Globs in SSH engine's `allowed_users`

Vault
1

Hi,

I can;t understand why globs or regular expressions are not supported in the allowed_users parameter of the SSH engine (for security reasons?) . I want to configure a SSH certificate signer role where allowed_users are like,

  "allowed_users_template": true,
  "allowed_users": "{{identity.entity.aliases.auth_ldap_bla_blah_blah.name}}", myprefix-*

But it seems it either has to be a strict string or a generic complete open wildcard (*)

Thoughts?

2

It might simply be that when the functionality was originally being designed, the people involved went with the simplest design to describe and code.

There are, annoyingly, quite a few different implementations of wildcard matching in different parameters throughout Vault :slightly_frowning_face: