You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello,
We activated the namespace restriction feature with regex support.
We are not able to use strict regular expressions because you "normalize" the regex by adding the ARN prefix.
It prevents us to totally master our regular expressions.
By example, for the role "arn:aws:iam::12345678912:role/path_of_my_role/MyRole" we are not able to use the regex "^arn:aws:iam::12345678912:role/path_of_my_role/MyRole$". It is also not possible to use the regex "MyRole".
As you normalize the regex, in fact, it protects against some security issues but this should be at least documented through a note.
Hello,
We activated the namespace restriction feature with regex support.
We are not able to use strict regular expressions because you "normalize" the regex by adding the ARN prefix.
It prevents us to totally master our regular expressions.
By example, for the role "arn:aws:iam::12345678912:role/path_of_my_role/MyRole" we are not able to use the regex "^arn:aws:iam::12345678912:role/path_of_my_role/MyRole$". It is also not possible to use the regex "MyRole".
As you normalize the regex, in fact, it protects against some security issues but this should be at least documented through a note.
kube2iam/mappings/mapper.go
Line 109 in 23686dd
Thank you
The text was updated successfully, but these errors were encountered: