Templated Policies with Additional Entity Alias Metadata based on Kubernetes Auth Method

We’re looking to simplify our policy creation to take advantage of templating to ensure each Kubernetes pod (with designated service account) would have access to its designated path,
something like:

path “vc_secrets/data/{{identity.entity.metadata.environment}}/{{identity.entity.metadata.cluster}}/{{identity.entity.metadata.app_namespace}}/{{identity.entity.metadata.app_name}}/*” {
capabilities = [“read”]

Based on the entity alias metadata that is available with the Kubernetes auth method, we really only have “service_account_name” and “service_account_namespace” to work with which won’t address the full path we’re trying to define.

Is there a way to create an entity/alias ahead of time for each Kubernetes role we create that could have this additional metadata already set? From what I can tell, an entity is created for each Kubernetes service account that logs in and we don’t want to have to change these all after they’ve already been created.

Any advice or guidance would be greatly appreciated, thanks!

1 Like

We want to achieve the same thing. Did you found a solution for this?