infra/tf/bao-policies/k8s-default-sa.hcl

path "test-kv/{{identity.entity.service_account_namespace}}/*" {
    capabilities = ["read"]
}

# Allow a token to manage its own cubbyhole
path "cubbyhole/*" {
    capabilities = ["create", "read", "update", "delete", "list"]
}
use opentofu to configure openbao + other bao fixes 2024-09-10 07:32:41 +00:00			`path "test-kv/{{identity.entity.service_account_namespace}}/*" {`
			`capabilities = ["read"]`
			`}`

			`# Allow a token to manage its own cubbyhole`
			`path "cubbyhole/*" {`
			`capabilities = ["create", "read", "update", "delete", "list"]`
			`}`