policy: allow read of metadata for secret backend
Update policy for secrets backends to allow the metadata about the backend to be read by remote clients. This allows the KV store type to be determined. Change-Id: Iea5d154401ff34e410f5bf5ab6412fe8f8e260b0
This commit is contained in:
parent
04606d8b67
commit
dc477f4d2f
|
@ -72,12 +72,18 @@ SECRET_BACKEND_HCL = """
|
|||
path "{backend}/{hostname}/*" {{
|
||||
capabilities = ["create", "read", "update", "delete", "list"]
|
||||
}}
|
||||
path "sys/internal/ui/mounts/{backend}" {{
|
||||
capabilities = ["read"]
|
||||
}}
|
||||
"""
|
||||
|
||||
SECRET_BACKEND_SHARED_HCL = """
|
||||
path "{backend}/*" {{
|
||||
capabilities = ["create", "read", "update", "delete", "list"]
|
||||
}}
|
||||
path "sys/internal/ui/mounts/{backend}" {{
|
||||
capabilities = ["read"]
|
||||
}}
|
||||
"""
|
||||
VAULT_LOCALHOST_URL = "http://127.0.0.1:8220"
|
||||
VAULT_HEALTH_URL = '{vault_addr}/v1/sys/health'
|
||||
|
|
Loading…
Reference in New Issue