mirror of
https://github.com/pomerium/pomerium.git
synced 2025-07-19 17:50:17 +02:00
8401170443
Add a new reason "client-certificate-required" that will be returned by the invalid_client_certificate criterion in the case that no client certificate was provided. Determine this using the new 'presented' field populated from the Envoy metadata.
81 lines
2.5 KiB
Go
81 lines
2.5 KiB
Go
package criteria
|
|
|
|
import "sort"
|
|
|
|
// A Reason is a reason for why a policy criterion passes or fails.
|
|
type Reason string
|
|
|
|
// Well-known reasons.
|
|
const (
|
|
ReasonAccept = "accept"
|
|
ReasonClaimOK = "claim-ok"
|
|
ReasonClaimUnauthorized = "claim-unauthorized"
|
|
ReasonClientCertificateRequired = "client-certificate-required"
|
|
ReasonCORSRequest = "cors-request"
|
|
ReasonDeviceOK = "device-ok"
|
|
ReasonDeviceUnauthenticated = "device-unauthenticated"
|
|
ReasonDeviceUnauthorized = "device-unauthorized"
|
|
ReasonDomainOK = "domain-ok"
|
|
ReasonDomainUnauthorized = "domain-unauthorized"
|
|
ReasonEmailOK = "email-ok"
|
|
ReasonEmailUnauthorized = "email-unauthorized"
|
|
ReasonHTTPMethodOK = "http-method-ok"
|
|
ReasonHTTPMethodUnauthorized = "http-method-unauthorized"
|
|
ReasonHTTPPathOK = "http-path-ok"
|
|
ReasonHTTPPathUnauthorized = "http-path-unauthorized"
|
|
ReasonInvalidClientCertificate = "invalid-client-certificate"
|
|
ReasonNonCORSRequest = "non-cors-request"
|
|
ReasonNonPomeriumRoute = "non-pomerium-route"
|
|
ReasonPomeriumRoute = "pomerium-route"
|
|
ReasonReject = "reject"
|
|
ReasonRouteNotFound = "route-not-found"
|
|
ReasonUserOK = "user-ok"
|
|
ReasonUserUnauthenticated = "user-unauthenticated" // user needs to log in
|
|
ReasonUserUnauthorized = "user-unauthorized" // user does not have access
|
|
ReasonValidClientCertificate = "valid-client-certificate"
|
|
)
|
|
|
|
// Reasons is a collection of reasons.
|
|
type Reasons map[Reason]struct{}
|
|
|
|
// NewReasons creates a new Reasons collection.
|
|
func NewReasons(reasons ...Reason) Reasons {
|
|
rs := make(Reasons)
|
|
for _, r := range reasons {
|
|
rs.Add(r)
|
|
}
|
|
return rs
|
|
}
|
|
|
|
// Add adds a reason to the collection.
|
|
func (rs Reasons) Add(r Reason) {
|
|
rs[r] = struct{}{}
|
|
}
|
|
|
|
// Has returns true if the reason is found in the collection.
|
|
func (rs Reasons) Has(r Reason) bool {
|
|
_, ok := rs[r]
|
|
return ok
|
|
}
|
|
|
|
// Strings returns the reason collection as a slice of strings.
|
|
func (rs Reasons) Strings() []string {
|
|
var arr []string
|
|
for r := range rs {
|
|
arr = append(arr, string(r))
|
|
}
|
|
sort.Strings(arr)
|
|
return arr
|
|
}
|
|
|
|
// Union merges two reason collections together.
|
|
func (rs Reasons) Union(other Reasons) Reasons {
|
|
merged := make(Reasons)
|
|
for r := range rs {
|
|
merged.Add(r)
|
|
}
|
|
for r := range other {
|
|
merged.Add(r)
|
|
}
|
|
return merged
|
|
}
|