From dc477f4d2fc9d11b793a2b9920f817ace874729a Mon Sep 17 00:00:00 2001
From: James Page <james.page@ubuntu.com>
Date: Thu, 18 Oct 2018 16:28:31 +0100
Subject: [PATCH] policy: allow read of metadata for secret backend

Update policy for secrets backends to allow the metadata about
the backend to be read by remote clients.

This allows the KV store type to be determined.

Change-Id: Iea5d154401ff34e410f5bf5ab6412fe8f8e260b0
---
 src/lib/charm/vault.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/lib/charm/vault.py b/src/lib/charm/vault.py
index 1e0d38b..f7fadda 100644
--- a/src/lib/charm/vault.py
+++ b/src/lib/charm/vault.py
@@ -72,12 +72,18 @@ SECRET_BACKEND_HCL = """
 path "{backend}/{hostname}/*" {{
   capabilities = ["create", "read", "update", "delete", "list"]
 }}
+path "sys/internal/ui/mounts/{backend}" {{
+  capabilities = ["read"]
+}}
 """
 
 SECRET_BACKEND_SHARED_HCL = """
 path "{backend}/*" {{
   capabilities = ["create", "read", "update", "delete", "list"]
 }}
+path "sys/internal/ui/mounts/{backend}" {{
+  capabilities = ["read"]
+}}
 """
 VAULT_LOCALHOST_URL = "http://127.0.0.1:8220"
 VAULT_HEALTH_URL = '{vault_addr}/v1/sys/health'