add entity lookup to the default policy (#6105)

* add entity lookup to the default policy * only use id for lookup * back in with name
hashicorp · Jan 29, 2019 · e48d759 · e48d759
1 parent de6299c
commit e48d759
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/vault/policy_store.go b/vault/policy_store.go
@@ -84,6 +84,15 @@ path "sys/capabilities-self" {
     capabilities = ["update"]
 }
 
+# Allow a token to look up its own entity by id or name
+path "identity/entity/id/{{identity.entity.id}}" {
+  capabilities = ["read"]
+}
+path "identity/entity/name/{{identity.entity.name}}" {
+  capabilities = ["read"]
+}
+
+
 # Allow a token to look up its resultant ACL from all policies. This is useful
 # for UIs. It is an internal path because the format may change at any time
 # based on how the internal ACL features and capabilities change.