From 0879c92ad4dcc3e8232c20b142872858eb4b26d6 Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <dbd@ehtrace.com>
Date: Wed, 31 Jan 2024 11:55:24 +0100
Subject: [PATCH] Adapt vault.prefix -> vault.root

---
 example/vault/policies/acme-to-vault.hcl | 10 +++++-----
 vault/policies/acme-to-vault.hcl         | 10 +++++-----
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/example/vault/policies/acme-to-vault.hcl b/example/vault/policies/acme-to-vault.hcl
index b658d81..e6638d8 100644
--- a/example/vault/policies/acme-to-vault.hcl
+++ b/example/vault/policies/acme-to-vault.hcl
@@ -1,17 +1,17 @@
-path "kv/data/service/+/certs/*" {
+path "/kv/data/service/+/certs/*" {
   capabilities = ["read","create","update"]
 }
-path "kv/metadata/service/+/certs" {
+path "/kv/metadata/service/+/certs" {
   capabilities = ["list","read"]
 }
 
-path "kv/data/service/acme-to-vault/account/*" {
+path "/kv/data/service/acme-to-vault/account/*" {
   capabilities = ["read","create","update"]
 }
-path "kv/metadata/service/acme-to-vault/account/*" {
+path "/kv/metadata/service/acme-to-vault/account/*" {
   capabilities = ["list","read"]
 }
 
-path "kv/data/service/acme-to-vault" {
+path "/kv/data/service/acme-to-vault" {
   capabilities = ["read"]
 }
diff --git a/vault/policies/acme-to-vault.hcl b/vault/policies/acme-to-vault.hcl
index 764a3c4..bc07e7f 100644
--- a/vault/policies/acme-to-vault.hcl
+++ b/vault/policies/acme-to-vault.hcl
@@ -1,17 +1,17 @@
-path "[[ .vault.prefix ]]kv/data/service/+/certs/*" {
+path "[[ .vault.root ]]kv/data/service/+/certs/*" {
   capabilities = ["read","create","update"]
 }
-path "[[ .vault.prefix ]]kv/metadata/service/+/certs" {
+path "[[ .vault.root ]]kv/metadata/service/+/certs" {
   capabilities = ["list","read"]
 }
 
-path "[[ .vault.prefix ]]kv/data/service/[[ .instance ]]/account/*" {
+path "[[ .vault.root ]]kv/data/service/[[ .instance ]]/account/*" {
   capabilities = ["read","create","update"]
 }
-path "[[ .vault.prefix ]]kv/metadata/service/[[ .instance ]]/account/*" {
+path "[[ .vault.root ]]kv/metadata/service/[[ .instance ]]/account/*" {
   capabilities = ["list","read"]
 }
 
-path "[[ .vault.prefix ]]kv/data/service/[[ .instance ]]" {
+path "[[ .vault.root ]]kv/data/service/[[ .instance ]]" {
   capabilities = ["read"]
 }