terraform-registry/terraform-vault-tenant
terraform-registry/terraform-vault-tenant
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: allow tenant admin to remount secret engines on tenant prefix
All checks were successful
development / Check commit compliance (push) Successful in 5s
Details
pull-requests-open / Check commit compliance (pull_request) Successful in 4s
Details

Browse Source
This commit is contained in:
Bertrand Lanson 2024-05-26 14:04:22 +02:00
parent ba09f9e4dc
commit a4e8e14096
Signed by: lanson
SSH Key Fingerprint: SHA256:/nqc6HGqld/PS208F6FUOvZlUzTS0rGpNNwR5O2bQBw
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
policies/tenant-admins.policy.hcl
View File

@ -5,3 +5,11 @@ path "${tenant_prefix}/*" {
path "sys/mounts/${tenant_prefix}/*" { path "sys/mounts/${tenant_prefix}/*" {
capabilities = ["create", "update", "read", "delete", "list"] capabilities = ["create", "update", "read", "delete", "list"]
} }
path "sys/remount" {
capabilities = ["update"]
allowed_parameters = {
from = "${tenant_prefix}/*"
to = "${tenant_prefix}/*"
}
}