From 9a30e25a805adfc68d9f02842800a5adb0ecf7ee Mon Sep 17 00:00:00 2001
From: Bertrand Lanson <bertrand.lanson@protonmail.com>
Date: Sat, 25 May 2024 16:59:55 +0200
Subject: [PATCH] fix: wrong permissions on token/create for tenant admin

---
 policies/tenant-admins.policy.hcl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/policies/tenant-admins.policy.hcl b/policies/tenant-admins.policy.hcl
index 1b1a02c..09e6ad7 100644
--- a/policies/tenant-admins.policy.hcl
+++ b/policies/tenant-admins.policy.hcl
@@ -7,8 +7,8 @@ path "sys/mounts/{{identity.entity.metadata.prefix}}/*" {
 }
 
 path "auth/token/create" {
-  capabilities = ["create", "update", "delete"]
+  capabilities = ["create", "update", "sudo"]
   allowed_parameters = {
-    policies = ["${tenant_name}-admin"]
+    policies = [["${tenant_name}-admin"]]
   }
 }