New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature suggestion: ACL username wildcards or regexp? #910
Comments
@arrowcircle not sure if this is what you're looking for, but https://docs.vernemq.com/configuring-vernemq/file-auth#authorization
|
@cmnstmntmn as I understand, this is only for one user. My approach is about multiple users, which usernames start with abc_ |
@arrowcircle did you manage to find a solution to this? |
Hi @arrowcircle I'm not sure yet I fully understand your idea. Could you show some examples of how this would work? |
@larshesel Idea is to use broker for multiple projects with static ACL and external user auth.
|
ok, so I think I understand: based on the username prefix the patterns/rules with that prefix applies are selected? I don't think it's something we'd prioritize building as this seems (to me) a bit too specific for most use cases - anyway if this can be built in a simple and easy to understand way I guess we might accept this as a contribution? What do you think @dergraf @ioolkos |
I think there's a use-case for this |
@jadbaz While this is not possible with the file based ACL file, what you do in other plugins is entirely up to the plugin. That is you could match on ClientID prefixes by adapting the Lua scripts, or by implementing your own plugin hooks or WebHooks. Also note that domain separation can sometimes be done by using different mountpoints (that is 1 mountpoint per domain). |
We were hoping to do authorization based entirely on username and turn off authentication completely |
Thanks again @ioolkos
Is it possible this can be added to the roadmap? |
Jep, I know that one, for some reason 😄 |
Hi! I thought about wildcards for usernames in ACL and it looks like a good idea for me.
Example ACL looks like:
In this case only one ACL entity is generated for a group of users (clients) inside abc prefix.
Is it a good idea?
The text was updated successfully, but these errors were encountered: