Our application wants to allow users to create policies, but we want to add constraints to the policy they can create.
For example, any logged in user is tied to this policy app-user, so users can create policies with the name with their entity_id as the prefix.
path "sys/policy/{{identity.entity.id}}_*" {
capabilities = [ "create", "read", "update", "delete", "list" ]
}
We want the polices they can create are just to grant access to the keys saved in their entity_id folder (these polices are created automatically by the application. ), such as a policy called adab33b7-ce54-d555-c97d-9dc007e9ece9_dataset1
path "secret/data/adab33b7-ce54-d555-c97d-9dc007e9ece9/dataset1" {
capabilities = ["read"]
}
I know we can add allowed_paramters in the app-user policy for the path "sys/policy/{{identity.entity.id}}_*", but neither templating or regular expression are supported in the value of allowed_paramters.
Do you have any idea of how we can do it?