From da5a43cacbbb4e59e59e420f682d8bd27067a2da Mon Sep 17 00:00:00 2001
From: Ruben Stein <ruben@rstein.de>
Date: Thu, 23 Jun 2022 10:02:32 +0200
Subject: [PATCH 1/3] documented preflight policy path

Added section describing that newer versions of vault need the preflight check path to be readable.
---
 docs/content/feature/certificate-stores.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/docs/content/feature/certificate-stores.md b/docs/content/feature/certificate-stores.md
index 0ec67881a..d1ed28661 100644
--- a/docs/content/feature/certificate-stores.md
+++ b/docs/content/feature/certificate-stores.md
@@ -192,6 +192,11 @@ certificates are stored, for example:
       path "secret/fabio/cert/*" {
         capabilities = ["read"]
       }
+      
+      #to check for kv version in newer vault instances
+      path "sys/internal/ui/mounts/secret/fabio/certs" {
+        capabilities = ["read"]
+      }
 
 ##### Example
 

From 1dc9df97be535f091515299a5d2ed52dcd772cbc Mon Sep 17 00:00:00 2001
From: Ruben Stein <ruben@rstein.de>
Date: Thu, 23 Jun 2022 11:14:59 +0200
Subject: [PATCH 2/3] Document policy for token renewal

To renew the token, we need yet another policy, this was also missing.
---
 docs/content/feature/certificate-stores.md | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/docs/content/feature/certificate-stores.md b/docs/content/feature/certificate-stores.md
index d1ed28661..3831d1e96 100644
--- a/docs/content/feature/certificate-stores.md
+++ b/docs/content/feature/certificate-stores.md
@@ -193,10 +193,15 @@ certificates are stored, for example:
         capabilities = ["read"]
       }
       
-      #to check for kv version in newer vault instances
+      # To check for kv version in newer vault instances
       path "sys/internal/ui/mounts/secret/fabio/certs" {
         capabilities = ["read"]
       }
+      
+      # Allow our own token to be renewed.
+        path "auth/token/renew-self" {
+        capabilities = ["update"]
+      }
 
 ##### Example
 

From af65eb7614e3c2a1dc5e71d5c677e43e36d9cedf Mon Sep 17 00:00:00 2001
From: Ruben Stein <ruben@rstein.de>
Date: Thu, 23 Jun 2022 11:21:10 +0200
Subject: [PATCH 3/3] Indentation fix

---
 docs/content/feature/certificate-stores.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/content/feature/certificate-stores.md b/docs/content/feature/certificate-stores.md
index 3831d1e96..7897fb514 100644
--- a/docs/content/feature/certificate-stores.md
+++ b/docs/content/feature/certificate-stores.md
@@ -199,7 +199,7 @@ certificates are stored, for example:
       }
       
       # Allow our own token to be renewed.
-        path "auth/token/renew-self" {
+      path "auth/token/renew-self" {
         capabilities = ["update"]
       }