Allow to define access to DBs/collections by prefix or pattern.
Please extend ACL to support prefixes (or regex) in the database name/collection.
Currently only allowed ALL (when empty string provided) or exact db/collection matching when provided.
Use case: Several services are using the same cluster but need to be isolated. Every service can get readWriteAnyDatabase but only to databases prefixed by some prefix.
Services need to create new databases on the fly, so it is not possible to define a list of databases upfront.
For example - rwRoleForService1 allows "update", "insert", and "remove" operations only on databases prefixed by "service1-" (sevice1-db1, sevice1-db2, ....)
{
role: "rwRoleForService1",
privileges: [
{
{ resource: { db: "service1-", collection: "", dbPatternType: PREFIX },
actions: [ "update", "insert", "remove" ] },
},
...
],
...
}
dbPatternType/collectionPatternType can be:
LITERAL (by default) - A literal resource name.
PREFIX - A prefixed resource name.
REGEX - Will perform pattern matching.