mirror of
https://github.com/pomerium/pomerium.git
synced 2025-05-28 16:37:24 +02:00
evaluator: use impersonate groups if impersonate email is set (#1701)
This commit is contained in:
parent
c367498fbc
commit
4eec2ed1d5
3 changed files with 13 additions and 10 deletions
|
@ -70,7 +70,7 @@ test_group_allowed {
|
|||
"groups": ["1"]
|
||||
} with
|
||||
input.http as { "url": "http://example.com" } with
|
||||
input.session as { "id": "session1", "impersonate_groups": null }
|
||||
input.session as { "id": "session1" }
|
||||
}
|
||||
|
||||
test_impersonate_groups_not_allowed {
|
||||
|
@ -86,12 +86,10 @@ test_impersonate_groups_not_allowed {
|
|||
"user": {
|
||||
"email": "x@example.com"
|
||||
},
|
||||
"directory_user": {
|
||||
"groups": ["1"]
|
||||
}
|
||||
"groups": ["1"]
|
||||
} with
|
||||
input.http as { "url": "http://example.com" } with
|
||||
input.session as { "id": "session1", "impersonate_groups": ["2"] }
|
||||
input.session as { "id": "session1", "impersonate_email": "y@example.com", "impersonate_groups": ["2"] }
|
||||
}
|
||||
|
||||
test_impersonate_groups_allowed {
|
||||
|
@ -112,7 +110,7 @@ test_impersonate_groups_allowed {
|
|||
}
|
||||
} with
|
||||
input.http as { "url": "http://example.com" } with
|
||||
input.session as { "id": "session1", "impersonate_groups": ["2"] }
|
||||
input.session as { "id": "session1", "impersonate_email": "y@example.com", "impersonate_groups": ["2"] }
|
||||
}
|
||||
|
||||
test_domain_allowed {
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue