Use capabilities rather than policies in default policy. Also add cubbyhole to it.

2016-01-16 18:02:31 -05:00 · 2016-01-16 18:02:31 -05:00 · b830e29449
parent 9857da207c
commit b830e29449
1 changed files with 7 additions and 3 deletions
--- a/vault/policy_store.go
+++ b/vault/policy_store.go
@ -207,15 +207,19 @@ func (ps *PolicyStore) ACL(names ...string) (*ACL, error) {
 func (ps *PolicyStore) createDefaultPolicy() error {
 	policy, err := Parse(`
 path "auth/token/lookup-self" {
-	policy = "read"
+    capabilities = ["read"]
 }

 path "auth/token/renew-self" {
-	policy = "write"
+    capabilities = ["update"]
 }

 path "auth/token/revoke-self" {
-	policy = "write"
+    capabilities = ["update"]
+}
+
+path "cubbyhole/*" {
+    capabilities = ["create", "read", "update", "delete", "list"]
 }
 `)
 	if err != nil {