You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The second component of AWS endpoints is the region. It would be nice not to need to spell out every single region like access-analyzer.us-west-2.amazonaws.com, ... and in particular it would be nice not to need to update this or deal with breakage when new regions are added.
Today Smokescreen seems to intentionally deny globs other than as a single component at the start of a domain:
returnfmt.Errorf("%v: %v: domain glob must represent a full prefix (sub)domain", svc, glob)
}
domainToCheck:=strings.TrimPrefix(glob, "*")
ifstrings.Contains(domainToCheck, "*") {
returnfmt.Errorf("%v: %v: domain globs are only supported as prefix", svc, glob)
}
(At least it gives a clear error!)
I don't know why this was added, perhaps there was a concern that globs within a domain might be misused or confusing? But I think there are also legitimate cases, and it doesn't seem like it would be too hard to support technically.
I can also imagine people wanting to allow *.*.amazonaws.com.
The text was updated successfully, but these errors were encountered:
I would like to allowlist the pattern
The second component of AWS endpoints is the region. It would be nice not to need to spell out every single region like
access-analyzer.us-west-2.amazonaws.com, ...
and in particular it would be nice not to need to update this or deal with breakage when new regions are added.Today Smokescreen seems to intentionally deny globs other than as a single component at the start of a domain:
smokescreen/pkg/smokescreen/acl/v1/acl.go
Lines 246 to 266 in bffe947
I don't know why this was added, perhaps there was a concern that globs within a domain might be misused or confusing? But I think there are also legitimate cases, and it doesn't seem like it would be too hard to support technically.
I can also imagine people wanting to allow
*.*.amazonaws.com
.The text was updated successfully, but these errors were encountered: