Open dddpaul opened 5 years ago
For the sake of non-breaking changes - it may be more reasonable to enable AA only if special HTTP header is exists.
For example:
authentication:
enabled: true
configuration:
force_authentication_header: X-Marathon-Plugin-Auth-Force
force_authentication_header_enabled: true
Modes:
Force header mode | Bypass header mode | Result |
---|---|---|
Off | Off | AA is performed always |
Off | On | AA is performed unless bypass header was received |
On | Off | AA is performed only if force header was received |
On | On | AA is performed always or incorrect configuration? |
I think, this is the most flexible behaviour:
authentication:
enabled: true
configuration:
production_mode_enabled: true
trigger_header: X-Marathon-Plugin-Auth-Enabled
Parameters:
authentication.enabled
(optional): Disable or enable plugin. By default plugin is enabled.authentication.configuration.production_mode_enabled
(optional): If true
, then AA is enabled, but can be disabled by trigger header being set to false
. If false
then AA is disabled, but can be enabled by trigger header being set to true
. By default is true
.authentication.configuration.trigger_header
(optional): HTTP header name for trigger on/off AA. By default is null
, in this case triggering fuctionality is disabled.Configuration examples:
authentication:
enabled: false
authentication:
configuration:
production_mode_enabled: false
trigger_header: X-Marathon-Plugin-Auth-Enabled
authentication:
configuration:
production_mode_enabled: false
trigger_header: Authorization
authentication:
configuration:
production_mode_enabled: true
trigger_header: X-Marathon-Plugin-Auth-Enabled
authentication:
configuration:
production_mode_enabled: true
trigger_header: X-Marathon-Plugin-Auth-Enabled
For example in config: