From 34ecf7fd28671e7e9caf7567b3dc9a14389e4dc3 Mon Sep 17 00:00:00 2001
From: Masaki Yatsu <yatsu@yatsu.info>
Date: Fri, 19 Sep 2025 15:20:45 +0900
Subject: [PATCH] fix(jupyterhub): fix vault policies

---
 jupyterhub/jupyterhub-admin-policy.hcl | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/jupyterhub/jupyterhub-admin-policy.hcl b/jupyterhub/jupyterhub-admin-policy.hcl
index 348f52d..a163f10 100644
--- a/jupyterhub/jupyterhub-admin-policy.hcl
+++ b/jupyterhub/jupyterhub-admin-policy.hcl
@@ -34,16 +34,26 @@ path "auth/token/renew-self" {
   capabilities = ["update"]
 }
 
-# Create user-specific policies dynamically
+# Create user-specific policies dynamically (new API)
 path "sys/policies/acl/jupyter-user-*" {
   capabilities = ["create", "read", "update", "delete"]
 }
 
-# Read user policies to allow token creation with these policies
+# Create user-specific policies dynamically (old API for hvac compatibility)
+path "sys/policy/*" {
+  capabilities = ["create", "read", "update", "delete", "sudo"]
+}
+
+# Read user policies to allow token creation with these policies (new API)
 path "sys/policies/acl/*" {
   capabilities = ["read", "list"]
 }
 
+# Read user policies to allow token creation with these policies (old API for hvac compatibility)
+path "sys/policy/*" {
+  capabilities = ["read", "list"]
+}
+
 # System capabilities check
 path "sys/capabilities-self" {
   capabilities = ["read"]