
+}
+
+# Full access to user-specific paths
+path "secret/data/jupyter/users/{{identity.entity.aliases.auth_jwt_*.metadata.username}}/*" {
+    capabilities = ["create", "update", "read", "delete", "list"]
+}
+
+# Allow users to list their own directory
+path "secret/metadata/jupyter/users/{{identity.entity.aliases.auth_jwt_*.metadata.username}}/*" {
+    capabilities = ["list", "read", "delete"]
+}
+
+# Allow users to list jupyter root to navigate
+path "secret/metadata/jupyter/*" {
+    capabilities = ["list"]
+}