2019-04-25 04:52:08 +07:00
|
|
|
package schema
|
|
|
|
|
2022-04-01 18:38:49 +07:00
|
|
|
import (
|
|
|
|
"regexp"
|
|
|
|
)
|
|
|
|
|
2021-01-04 17:55:23 +07:00
|
|
|
// AccessControlConfiguration represents the configuration related to ACLs.
|
|
|
|
type AccessControlConfiguration struct {
|
2021-08-03 16:55:21 +07:00
|
|
|
DefaultPolicy string `koanf:"default_policy"`
|
|
|
|
Networks []ACLNetwork `koanf:"networks"`
|
|
|
|
Rules []ACLRule `koanf:"rules"`
|
2021-01-04 17:55:23 +07:00
|
|
|
}
|
|
|
|
|
2022-04-01 18:38:49 +07:00
|
|
|
// ACLNetwork represents one ACL network group entry.
|
2021-01-04 17:55:23 +07:00
|
|
|
type ACLNetwork struct {
|
2021-08-03 16:55:21 +07:00
|
|
|
Name string `koanf:"name"`
|
|
|
|
Networks []string `koanf:"networks"`
|
2021-01-04 17:55:23 +07:00
|
|
|
}
|
2019-04-25 04:52:08 +07:00
|
|
|
|
2022-04-01 18:38:49 +07:00
|
|
|
// ACLRule represents one ACL rule entry.
|
2019-04-25 04:52:08 +07:00
|
|
|
type ACLRule struct {
|
2022-04-01 18:38:49 +07:00
|
|
|
Domains []string `koanf:"domain"`
|
|
|
|
DomainsRegex []regexp.Regexp `koanf:"domain_regex"`
|
|
|
|
Policy string `koanf:"policy"`
|
|
|
|
Subjects [][]string `koanf:"subject"`
|
|
|
|
Networks []string `koanf:"networks"`
|
|
|
|
Resources []regexp.Regexp `koanf:"resources"`
|
|
|
|
Methods []string `koanf:"methods"`
|
2019-04-25 04:52:08 +07:00
|
|
|
}
|
2021-01-16 17:05:41 +07:00
|
|
|
|
|
|
|
// DefaultACLNetwork represents the default configuration related to access control network group configuration.
|
|
|
|
var DefaultACLNetwork = []ACLNetwork{
|
|
|
|
{
|
2021-03-05 11:18:31 +07:00
|
|
|
Name: "localhost",
|
2021-01-16 17:05:41 +07:00
|
|
|
Networks: []string{"127.0.0.1"},
|
|
|
|
},
|
|
|
|
{
|
2021-03-05 11:18:31 +07:00
|
|
|
Name: "internal",
|
2021-01-16 17:05:41 +07:00
|
|
|
Networks: []string{"10.0.0.0/8"},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
// DefaultACLRule represents the default configuration related to access control rule configuration.
|
|
|
|
var DefaultACLRule = []ACLRule{
|
|
|
|
{
|
|
|
|
Domains: []string{"public.example.com"},
|
|
|
|
Policy: "bypass",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Domains: []string{"singlefactor.example.com"},
|
|
|
|
Policy: "one_factor",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Domains: []string{"secure.example.com"},
|
|
|
|
Policy: "two_factor",
|
|
|
|
},
|
|
|
|
}
|