chrishoffman/policy_test.sh

## policy_test.sh
#!/bin/bash

cat > policy1.hcl <<EOF
path "secret/data/nemo/dev-master/*"
{
  capabilities = ["read", "list", "create", "update", "delete"]
}
EOF

cat > policy2.hcl <<EOF
path "secret/*"
{
  capabilities = ["read", "list"]
}
EOF

export TMPTOKEN1=$(vault token create -format=json -policy=policy1 | jq -r .auth.client_token)
export TMPTOKEN2=$(vault token create -format=json -policy=policy1 -policy=policy2 | jq -r .auth.client_token)

echo "Should error:"
VAULT_TOKEN=$TMPTOKEN1 vault kv get secret/ab

## write date with root token
vault kv put secret/nemo/dev-master/abc a=b > /dev/null

echo "Should work:"
VAULT_TOKEN=$TMPTOKEN1 vault kv get secret/nemo/dev-master/abc
	#!/bin/bash

	cat > policy1.hcl <<EOF
	path "secret/data/nemo/dev-master/*"
	{
	capabilities = ["read", "list", "create", "update", "delete"]
	}
	EOF

	cat > policy2.hcl <<EOF
	path "secret/*"
	{
	capabilities = ["read", "list"]
	}
	EOF

	export TMPTOKEN1=$(vault token create -format=json -policy=policy1 \| jq -r .auth.client_token)
	export TMPTOKEN2=$(vault token create -format=json -policy=policy1 -policy=policy2 \| jq -r .auth.client_token)

	echo "Should error:"
	VAULT_TOKEN=$TMPTOKEN1 vault kv get secret/ab

	## write date with root token
	vault kv put secret/nemo/dev-master/abc a=b > /dev/null

	echo "Should work:"
	VAULT_TOKEN=$TMPTOKEN1 vault kv get secret/nemo/dev-master/abc