Globs in SSH engine's `allowed_users`


I can;t understand why globs or regular expressions are not supported in the allowed_users parameter of the SSH engine (for security reasons?) . I want to configure a SSH certificate signer role where allowed_users are like,

  "allowed_users_template": true,
  "allowed_users": "{{}}", myprefix-*

But it seems it either has to be a strict string or a generic complete open wildcard (*)


It might simply be that when the functionality was originally being designed, the people involved went with the simplest design to describe and code.

There are, annoyingly, quite a few different implementations of wildcard matching in different parameters throughout Vault :slightly_frowning_face: