openstack
/
charm-vault
Code Issues Proposed changes

policy: allow read of metadata for secret backend 

Update policy for secrets backends to allow the metadata about
the backend to be read by remote clients.

This allows the KV store type to be determined.

Change-Id: Iea5d154401ff34e410f5bf5ab6412fe8f8e260b0
This commit is contained in:
James Page 2018-10-18 16:28:31 +01:00
parent 04606d8b67
commit dc477f4d2f
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/lib/charm/vault.py
View File

@ -72,12 +72,18 @@ SECRET_BACKEND_HCL = """
path "{backend}/{hostname}/*" {{
capabilities = ["create", "read", "update", "delete", "list"]
}}
path "sys/internal/ui/mounts/{backend}" {{
capabilities = ["read"]
}}
"""
SECRET_BACKEND_SHARED_HCL = """
path "{backend}/*" {{
capabilities = ["create", "read", "update", "delete", "list"]
}}
path "sys/internal/ui/mounts/{backend}" {{
capabilities = ["read"]
}}
"""
VAULT_LOCALHOST_URL = "http://127.0.0.1:8220"
VAULT_HEALTH_URL = '{vault_addr}/v1/sys/health'