vault: adding another ACL test

2015-07-05 17:34:34 -06:00 · 2015-07-05 17:34:34 -06:00 · 3d2fa8818e
parent dc8cc308af
commit 3d2fa8818e
1 changed files with 9 additions and 0 deletions
--- a/vault/acl_test.go
+++ b/vault/acl_test.go
@ -112,6 +112,9 @@ func testLayeredACL(t *testing.T, acl *ACL) {
 		{logical.ReadOperation, "prod/foo", true},
 		{logical.ListOperation, "prod/foo", true},
 		{logical.ReadOperation, "prod/aws/foo", false},
+
+		{logical.ReadOperation, "sys/status", false},
+		{logical.WriteOperation, "sys/seal", true},
 	}

 	for _, tc := range tcases {
@ -142,6 +145,9 @@ path "prod/*" {
 path "prod/aws/*" {
 	policy = "deny"
 }
+path "sys/*" {
+	policy = "deny"
+}
 `

 var aclPolicy2 = `
@ -155,4 +161,7 @@ path "stage/aws/policy/*" {
 path "prod/*" {
 	policy = "write"
 }
+path "sys/seal" {
+	policy = "write"
+}
 `