mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-22 15:11:07 +02:00
2c3c585d70
* changes then onto tests * fix wif test failures * changelog * clean up * address pr comments * only test one wif engine for relevant tests * add back engine loop for tests that depend on type
37 lines
1.0 KiB
TypeScript
37 lines
1.0 KiB
TypeScript
/**
|
|
* Copyright (c) HashiCorp, Inc.
|
|
* SPDX-License-Identifier: BUSL-1.1
|
|
*/
|
|
|
|
// This policy can mount a secret engine
|
|
// and list and create oidc keys, relevant for setting identity_key_token for WIF
|
|
export const adminOidcCreateRead = (mountPath: string) => {
|
|
return `
|
|
path "sys/mounts/*" {
|
|
capabilities = ["create", "read", "update", "delete", "list"]
|
|
},
|
|
path "identity/oidc/key/*" {
|
|
capabilities = ["create", "read", "update", "delete", "list"]
|
|
},
|
|
path "${mountPath}/*" {
|
|
capabilities = ["create", "read", "update", "delete", "list"]
|
|
},
|
|
`;
|
|
};
|
|
|
|
// This policy can mount the engine
|
|
// But does not have access to oidc/key list or read
|
|
export const adminOidcCreate = (mountPath: string) => {
|
|
return `
|
|
path "sys/mounts/*" {
|
|
capabilities = ["create", "read", "update", "delete", "list"]
|
|
},
|
|
path "${mountPath}/*" {
|
|
capabilities = ["create", "read", "update", "delete", "list"]
|
|
},
|
|
path "identity/oidc/key/*" {
|
|
capabilities = ["create", "update"]
|
|
},
|
|
`;
|
|
};
|