Hello,
We activated the namespace restriction feature with regex support.
We are not able to use strict regular expressions because you "normalize" the regex by adding the ARN prefix.
It prevents us to totally master our regular expressions.
By example, for the role "arn:aws:iam::12345678912:role/path_of_my_role/MyRole" we are not able to use the regex "^arn:aws:iam::12345678912:role/path_of_my_role/MyRole$". It is also not possible to use the regex "MyRole".
As you normalize the regex, in fact, it protects against some security issues but this should be at least documented through a note.
https://github.com/jtblin/kube2iam/blob/23686dd7a505ced732dd7c8492a26a284167fdd8/mappings/mapper.go#L109
Thank you
Hello, We activated the namespace restriction feature with regex support. We are not able to use strict regular expressions because you "normalize" the regex by adding the ARN prefix. It prevents us to totally master our regular expressions. By example, for the role "arn:aws:iam::12345678912:role/path_of_my_role/MyRole" we are not able to use the regex "^arn:aws:iam::12345678912:role/path_of_my_role/MyRole$". It is also not possible to use the regex "MyRole". As you normalize the regex, in fact, it protects against some security issues but this should be at least documented through a note. https://github.com/jtblin/kube2iam/blob/23686dd7a505ced732dd7c8492a26a284167fdd8/mappings/mapper.go#L109 Thank you