| Age | Commit message (Collapse) | Author |
|---|
|
This adds reusable definitions into the mix for the configuration. This replaces the existing networks section for the access_control section and is automatically remapped for users.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Per our standard review process this adjusts the appropriate elements detected during the review.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
Adds a JSON Schema for the configuration, user database, and most exports.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
This adds support to adjust the authorization policy on specific clients per subject in a reusable way.
Closes #2621
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
|
|
This allows for advanced filtering of the query parameters in ACL's.
Closes #2708
|
|
This adds an option to match domains by regex including two special named matching groups. User matches the username of the user, and Group matches the groups a user is a member of. These are both case-insensitive and you can see examples in the docs.
|
|
This commit replaces github.com/spf13/viper with github.com/knadh/koanf. Koanf is very similar library to viper, with less dependencies and several quality of life differences. This also allows most config options to be defined by ENV. Lastly it also enables the use of split configuration files which can be configured by setting the --config flag multiple times.
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
|
|
* adjust session refresh to always occur (for disabled users)
* feat: adds filtering option for Request Method in ACL's
* simplify flow of internal/authorization/authorizer.go's methods
* implement query string checking
* utilize authorizer.Object fully
* make matchers uniform
* add tests
* add missing request methods
* add frontend enhancements to handle request method
* add request method to 1FA Handler Suite
* add internal ACL representations (preparsing)
* expand on access_control next
* add docs
* remove unnecessary slice for network names and instead just use a plain string
* add warning for ineffectual bypass policy (due to subjects)
* add user/group wildcard support
* fix(authorization): allow subject rules to match anonymous users
* feat(api): add new params
* docs(api): wording adjustments
* test: add request method into testing and proxy docs
* test: add several checks and refactor schema validation for ACL
* test: add integration test for methods acl
* refactor: apply suggestions from code review
* docs(authorization): update description
|
|
* [MISC] Validate all sections of ACLs on startup
This change ensure that all sections of the `access_control` key are validated on startup.
* Change error format to clearly identify values
|
|
* adds validation to ACL's
* adds a new networks section that can be used as aliases in other sections (currently access_control)
|
|
|
|
* [CI] Add goconst linter
* Implement goconst recommendations
* Rename defaultPolicy to denyPolicy
* Change order for test constants
Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
|
|
Co-authored-by: Clément Michaud <clement.michaud34@gmail.com>
|
|
* added support for listing multiple domains and multiple subjects
* updated documentation to show use of multiple domains and subjects
* updated config.template.yml to display multiple domains as a list
* updated config.template.yml to display multiple subjects as a list
* updated docs/configuration/access-control.md to display multiple domains as a list
* updated docs/configuration/access-control.md to display multiple subjects as a list
* removed redundant check that always returned true
* Commentary definition for `weak`
|
|
|
|
https://github.com/golang-standards/project-layout
|
