-
Notifications
You must be signed in to change notification settings - Fork 9.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature request wildcards in "grant-permission" for roles #7951
Comments
@bbruun #5896 is asking for arbitrary pattern matching wildcards (e.g., $ etcdctl role grant-permission myrolename --prefix=true read /foo/ which grants the role |
Argh - RTFM fully and you will be enlightend. Though I would then ask this issue to be a documentation request/update to make it easyer to spot the --prefix usage or have a "From v2 to v3 differences". Currently "--prefix" is only documented as example usage of the gran-permission in a code block, not the actual documentation. |
Are there any plans to add wildcard support for roles like in v2 ?
I've seen the issue #5896 where the feature was also missing, but the issue closed by the requester as (s)he didn't need it here and now even though it was politely asked if it was a feature the requester would like added to etcd.
I'm asking as after having setup etcd v3 and wanting to secure it beyond the root user which works just fine with any key you can imagine I'm hit with a very simple irritating "missing feature"/implementation:
As per v2 (https://coreos.com/etcd/docs/latest/v2/authentication.html) there are wildcard grants to roles, but not in v3 (https://github.com/coreos/etcd/blob/master/Documentation/op-guide/authentication.md).
Are there any plans to add wildcard support for roles like in v2 where it would be possible to create roles with wildcards grants for keys (or directories) so use for misc applications eg "/app1/" for the app1 user and "/app2/" for the app2 user etc. without the need to grant read/write/readwrite permission for all keys before app1 or app2 starts using etcd?
I'm asking because I fail to understand the limitations put on the grant scheme in v3 vs v2 except as a speed limitation if wildcards are used for which I can understand it, but not from a usage point of etcd.
The text was updated successfully, but these errors were encountered: