Open raphink opened 8 years ago
@raphink so, i found a bit of free time over the weekend and put together #139 with that, all you need is add some code to github_auth to assign gh_team labels. label is a string -> []string map, so multiple teams will be ok and matching will check all of them.
As mentioned in https://github.com/cesanta/docker_auth/pull/115#issuecomment-234074177, once #115 is merged, it would be great to be able to use teams in the ACLs, something along the lines of:
where team would be matched against something like
regexp.QuoteMeta(strings.Join(ai.Teams))
.As you mentioned in #115, it would be good if this was not specific to GitHub. Here's a suggestion. Currently,
AuthServer#Authenticate()
has the following signature:Instead of returning a boolean, we could make it return a structure containing information about the authenticated user, so any authn provider could provider that information.
and
authz.go
could thus access this information from the authn provider, and filter on Email, Teams, etc.@rojer What do you think of this architecture?