diff options
| author | James Elliott <james-d-elliott@users.noreply.github.com> | 2022-04-01 22:38:49 +1100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-04-01 22:38:49 +1100 |
| commit | 3c1bb3ec1983e38f7d8ee3aa664c30521e12b5ff (patch) | |
| tree | 7f745c3c3e0e287ef2bb527c84d0e12a5939b663 /internal/configuration/schema/access_control.go | |
| parent | 0116506330822f0dac159004aedc056884e7ceed (diff) | |
feat(authorization): domain regex match with named groups (#2789)
This adds an option to match domains by regex including two special named matching groups. User matches the username of the user, and Group matches the groups a user is a member of. These are both case-insensitive and you can see examples in the docs.
Diffstat (limited to 'internal/configuration/schema/access_control.go')
| -rw-r--r-- | internal/configuration/schema/access_control.go | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/internal/configuration/schema/access_control.go b/internal/configuration/schema/access_control.go index b251e85ed..7b12fe129 100644 --- a/internal/configuration/schema/access_control.go +++ b/internal/configuration/schema/access_control.go @@ -1,5 +1,9 @@ package schema +import ( + "regexp" +) + // AccessControlConfiguration represents the configuration related to ACLs. type AccessControlConfiguration struct { DefaultPolicy string `koanf:"default_policy"` @@ -7,20 +11,21 @@ type AccessControlConfiguration struct { Rules []ACLRule `koanf:"rules"` } -// ACLNetwork represents one ACL network group entry; "weak" coerces a single value into slice. +// ACLNetwork represents one ACL network group entry. type ACLNetwork struct { Name string `koanf:"name"` Networks []string `koanf:"networks"` } -// ACLRule represents one ACL rule entry; "weak" coerces a single value into slice. +// ACLRule represents one ACL rule entry. type ACLRule struct { - Domains []string `koanf:"domain"` - Policy string `koanf:"policy"` - Subjects [][]string `koanf:"subject"` - Networks []string `koanf:"networks"` - Resources []string `koanf:"resources"` - Methods []string `koanf:"methods"` + Domains []string `koanf:"domain"` + DomainsRegex []regexp.Regexp `koanf:"domain_regex"` + Policy string `koanf:"policy"` + Subjects [][]string `koanf:"subject"` + Networks []string `koanf:"networks"` + Resources []regexp.Regexp `koanf:"resources"` + Methods []string `koanf:"methods"` } // DefaultACLNetwork represents the default configuration related to access control network group configuration. |