Enhancement request: Support dynamic policy names

[sielaq]

Hi,

First of all, thank you for the project.

Idea is to not to maintain the gatekeeper secret/gatekeeper
whenever new micro-service is being created. And make the defaults like this:

   "*": {
        "multi_fetch": true,
        "num_uses": 0,
        "policies": [
            "{{ name }}",
            "default"
        ],
        "ttl": 3000
    }

So based on above example, the gatekeeper, is going to know that service is allowed to use default policy and {{ name }} policy - which is recognized/translated as real name of the service in the end.

This gonna be a killer feature that makes policy handling much easier and will not require policy reloads.

[nemosupremo]

The latest version of Gatekeeper ended up switching to App Roles. The new format of the secret policy is like this:

{
	"mesos:*":{
		"roles":["sample"],
		"num_uses":1
	}
}

Where roles is an AppRole you have defined in vault. Now the {{name}} template does now work, so you could define your policy like this:

{
	"mesos:marathon:*":{
		"roles":["{{name}}"],
		"num_uses":1
	}
}

And Gatekeeper will attempt to use the task name as the role. However, you still need to make sure the role exists in Vault before launching the task. Unlike policies, trying to create a token with an unknown role will result in an error - meaning the operator still has to do some work before a new task is launched.