mirror of
https://github.com/pomerium/pomerium.git
synced 2025-06-20 03:32:45 +02:00
c13459bb88
* authorize: authorization module adds support for per-route access policy. In this release we support the most common forms of identity based access policy: `allowed_users`, `allowed_groups`, and `allowed_domains`. In future versions, the authorization module will also support context and device based authorization policy and decisions. See website documentation for more details. * docs: updated `env.example` to include a `POLICY` setting example. * docs: added `IDP_SERVICE_ACCOUNT` to `env.example` . * docs: removed `PROXY_ROOT_DOMAIN` settings which has been replaced by `POLICY`. * all: removed `ALLOWED_DOMAINS` settings which has been replaced by `POLICY`. Authorization is now handled by the authorization service and is defined in the policy configuration files. * proxy: `ROUTES` settings which has been replaced by `POLICY`. * internal/log: `http.Server` and `httputil.NewSingleHostReverseProxy` now uses pomerium's logging package instead of the standard library's built in one. Closes #54 Closes #41 Closes #61 Closes #58
18 lines
330 B
Protocol Buffer
18 lines
330 B
Protocol Buffer
syntax = "proto3";
|
|
|
|
package authorize;
|
|
|
|
service Authorizer {
|
|
rpc Authorize(AuthorizeRequest) returns (AuthorizeReply) {}
|
|
}
|
|
|
|
message AuthorizeRequest {
|
|
// request context
|
|
string route = 1;
|
|
// user context
|
|
string user = 2;
|
|
string email = 3;
|
|
repeated string groups = 4;
|
|
}
|
|
|
|
message AuthorizeReply { bool is_valid = 1; }
|