-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(backend): fine grained perms (#21)
Signed-off-by: David van der Spek <vanderspek.david@gmail.com>
- Loading branch information
Showing
29 changed files
with
3,812 additions
and
2,300 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
run: | ||
timeout: 10m | ||
issues-exit-code: 1 | ||
tests: true | ||
linters: | ||
disable-all: true | ||
enable: | ||
# default linters | ||
- errcheck | ||
- gosimple | ||
- govet | ||
- ineffassign | ||
- staticcheck | ||
- typecheck | ||
- unused | ||
|
||
# additional linters | ||
- errorlint | ||
- errname | ||
- gocyclo | ||
- goimports | ||
- misspell | ||
- gofmt | ||
- importas | ||
- goconst | ||
- gocritic | ||
- misspell |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,8 @@ | ||
Create seed for first admin user and seed organization into Keto | ||
Make rules more fine-grained | ||
Use authorizer instead of hydrator for checking tenants | ||
Expand what is now the hydrator to more smartly parse the method and URL so hydrate the tenants more accurately (for example: if it is a get request to mimir we will look for all tenants the user can read metrics from) | ||
Add policy checking for login bindings on OAuth2 Client login | ||
Start using https://github.com/ory/herodot for our webhook endpoints | ||
Add policy fine-grained checking for our API | ||
Allow for Bearer token and HTTP basic auth to work | ||
If a request already contains a tenant header, rather than hydrating all tenants a user/client has access to check if the user/tenant has access to that tenant and don't modify the headers |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.