# Allow administration of Kubernetes authentication backend
---
rules:
  - path: "auth/k8s/au/syd1/config"
    capabilities:
      - create
      - update
      - read
      - delete
  - path: "auth/k8s/au/syd1/role/*"
    capabilities:
      - create
      - update
      - read
      - delete
      - list
  - path: "auth/k8s/au/syd1/role"
    capabilities:
      - list

auth:
  approle:
    - tf_vault