public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
oauth2-proxy/pkg/apis/options/authorization.go

58 lines
2.1 KiB
Go
Raw Blame History

package options
// AuthorizationPolicy is an enumeration of different authorization rule
// policies. Each policy determines a different action for a matching rule.
type AuthorizationPolicy string
const (
// AllowPolicy when used, with a matching authorization rule, allows the
// request without further authorization.
AllowPolicy AuthorizationPolicy = "Allow"
// DelegatePolicy when used, with a matching authorization rule, delegates
// the authorization to the session based authorization.
// This can only be used with request based authorization rules.
DelegatePolicy AuthorizationPolicy = "Delegate"
// DenyPolicy when used, with a matching authorization rule, denies the
// request without further authorization.
DenyPolicy AuthorizationPolicy = "Deny"
)
// Authorization contains fields to allow configuration of request authorization.
type Authorization struct {
// RequestRules determines a set of rules for which each request to the proxy
// should be matched against.
// If any rule matches the request, the policy for the rule is applied to the
// request.
RequestRules []AuthorizationRule `json:"requestRules,omitempty"`
}
// AuthorizationRule determines the configuration for a particular authorization
// rule.
type AuthorizationRule struct {
// ID is a unique identifier for the authorization rule. Each authorization
// rule is expected to have a unique ID.
// The ID will be used to identify matched rules for audit purposes.
ID string
// Policy is the authorization policy to apply should the rule match the given
// request.
// All conditions specified within the rule must match the request for the
// policy to be applied.
// Valid values are Allow, Deny and Delegate.
Policy AuthorizationPolicy
// Path is a regex string that expects to match the HTTP request path.
Path string
// Methods is a list of HTTP methods to match against the HTTP request method.
// If any method in the list matches the request method, this rule is
// considered to match.
Methods []string
// IPs is a list of IP or network addresses (in CIDR notation) with which to
// match the request client IP address.
IPs []string
}
Reference in New Issue View Git Blame Copy Permalink