vault-subpath-proxy

command

v0.0.0-...-865bd4e Latest Latest Go to latest Published: Apr 19, 2024 License: Apache-2.0 Imports: 38 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

README ¶

Vault Subpath Proxy

A small proxy that we run in front of Vault. It solves the problem of "If user has no list perm in parent directory, user can't find any subdirectory they might have access to.". To do so it:

Checks if a request got a 403
If so, it will call out to the /v1/sys/internal/ui/resultant-acl endpoint, using the provided token
That endpoint returns effective permissions, so if a user has access to a subpath, it is there
If any result is found this way, it will be added to the response and the status code is changed from 403 to 200

Careful: The resultant-acl api is internal, undocumented and no stability guarantee is provided. Ideally, this functionality will get included into Vault itself one day.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL