3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-28 16:37:24 +02:00
Code Issues Projects Releases Packages Wiki Activity

evaluator: use impersonate groups if impersonate email is set (#1701)

Browse source
This commit is contained in:
Caleb Doxsey 2020-12-21 09:47:12 -07:00 committed by GitHub
parent c367498fbc
commit 4eec2ed1d5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 13 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

10
authorize/evaluator/opa/policy/authz_test.rego
View file

@ -70,7 +70,7 @@ test_group_allowed {
"groups": ["1"]
} with
input.http as { "url": "http://example.com" } with
input.session as { "id": "session1", "impersonate_groups": null }
input.session as { "id": "session1" }
}
test_impersonate_groups_not_allowed {
@ -86,12 +86,10 @@ test_impersonate_groups_not_allowed {
"user": {
"email": "x@example.com"
},
"directory_user": {
"groups": ["1"]
}
"groups": ["1"]
} with
input.http as { "url": "http://example.com" } with
input.session as { "id": "session1", "impersonate_groups": ["2"] }
input.session as { "id": "session1", "impersonate_email": "y@example.com", "impersonate_groups": ["2"] }
}
test_impersonate_groups_allowed {
@ -112,7 +110,7 @@ test_impersonate_groups_allowed {
}
} with
input.http as { "url": "http://example.com" } with
input.session as { "id": "session1", "impersonate_groups": ["2"] }
input.session as { "id": "session1", "impersonate_email": "y@example.com", "impersonate_groups": ["2"] }
}
test_domain_allowed {