Searching and updating HCL for strings in Go

Question

Hey guys I ran into a road block trying to figure out how to search all our service/policy_names to ensure that they have certain capabilities.

Lets say I have a vault policy like the following

bash-4.4$ vault policy read service/admin
# Token policies
path "/auth/token/create" {
    capabilities = ["create", "update", "sudo"]
}

path "/auth/token/lookup" {
    capabilities = ["create", "update"]
}

path "/auth/token/renew" {
    capabilities = ["create", "update"]
}

path "/auth/token/revoke" {
    capabilities = ["create", "update"]
}

# View system policies
path "/sys/policy" {
    capabilities = ["read"]
}

# Allow full access to interact with all secrets
path "secret/*" {
    capabilities = ["create", "read", "update", "delete", "list"]
}

I'm attempting to scan through each policy and if the path does not have the correct capabilities, create a new file with the correct capabilities and save it. I got stuck at trying to scan each path and am a bit put out. Hopefully someone can help or recommend a saner method. The above would be save to a new file service_admin.hcl and look like the following

bash-4.4$ less service_admin.hcl
# Token policies
path "/auth/token/create" {
    capabilities = ["create", "read", "update", "delete", "list"]
}

path "/auth/token/lookup" {
    capabilities = ["create", "read", "update", "delete", "list"]
}

path "/auth/token/renew" {
    capabilities = ["create", "read", "update", "delete", "list"]
}

path "/auth/token/revoke" {
    capabilities = ["create", "read", "update", "delete", "list"]
}

# View system policies
path "/sys/policy" {
    capabilities = ["create", "read", "update", "delete", "list"]
}

# Allow full access to interact with all secrets
path "secret/*" {
    capabilities = ["create", "read", "update", "delete", "list"]
}

The code that I have so far is below, i chose go because I thought the HCL library would help me but I'm struggling to use it.

package main

import (
   "github.com/hashicorp/vault/api"
   "log"
   "regexp"
)

func main() {
   cfg := api.DefaultConfig()
   cfg.Address = "http://localhost:8200"

   client, err := api.NewClient(cfg)
   if err != nil {
      log.Fatal(err)
   }

   client.SetToken("xxx")

   policies, err := client.Sys().ListPolicies()
   if err != nil {
      log.Fatal(err)
   }


   var listPolicies []string
   for _, policy := range policies {
      matched, _ := regexp.MatchString("^service", policy)
      if matched {
         listPolicies = append(listPolicies, policy)
      }
   }

   for _, policy := range listPolicies {
      policyContents, _ := client.Sys().GetPolicy(policy)

      // parse := hcl.Parse(policyContents) // ????
      // Does each `path` have `capabilities = ["create", "read", "update", "delete", "list"]`
      log.Println(policyContents)

      break
   }
}