From 154a3ba98a15f06c76eeef43343a8ddd95fe916c Mon Sep 17 00:00:00 2001
From: Bertrand Lanson <bertrand.lanson@protonmail.com>
Date: Sun, 26 May 2024 15:20:18 +0200
Subject: [PATCH] fix: increase permissions for remounting secret engines

---
 policies/tenant-admins.policy.hcl | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/policies/tenant-admins.policy.hcl b/policies/tenant-admins.policy.hcl
index 1b2e55c..72698d6 100644
--- a/policies/tenant-admins.policy.hcl
+++ b/policies/tenant-admins.policy.hcl
@@ -9,7 +9,11 @@ path "sys/mounts/${tenant_prefix}/*" {
 path "sys/remount" {
   capabilities = ["update"]
   allowed_parameters = {
-    from = ["${tenant_prefix}/*"]
-    to = ["${tenant_prefix}/*"]
+    "from" = ["${tenant_prefix}/*"]
+    "to" = ["${tenant_prefix}/*"]
   }
 }
+
+path "sys/remount/status/*" {
+  capabilities = ["read"]
+}