Uploaded image for project: 'Ranger'
  1. Ranger
  2. RANGER-1949

KMS getKeys should filter based on name policy

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: kms
    • Labels:
      None

      Description

      Currently when there are policies that limit users to certain keys, such as "pii*" those users can't call KMS.getKeyNames() even if they have the "getkeys" permission.

      This is because the method passes a null down for the key name, which will only match if the user can see all keys. A much better solution would be to filter each key individually and just returns the ones that should be visible. So if they have permission to see "pii*" and the keys were

      {"pii", "pii256", and "secret"}

      they would get back a list of "pii" and "pii256".

        Attachments

          Activity

            People

            • Assignee:
              zsombor Zsombor Gegesy
              Reporter:
              owen.omalley Owen O'Malley
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: