terraform-vault-tenant/policies/tenant-admins.policy.hcl

path "{{identity.entity.metadata.prefix}}/*" {
  capabilities = ["create", "update", "read", "delete", "list"]
}

path "sys/mounts/{{identity.entity.metadata.prefix}}/*" {
  capabilities = ["create", "update", "read", "delete", "list"]
}

path "auth/token/create" {
  capabilities = ["create", "update", "sudo"]
  allowed_parameters = {
    policies = [["${tenant_name}-admin"]]
  }
}
feat: add default admin policy 2024-05-25 10:59:54 +00:00			`path "{{identity.entity.metadata.prefix}}/*" {`
			`capabilities = ["create", "update", "read", "delete", "list"]`
			`}`

			`path "sys/mounts/{{identity.entity.metadata.prefix}}/*" {`
			`capabilities = ["create", "update", "read", "delete", "list"]`
			`}`
feat: allow tenant admin to create child token with its own permissions 2024-05-25 14:27:53 +00:00
			`path "auth/token/create" {`
fix: wrong permissions on token/create for tenant admin 2024-05-25 14:59:55 +00:00			`capabilities = ["create", "update", "sudo"]`
feat: allow tenant admin to create child token with its own permissions 2024-05-25 14:27:53 +00:00			`allowed_parameters = {`
fix: wrong permissions on token/create for tenant admin 2024-05-25 14:59:55 +00:00			`policies = [["${tenant_name}-admin"]]`
feat: allow tenant admin to create child token with its own permissions 2024-05-25 14:27:53 +00:00			`}`
			`}`