mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
81e34d84de
* [MISC] Validate all sections of ACLs on startup This change ensure that all sections of the `access_control` key are validated on startup. * Change error format to clearly identify values
52 lines
1.5 KiB
Go
52 lines
1.5 KiB
Go
package schema
|
|
|
|
// AccessControlConfiguration represents the configuration related to ACLs.
|
|
type AccessControlConfiguration struct {
|
|
DefaultPolicy string `mapstructure:"default_policy"`
|
|
Networks []ACLNetwork `mapstructure:"networks"`
|
|
Rules []ACLRule `mapstructure:"rules"`
|
|
}
|
|
|
|
// ACLNetwork represents one ACL network group entry; "weak" coerces a single value into slice.
|
|
type ACLNetwork struct {
|
|
Name []string `mapstructure:"name,weak"`
|
|
Networks []string `mapstructure:"networks"`
|
|
}
|
|
|
|
// ACLRule represents one ACL rule entry; "weak" coerces a single value into slice.
|
|
type ACLRule struct {
|
|
Domains []string `mapstructure:"domain,weak"`
|
|
Policy string `mapstructure:"policy"`
|
|
Subjects [][]string `mapstructure:"subject,weak"`
|
|
Networks []string `mapstructure:"networks"`
|
|
Resources []string `mapstructure:"resources"`
|
|
}
|
|
|
|
// DefaultACLNetwork represents the default configuration related to access control network group configuration.
|
|
var DefaultACLNetwork = []ACLNetwork{
|
|
{
|
|
Name: []string{"localhost"},
|
|
Networks: []string{"127.0.0.1"},
|
|
},
|
|
{
|
|
Name: []string{"internal"},
|
|
Networks: []string{"10.0.0.0/8"},
|
|
},
|
|
}
|
|
|
|
// DefaultACLRule represents the default configuration related to access control rule configuration.
|
|
var DefaultACLRule = []ACLRule{
|
|
{
|
|
Domains: []string{"public.example.com"},
|
|
Policy: "bypass",
|
|
},
|
|
{
|
|
Domains: []string{"singlefactor.example.com"},
|
|
Policy: "one_factor",
|
|
},
|
|
{
|
|
Domains: []string{"secure.example.com"},
|
|
Policy: "two_factor",
|
|
},
|
|
}
|