From a4e8e140966d0218852b10905360af27f2931c49 Mon Sep 17 00:00:00 2001
From: Bertrand Lanson <bertrand.lanson@protonmail.com>
Date: Sun, 26 May 2024 14:04:22 +0200
Subject: [PATCH] feat: allow tenant admin to remount secret engines on tenant
 prefix

---
 policies/tenant-admins.policy.hcl | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/policies/tenant-admins.policy.hcl b/policies/tenant-admins.policy.hcl
index d318d9f..5829bee 100644
--- a/policies/tenant-admins.policy.hcl
+++ b/policies/tenant-admins.policy.hcl
@@ -5,3 +5,11 @@ path "${tenant_prefix}/*" {
 path "sys/mounts/${tenant_prefix}/*" {
   capabilities = ["create", "update", "read", "delete", "list"]
 }
+
+path "sys/remount" {
+  capabilities = ["update"]
+  allowed_parameters = {
+    from = "${tenant_prefix}/*"
+    to = "${tenant_prefix}/*"
+  }
+}