pomerium

mirror of https://github.com/pomerium/pomerium.git synced 2025-06-03 11:22:45 +02:00

History

Kenneth Jenkins 4698e4661a authorize: omit client cert rule when not needed (#4386 ) Currently we always add an invalid_client_certificate deny rule to all PPL policies. Instead, let's add this rule only when a client CA is configured. This way, if a user is not using client certificates at all, they won't see any reason strings related to client certificates in the authorize logs. Change the "valid-client-certificate-or-none-required" reason string to just "valid-client-certificate" accordingly. Pass the main Evaluator config to NewPolicyEvaluator so that we can determine whether there is a client CA configured or not. Extract the existing default deny rule to a separate method. Add unit tests exercising the new behavior.		2023-07-24 15:27:57 -07:00
..
default.go	authorize: omit client cert rule when not needed (#4386 )	2023-07-24 15:27:57 -07:00
default_test.go	authorize: omit client cert rule when not needed (#4386 )	2023-07-24 15:27:57 -07:00
grammar.go	chore(deps): bump github.com/golangci/golangci-lint from 1.48.0 to 1.50.0 (#3667 )	2022-10-19 09:36:59 -06:00
json.go	chore(deps): bump github.com/golangci/golangci-lint from 1.48.0 to 1.50.0 (#3667 )	2022-10-19 09:36:59 -06:00
json_test.go
parser.go	chore(deps): bump github.com/golangci/golangci-lint from 1.48.0 to 1.50.0 (#3667 )	2022-10-19 09:36:59 -06:00
parser_test.go
schema.json