diff --git a/api/ephemeral-access/v1alpha1/roletemplate_types.go b/api/ephemeral-access/v1alpha1/roletemplate_types.go
index 345966b..01fd9c2 100644
--- a/api/ephemeral-access/v1alpha1/roletemplate_types.go
+++ b/api/ephemeral-access/v1alpha1/roletemplate_types.go
@@ -87,21 +87,15 @@ func (rt *RoleTemplate) Render(projName, appName, appNs string) (*RoleTemplate,
 }
 
 func (rt *RoleTemplate) execTemplate(tmpl *template.Template, projName, appName, appNs string) (string, error) {
-	type vars struct {
-		Role        string
-		Project     string
-		Application string
-		Namespace   string
-	}
 	roleName := rt.AppProjectRoleName(appName, appNs)
-	v := vars{
-		Role:        fmt.Sprintf("proj:%s:%s", projName, roleName),
-		Project:     projName,
-		Application: appName,
-		Namespace:   appNs,
+	vars := map[string]string{
+		"role":        fmt.Sprintf("proj:%s:%s", projName, roleName),
+		"project":     projName,
+		"application": appName,
+		"namespace":   appNs,
 	}
 	var s strings.Builder
-	err := tmpl.Execute(&s, v)
+	err := tmpl.Execute(&s, vars)
 	if err != nil {
 		return "", err
 	}
diff --git a/internal/controller/accessrequest_controller_test.go b/internal/controller/accessrequest_controller_test.go
index 24bef51..2b9dba3 100644
--- a/internal/controller/accessrequest_controller_test.go
+++ b/internal/controller/accessrequest_controller_test.go
@@ -155,10 +155,10 @@ var _ = Describe("AccessRequest Controller", func() {
 		var f *fixture
 		var r resources
 		policies := []string{
-			"p, {{.Role}}, applications, sync, {{.Project}}/{{.Application}}, allow",
-			"p, {{.Role}}, applications, action/*, {{.Project}}/{{.Application}}, allow",
-			"p, {{.Role}}, applications, delete/*/Pod/*, {{.Project}}/{{.Application}}, allow",
-			"p, {{.Role}}, logs, get, {{.Project}}/{{.Namespace}}/{{.Application}}, allow",
+			"p, {{.role}}, applications, sync, {{.project}}/{{.application}}, allow",
+			"p, {{.role}}, applications, action/*, {{.project}}/{{.application}}, allow",
+			"p, {{.role}}, applications, delete/*/Pod/*, {{.project}}/{{.application}}, allow",
+			"p, {{.role}}, logs, get, {{.project}}/{{.namespace}}/{{.application}}, allow",
 		}
 
 		When("The subject has the necessary access", func() {
@@ -278,10 +278,10 @@ var _ = Describe("AccessRequest Controller", func() {
 		var f *fixture
 		var r resources
 		policies := []string{
-			"p, {{.Role}}, applications, sync, {{.Project}}/{{.Application}}, allow",
-			"p, {{.Role}}, applications, action/*, {{.Project}}/{{.Application}}, allow",
-			"p, {{.Role}}, applications, delete/*/Pod/*, {{.Project}}/{{.Application}}, allow",
-			"p, {{.Role}}, logs, get, {{.Project}}/{{.Namespace}}/{{.Application}}, allow",
+			"p, {{.role}}, applications, sync, {{.project}}/{{.application}}, allow",
+			"p, {{.role}}, applications, action/*, {{.project}}/{{.application}}, allow",
+			"p, {{.role}}, applications, delete/*/Pod/*, {{.project}}/{{.application}}, allow",
+			"p, {{.role}}, logs, get, {{.project}}/{{.namespace}}/{{.application}}, allow",
 		}
 
 		When("protected fields values change after applied", func() {
@@ -383,10 +383,10 @@ var _ = Describe("AccessRequest Controller", func() {
 		var f *fixture
 		var r resources
 		policies := []string{
-			"p, {{.Role}}, applications, sync, {{.Project}}/{{.Application}}, allow",
-			"p, {{.Role}}, applications, action/*, {{.Project}}/{{.Application}}, allow",
-			"p, {{.Role}}, applications, delete/*/Pod/*, {{.Project}}/{{.Application}}, allow",
-			"p, {{.Role}}, logs, get, {{.Project}}/{{.Namespace}}/{{.Application}}, allow",
+			"p, {{.role}}, applications, sync, {{.project}}/{{.application}}, allow",
+			"p, {{.role}}, applications, action/*, {{.project}}/{{.application}}, allow",
+			"p, {{.role}}, applications, delete/*/Pod/*, {{.project}}/{{.application}}, allow",
+			"p, {{.role}}, logs, get, {{.project}}/{{.namespace}}/{{.application}}, allow",
 		}
 
 		When("used by multiple AccessRequests", func() {