From ac1d3c16df8eee256964f21c9b973b6da20fd878 Mon Sep 17 00:00:00 2001
From: ducoterra <ducoterra@gmail.com>
Date: Sun, 18 Jul 2021 21:17:19 -0400
Subject: [PATCH] Give ducoterra access to ssh key signing

ducoterra can now sign ssh keys.
---
 policies/ducoterra.hcl | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/policies/ducoterra.hcl b/policies/ducoterra.hcl
index c3d49e2..eba7899 100644
--- a/policies/ducoterra.hcl
+++ b/policies/ducoterra.hcl
@@ -14,10 +14,18 @@ path "dnet_inter/*" {
     capabilities = ["create", "read", "update", "delete", "list"]
 }
 
-path "ssh-client-signer/*" {
+path "ssh-client-signer/sign/*" {
     capabilities = ["create", "read", "update", "delete", "list"]
 }
 
-path "ssh-host-signer/*" {
+path "ssh-client-signer/roles/*" {
+    capabilities = ["create", "read", "update", "delete", "list"]
+}
+
+path "ssh-host-signer/sign/*" {
+    capabilities = ["create", "read", "update", "delete", "list"]
+}
+
+path "ssh-host-signer/roles/*" {
     capabilities = ["create", "read", "update", "delete", "list"]
 }