API-management permissions on sharedflows using wildcards is not working

Former Community Member
Not applicable

I set sharedflows permissions using prefix a wildcard.. it does not seem working as expected.

My custom role’s permissions on sharedflows:

[ {
  "organization" : "myorg",
  "path" : "/sharedflows",
  "permissions" : [ "put", "get" ]
}, {
  "organization" : "myorg",
  "path" : "/sharedflows/*",
  "permissions" : [ "get" ]
}, {
  "organization" : "myorg",
  "path" : "/sharedflows/myprefix*",
  "permissions" : [ "put", "delete", "get" ]
} ]

I am using an user which belong to my custom-role and every time I create a new sharedflow (using a prefix myprefix-XXXX)

I am not able to Edit/Delete the new sharedflows (all of them starts with myprefix).

I was expecting that based on current permissions on "/sharedflows/myprefix*" resources, I should be able to edit & delete my new sharedflows.

Did I misunderstand the wild cards behavior?

Am I doing something wrong ?

I am using RELEASE_ID=4.17.09.00

1 4 329
4 REPLIES 4

Yes, you are doing something wrong.

The patterns for permissions do not allow prefixes.

This is not going to do what you would like it to do:

 "path" : "/sharedflows/myprefix*",

You can do this:

 "path" : "/sharedflows/*",

or you can do a set of entries like this:

 "path" : "/sharedflows/mysharedflowname",

But you cannot do wildcard matching with prefixes. Sorry!

I know it would be really nice to have that feature.

Hello @Dino-at-Google

Is there any plan to have this feature enabled? This is more than helpful! (not only on shared flow, but proxies, kvms, etc....)

Thanks

Arnaud

Is this feature anywhere in the pipeline. 🙂

michaelveit
Participant III

It seems to work properly, we already use it. Don't care about the syntax, we are feeding the permissions from YAML in SpringBoot. 🙂

In this way we prevent the user to modify any "Platform-*" named shared flow, but allow him to deploy them.

However, we were not able to prevent the user creating a new "Platform-*" shared flow, as it's put ton /sharedflows with query parameters. We tried to include query parameter in the path like "/sharedflows?name=Platform-*", but THAT part does not work.

- path: /sharedflows
  permissions: get,put
- path: /sharedflows/*
  permissions: get,delete
- path: /sharedflows/Platform-*
  permissions: get
- path: /sharedflows/*/deployments
  permissions: get
- path: /sharedflows/*/revisions
  permissions: get
- path: /sharedflows/*/revisions/*
  permissions: get,put,delete
- path: /sharedflows/Platform-*/revisions/*
  permissions: get
- path: /sharedflows/*/revisions/*/deployments
  permissions: get,delete
- path: /sharedflows/Platform-*/revisions/*/deployments
  permissions: get
- path: /environments/*/sharedflows/*/revisions/*/deployments
  permissions: put,delete