diff options
| author | Simo Sorce <simo@redhat.com> | 2015-04-07 23:56:10 -0400 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2015-04-08 00:41:20 -0400 |
| commit | fe108073bb183b3c52676aaabfb2bff829310ff0 (patch) | |
| tree | f10665b71a71ec8b253744a78eb51ef9d1504fea /custodia.conf | |
| parent | 393ec7cfd371de985ede02811592997162b6a381 (diff) | |
| download | custodia-fe108073bb183b3c52676aaabfb2bff829310ff0.tar.gz custodia-fe108073bb183b3c52676aaabfb2bff829310ff0.tar.xz custodia-fe108073bb183b3c52676aaabfb2bff829310ff0.zip | |
Move authz checks from Secrets to own class
Add a Namespace authorization class to use in the pipeline instead
of performing authorization within the Secrets class
Diffstat (limited to 'custodia.conf')
| -rw-r--r-- | custodia.conf | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/custodia.conf b/custodia.conf index a9009f7..79d7085 100644 --- a/custodia.conf +++ b/custodia.conf @@ -12,7 +12,12 @@ name = REMOTE_USER [authz:paths] handler = custodia.httpd.authorizers.SimplePathAuthz -paths = / +paths = /. + +[authz:namespaces] +handler = custodia.secrets.Namespaces +path = /secrets/ +store = simple [store:simple] handler = custodia.store.sqlite.SqliteStore @@ -30,6 +35,11 @@ handler = custodia.store.sqlite.SqliteStore dburi = secrets.db table = tenant1 +[authz:tenant1] +handler = custodia.secrets.Namespaces +path = /tenant1/secrets/ +store = tenant1 + [/tenant1/secrets] handler = custodia.root.Secrets store = tenant1 |