vitess.io/vitess@v0.16.2/go/test/endtoend/vault/dbcreds_policy.hcl

vitess.io/vitess@v0.16.2/go/test/endtoend/vault/dbcreds_policy.hcl (about)

     1  # Allow tokens to look up their own properties
     2  path "auth/token/lookup-self" {
     3      capabilities = ["read"]
     4  }
     5  
     6  # Allow tokens to renew themselves
     7  path "auth/token/renew-self" {
     8      capabilities = ["update"]
     9  }
    10  
    11  # Allow tokens to revoke themselves
    12  path "auth/token/revoke-self" {
    13      capabilities = ["update"]
    14  }
    15  
    16  # Allow a token to look up its own capabilities on a path
    17  path "sys/capabilities-self" {
    18      capabilities = ["update"]
    19  }
    20  
    21  path "kv/data/prod/dbcreds" {
    22    capabilities = ["read"]
    23  }
    24  
    25  path "kv/data/prod/vtgatecreds" {
    26    capabilities = ["read"]
    27  }
    28