From 1394555a4dad21185a45756b08fc151f0d461e77 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Wed, 3 Feb 2016 13:50:47 -0500 Subject: [PATCH] Add listing of cubbyhole's root to the default policy. This allows `vault list cubbyhole` to behave as expected rather than requiring `vault list cubbyhole/`. It could be special cased in logic, but it also serves as a model for the same behavior in e.g. `generic` mounts where special casing is not possible due to unforeseen mount paths. --- vault/policy_store.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/vault/policy_store.go b/vault/policy_store.go index 4d6b9ec82..8bbb79a8d 100644 --- a/vault/policy_store.go +++ b/vault/policy_store.go @@ -221,6 +221,10 @@ path "auth/token/revoke-self" { path "cubbyhole/*" { capabilities = ["create", "read", "update", "delete", "list"] } + +path "cubbyhole" { + capabilities = ["list"] +} `) if err != nil { return errwrap.Wrapf("error parsing default policy: {{err}}", err)