Feature request wildcards in "grant-permission" for roles

[bbruun]

Are there any plans to add wildcard support for roles like in v2 ?

I've seen the issue #5896 where the feature was also missing, but the issue closed by the requester as (s)he didn't need it here and now even though it was politely asked if it was a feature the requester would like added to etcd.

I'm asking as after having setup etcd v3 and wanting to secure it beyond the root user which works just fine with any key you can imagine I'm hit with a very simple irritating "missing feature"/implementation:

As per v2 (https://coreos.com/etcd/docs/latest/v2/authentication.html) there are wildcard grants to roles, but not in v3 (https://github.com/coreos/etcd/blob/master/Documentation/op-guide/authentication.md).

Are there any plans to add wildcard support for roles like in v2 where it would be possible to create roles with wildcards grants for keys (or directories) so use for misc applications eg "/app1/" for the app1 user and "/app2/" for the app2 user etc. without the need to grant read/write/readwrite permission for all keys before app1 or app2 starts using etcd?

I'm asking because I fail to understand the limitations put on the grant scheme in v3 vs v2 except as a speed limitation if wildcards are used for which I can understand it, but not from a usage point of etcd.

[heyitsanthony]

@bbruun #5896 is asking for arbitrary pattern matching wildcards (e.g., /app/*.txt), but v2 only supports prefix wildcarding (e.g., /app/*). The v3 authentication guide has a prefixing example:

$ etcdctl role grant-permission myrolename --prefix=true read /foo/

which grants the role myrolename read permissions on /foo/*

[bbruun]

Argh - RTFM fully and you will be enlightend.

Though I would then ask this issue to be a documentation request/update to make it easyer to spot the --prefix usage or have a "From v2 to v3 differences".

Currently "--prefix" is only documented as example usage of the gran-permission in a code block, not the actual documentation.