Hello,
I would like some help. I try to create this architecture:
token => alias => entity => policies => kv
The first step seeams be ok (token => alias => entity). But I have e problème with policies. I want template policies like this:
path "client_kv/data/{{ identity.entity.metadata.service_name }}/*" {
capabilities = ["read", "list"]
}
service_name is a metadata in entity but that not work. Do you have e suggestion ?
Here, a part of my code:
func (v *VClient) createEntity(service string) (canonI string) {
// Create or Get entity ID
log.Println("Created or get info entitie for =>", service)
entitieName := "entitie_customer_" + service
var canonId string
if _, ok := v.EntitiesList[entitieName]; ok {
entitie, _ := v.vaultClient.Identity.EntityReadByName(v.ctx, entitieName)
canonId = entitie.Data["id"].(string)
} else {
result, err := v.vaultClient.Identity.EntityCreate(v.ctx, schema.EntityCreateRequest{
Name: entitieName,
Metadata: map[string]interface{}{"service_name": service, "type": "entitie"},
Policies: []string{"customer_default", "default"},
})
if err != nil {
panic(err)
}
v.EntitiesList[entitieName] = true
canonId = result.Data["id"].(string)
}
return canonId
}
func (v *VClient) createAlias(service, canonId string) {
log.Println("Created alias for =>", service)
_, err := v.vaultClient.Identity.EntityCreateAlias(v.ctx, schema.EntityCreateAliasRequest{
Name: "alias_" + service,
CanonicalId: canonId,
MountAccessor: santeclair_kv_accessor,
CustomMetadata: map[string]interface{}{"service_name": service, "type": "alias"},
})
if err != nil {
panic(err)
}
}
Best regards,
Nicolas