From 61481d808d3382fa271ae353b677f513eae89e04 Mon Sep 17 00:00:00 2001
From: Bertrand Lanson <bertrand.lanson@protonmail.com>
Date: Sat, 25 May 2024 18:05:49 +0200
Subject: [PATCH] fix: wrong permissions on token policy for tenant admin

---
 policies/tenant-admins.policy.hcl | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/policies/tenant-admins.policy.hcl b/policies/tenant-admins.policy.hcl
index 108cc05..d318d9f 100644
--- a/policies/tenant-admins.policy.hcl
+++ b/policies/tenant-admins.policy.hcl
@@ -1,11 +1,7 @@
-path "{{identity.entity.metadata.prefix}}/*" {
+path "${tenant_prefix}/*" {
   capabilities = ["create", "update", "read", "delete", "list"]
 }
 
-path "sys/mounts/{{identity.entity.metadata.prefix}}/*" {
+path "sys/mounts/${tenant_prefix}/*" {
   capabilities = ["create", "update", "read", "delete", "list"]
 }
-
-path "auth/token/create" {
-  capabilities = ["create", "update", "sudo"]
-}