mirror of
https://github.com/steveiliop56/tinyauth.git
synced 2026-05-18 02:00:12 +00:00
wip: use policy engine for acls
This commit is contained in:
Stavros
@@ -34,6 +34,7 @@ type Services struct {
|
||||
ldapService *service.LdapService
|
||||
oauthBrokerService *service.OAuthBrokerService
|
||||
oidcService *service.OIDCService
|
||||
policyEngine *service.PolicyEngine
|
||||
}
|
||||
|
||||
type BootstrapApp struct {
|
||||
|
||||
@@ -44,7 +44,7 @@ func (app *BootstrapApp) setupRouter() error {
|
||||
controller.NewContextController(app.log, app.config, app.runtime, apiRouter)
|
||||
controller.NewOAuthController(app.log, app.config, app.runtime, apiRouter, app.services.authService)
|
||||
controller.NewOIDCController(app.log, app.services.oidcService, app.runtime, apiRouter)
|
||||
controller.NewProxyController(app.log, app.runtime, apiRouter, app.services.accessControlService, app.services.authService)
|
||||
controller.NewProxyController(app.log, app.runtime, apiRouter, app.services.accessControlService, app.services.authService, app.services.policyEngine)
|
||||
controller.NewUserController(app.log, app.runtime, apiRouter, app.services.authService)
|
||||
controller.NewResourcesController(app.config, &engine.RouterGroup)
|
||||
controller.NewHealthController(apiRouter)
|
||||
|
||||
@@ -25,6 +25,12 @@ func (app *BootstrapApp) setupServices() error {
|
||||
accessControlsService := service.NewAccessControlsService(app.log, app.config, &labelProvider)
|
||||
app.services.accessControlService = accessControlsService
|
||||
|
||||
err = app.setupPolicyEngine()
|
||||
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to initialize policy engine: %w", err)
|
||||
}
|
||||
|
||||
oauthBrokerService := service.NewOAuthBrokerService(app.log, app.runtime.OAuthProviders, app.ctx)
|
||||
app.services.oauthBrokerService = oauthBrokerService
|
||||
|
||||
@@ -74,3 +80,34 @@ func (app *BootstrapApp) getLabelProvider() (service.LabelProvider, error) {
|
||||
app.services.dockerService = dockerService
|
||||
return dockerService, nil
|
||||
}
|
||||
|
||||
func (app *BootstrapApp) setupPolicyEngine() error {
|
||||
policyEngine, err := service.NewPolicyEngine(app.config, app.log)
|
||||
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to initialize policy engine: %w", err)
|
||||
}
|
||||
|
||||
policyEngine.RegisterRule(service.RuleUserAllowed, &service.UserAllowedRule{
|
||||
Log: app.log,
|
||||
})
|
||||
policyEngine.RegisterRule(service.RuleOAuthGroup, &service.OAuthGroupRule{
|
||||
Log: app.log,
|
||||
})
|
||||
policyEngine.RegisterRule(service.RuleLDAPGroup, &service.LDAPGroupRule{
|
||||
Log: app.log,
|
||||
})
|
||||
policyEngine.RegisterRule(service.RuleAuthEnabled, &service.AuthEnabledRule{
|
||||
Log: app.log,
|
||||
})
|
||||
policyEngine.RegisterRule(service.RuleIPAllowed, &service.IPAllowedRule{
|
||||
Log: app.log,
|
||||
Config: app.config,
|
||||
})
|
||||
policyEngine.RegisterRule(service.RuleIPBypassed, &service.IPBypassedRule{
|
||||
Log: app.log,
|
||||
})
|
||||
|
||||
app.services.policyEngine = policyEngine
|
||||
return nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user