Hi there,
Recently, I worked on implementing something called “Templated ACL policies”. The goal of this implementation was to create a “KV Engine” with a specific path: “/user_secrets/{LDAP_USER}/priv”. This allows a user to access their own secrets in a dynamic path that contains his/her username.
The policy applied was:
path /user_secrets/data/{{identity.entity.aliases.auth_ldap_62a0e103.metadata.name}}/priv/*"
{
capabilities = ["read", "create", "list", "delete", "update"]
}
For example: An {LDAP_USER} logged as johndoe, he belongs to groups=[“admin”, “devops”].
johndoe can [“read”, “create”, “list”, “delete”, “update”] in the path “/user_secrets/data/johndoe/priv/*”.
I need to do the same but with his groups in another KV Engine with path “/groups_secrets/data/{LDAP_GROUP}/priv/*”:
For example: That johndoe can read or list of the path:
“/groups_secrets/data/devops/priv/*”
How Can I do this?
In ACL Policy Path Templating, an option with groups is not specified.
Thanks in advance.