Migrate default policy to a const

2016-08-08 18:33:31 -04:00 · 2016-08-08 18:33:31 -04:00 · 065da5fd69
parent 5a48611a62
commit 065da5fd69
1 changed files with 36 additions and 33 deletions
--- a/vault/policy_store.go
+++ b/vault/policy_store.go
@ -28,6 +28,41 @@ const (
 path "cubbyhole/response" {
    capabilities = ["create", "read"]
 }
+`
+
+	// defaultPolicy is the "default" policy
+	defaultPolicy = `
+path "auth/token/lookup-self" {
+    capabilities = ["read"]
+}
+
+path "auth/token/renew-self" {
+    capabilities = ["update"]
+}
+
+path "auth/token/revoke-self" {
+    capabilities = ["update"]
+}
+
+path "cubbyhole/*" {
+    capabilities = ["create", "read", "update", "delete", "list"]
+}
+
+path "cubbyhole" {
+    capabilities = ["list"]
+}
+
+path "sys/capabilities-self" {
+    capabilities = ["update"]
+}
+
+path "sys/renew" {
+    capabilities = ["update"]
+}
+
+path "sys/renew/*" {
+    capabilities = ["update"]
+}
 `
 )

@ -276,39 +311,7 @@ func (ps *PolicyStore) ACL(names ...string) (*ACL, error) {
 }

 func (ps *PolicyStore) createDefaultPolicy() error {
-	policy, err := Parse(`
-path "auth/token/lookup-self" {
-    capabilities = ["read"]
-}
-
-path "auth/token/renew-self" {
-    capabilities = ["update"]
-}
-
-path "auth/token/revoke-self" {
-    capabilities = ["update"]
-}
-
-path "cubbyhole/*" {
-    capabilities = ["create", "read", "update", "delete", "list"]
-}
-
-path "cubbyhole" {
-    capabilities = ["list"]
-}
-
-path "sys/capabilities-self" {
-    capabilities = ["update"]
-}
-
-path "sys/renew" {
-    capabilities = ["update"]
-}
-
-path "sys/renew/*" {
-    capabilities = ["update"]
-}
-`)
+	policy, err := Parse(defaultPolicy)
 	if err != nil {
 		return errwrap.Wrapf("error parsing default policy: {{err}}", err)
 	}