Don't require root tokens for mount and policy endpoints.

2015-11-09 15:29:21 -05:00 · 2015-11-09 15:29:21 -05:00 · 8673f36b34
parent 5d5d58ffe4
commit 8673f36b34
2 changed files with 2 additions and 3 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -34,6 +34,8 @@ IMPROVEMENTS:
 * core: Base64-encoded PGP keys can be used with the CLI for `init` and
   `rekey` operations [GH-653]
 * core: Print version on startup [GH-765]
+ * core: Access to `sys/policy` and `sys/mounts` now uses the normal ACL system
+   instead of requiring a root token [GH-769]
 * credential/token: Display whether or not a token is an orphan in the output
   of a lookup call [GH-766]
 * logical: Allow `.` in path-based variables in many more locations [GH-244]
--- a/vault/logical_system.go
+++ b/vault/logical_system.go
@ -29,12 +29,9 @@ func NewSystemBackend(core *Core, config *logical.BackendConfig) logical.Backend

 		PathsSpecial: &logical.Paths{
 			Root: []string{
-				"mounts/*",
 				"auth/*",
 				"remount",
 				"revoke-prefix/*",
-				"policy",
-				"policy/*",
 				"audit",
 				"audit/*",
 				"seal", // Must be set for Core.Seal() logic