feat(authorization): query parameter filtering (#3990)

This allows for advanced filtering of the query parameters in ACL's.

Closes #2708

1 files changed, 15 insertions, 7 deletions

diff --git a/internal/configuration/schema/access_control.go b/internal/configuration/schema/access_control.go
index 7b12fe129..79e1c93fa 100644
--- a/internal/configuration/schema/access_control.go
+++ b/internal/configuration/schema/access_control.go
@@ -19,13 +19,21 @@ type ACLNetwork struct {
 
 // ACLRule represents one ACL rule entry.
 type ACLRule struct {
-	Domains      []string        `koanf:"domain"`
-	DomainsRegex []regexp.Regexp `koanf:"domain_regex"`
-	Policy       string          `koanf:"policy"`
-	Subjects     [][]string      `koanf:"subject"`
-	Networks     []string        `koanf:"networks"`
-	Resources    []regexp.Regexp `koanf:"resources"`
-	Methods      []string        `koanf:"methods"`
+	Domains      []string         `koanf:"domain"`
+	DomainsRegex []regexp.Regexp  `koanf:"domain_regex"`
+	Policy       string           `koanf:"policy"`
+	Subjects     [][]string       `koanf:"subject"`
+	Networks     []string         `koanf:"networks"`
+	Resources    []regexp.Regexp  `koanf:"resources"`
+	Methods      []string         `koanf:"methods"`
+	Query        [][]ACLQueryRule `koanf:"query"`
+}
+
+// ACLQueryRule represents the ACL query criteria.
+type ACLQueryRule struct {
+	Operator string `koanf:"operator"`
+	Key      string `koanf:"key"`
+	Value    any    `koanf:"value"`
 }
 
 // DefaultACLNetwork represents the default configuration related to access control network group configuration.