diff --git a/changelog.d/5-internal/pr-2725 b/changelog.d/5-internal/pr-2725 new file mode 100644 index 00000000000..8945a4600fd --- /dev/null +++ b/changelog.d/5-internal/pr-2725 @@ -0,0 +1 @@ +Update nginz and cannon ACLs to match api-versioned paths diff --git a/charts/cannon/conf/static/zauth.acl b/charts/cannon/conf/static/zauth.acl index 9498b8cc43f..8e6d629346e 100644 --- a/charts/cannon/conf/static/zauth.acl +++ b/charts/cannon/conf/static/zauth.acl @@ -1,17 +1 @@ -a (blacklist (path "/provider") - (path "/provider/**") - (path "/bot") - (path "/bot/**") - (path "/i/**")) - -b (whitelist (path "/bot") - (path "/bot/**")) - -p (whitelist (path "/provider") - (path "/provider/**")) - -# LegalHold Access Tokens -la (whitelist (path "/notifications") - (path "/assets/v3/**") - (path "/users") - (path "/users/**")) +a (whitelist (regex "/await")) diff --git a/charts/nginz/static/conf/zauth.acl b/charts/nginz/static/conf/zauth.acl index 3fe4d179e1a..5de1ce5aa19 100644 --- a/charts/nginz/static/conf/zauth.acl +++ b/charts/nginz/static/conf/zauth.acl @@ -1,18 +1,13 @@ -a (blacklist (path "/provider") - (path "/provider/**") - (path "/bot") - (path "/bot/**") - (path "/i/**")) +a (blacklist (regex "(/v[0-9]+)?/provider(/.*)?") + (regex "(/v[0-9]+)?/bot(/.*)?") + (regex "(/v[0-9]+)?/i/.*")) -b (whitelist (path "/bot") - (path "/bot/**")) +b (whitelist (regex "(/v[0-9]+)?/bot(/.*)?")) -p (whitelist (path "/provider") - (path "/provider/**")) +p (whitelist (regex "(/v[0-9]+)?/provider(/.*)?")) # LegalHold Access Tokens -la (whitelist (path "/notifications") - (path "/assets/v3/**") - (path "/users") - (path "/users/**") - (path "/legalhold/conversations/*")) +la (whitelist (regex "(/v[0-9]+)?/notifications") + (regex "(/v[0-9]+)?/assets/v3/.*") + (regex "(/v[0-9]+)?/users(/.*)?") + (regex "(/v[0-9]+)?/legalhold/conversations/[^/]+"))