Hey
I was trying to implement a generic rule that will allow each Kubernetes service to access it’s own path. This is what I tried:
path "secret/services/k8s/{{identity.entity.metadata.metadata.service_account_namespace}}/{{identity.entity.metadata.metadata.service_account_name}}/*" {
// Do not allow services to write, create or delete secrets
capabilities = ["read"]
}
But this does not work - anyone managed to write such a generic policy that works?
Thanks dude! I’ve been struggling with this too for a while, there’s no guide anywhere and didn’t know how to test or see what properties does the identity.entity… object has.