Consul: Add support for wildcards in ACL policies
Please add support for something like this, wildcard syntax (similar to what vault supports) for acls
{"key":{"apps/me/*/whatever":{"Policy":"read"}}}
bitsofinfo
All 5 comments
Could be handy in supporting multiple versions
something like:
"app/v1.1.0/destination", "app/v1.1.1/destination", "app/v1.2.0/destination"
so a policy of "app/*/destination" would just simply be written.
ewah
on 9 May 2017
That would be super useful!
rnsc
on 13 Feb 2018
This is very much needed. Any update?
We want to restrict a token to only see a path and not allow listing other folders. Example,
for a key
/foo/bar/baz.key
Currently we use
key_prefix "" { policy="list" }
and then apply policy write rules on path. This lists all the paths which makes sense why it would.
What we would like is
key_prefix "/foo/bar/*" { policy="write" }
and the user should be able to see just that path in UI. No other paths should show up. Vault policy already supports wildcard. I wonder why consul shouldn't.
bhavyanshu
on 8 Aug 2019
+1 for this, ale looking for possibility to do something like this, now I need to give write access to all keys in order to solve my problem
mesiu84
on 31 Aug 2019
Hello,
A few years later there is still no plan to implement this feature?
Thanks
quentinleclerc
on 13 Oct 2020
Related issues
philsttr
路
3Comments
nschoe
路
4Comments
runswithd6s
路
3Comments
slackpad
路
3Comments
pritam97
路
3Comments
Most helpful comment
Could be handy in supporting multiple versions
something like:
"app/v1.1.0/destination", "app/v1.1.1/destination", "app/v1.2.0/destination"
so a policy of "app/*/destination" would just simply be written.