-
Notifications
You must be signed in to change notification settings - Fork 17
/
policy_config.yaml
59 lines (55 loc) · 1.54 KB
/
policy_config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
# auth policy config
# In each pathPolicy element, path is mandatory, methods and claims are optional
# A request is matched to the closest matching route i.e. closest path (& optional method).
# If no methods are specified in the pathPolicy then requests with any valid http method will match it.
# If no claims are specified then no jwt auth is performed on the request
#
# Asterisks (*) can be used in the path to match multiple widlcarded levels e.g. /foo/*/bar will match a request to /foo/a/b/c/bar etc.
# Templated paths can be used to match single levels e.g. /foo/:id will match a request to /foo/a. Additionally the template
# value can be used in the claims (either as a key or value) e.g. claims: { "id" : ":id" } would be dynamically
# resolved to be { "id" : "a" }
#
# No matching route found => 401
# Matches route, but not claims => 401
# Matches route, matches claims => passes auth
# Matches route, no claims configured => passes auth
- path: /packs
methods: [GET]
- path: /packs/:pack
methods: [GET]
- path: /packs/:pack
methods:
- POST
- PUT
claims:
groups:
- dev
- packwriter
role:
- admin
- path: /packs/:pack
methods: [DELETE]
claims:
groups:
- packadmin
- path: /flows/*
methods: [GET]
- path: /flows/:namespace/:flow
methods: [GET]
- path: /flows/:namespace/:flow
methods:
- PUT
claims:
groups:
- flowwriter
role:
- admin
- path: /flows/:namespace/:flow
methods: [DELETE]
claims:
namespaceAdmin:
- :namespace
- path: /datastore/*
claims:
groups:
- dev