Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

support authenticating on OU or CN #4

Open
joemiller opened this issue Sep 27, 2016 · 4 comments
Open

support authenticating on OU or CN #4

joemiller opened this issue Sep 27, 2016 · 4 comments

Comments

@joemiller
Copy link
Contributor

joemiller commented Sep 27, 2016

i'm thinking about adding an 'evaluator' (or better name?) to go-certauth. Use case is "allow any cert with OU=foo or CN=blah".

eg:

auth := certauth.NewAuth(certauth.Options{
                AllowedOUs: []string{"endpoint", "WWW"},
                AllowedCNs: []string{"client1"},
        })

^^ current code, requires both OU and CN to match.

maybe something like:

auth := certauth.NewAuth(certauth.Options{
                AllowedOUs: []string{"endpoint", "WWW"},
                AllowedCNs: []string{"client1"},
                Eval: "Or",
        })

"Or", "And" ..

@joemiller
Copy link
Contributor Author

/cc @spheromak @kibra

@spheromak
Copy link
Contributor

@joemiller I wonder what the default expectation is. Would you expect having specified both for it to be a default OR ?

I think implementation wise the field should be an iota

type AuthOperator int

const (
	AllowedOR AuthOperator = iota
	AllowedAND
)

spun up the quick example in playground:
https://play.golang.org/p/GLZAAgQUk1

@joemiller
Copy link
Contributor Author

@kibra I think you already implemented something that accomplishes a similar goal?

@kibra
Copy link
Contributor

kibra commented Dec 20, 2016

I believe I thought about it, but did not implement anything. Allowing the user to provide a validator function that accepts a request and context would provide this functionality.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants