From fe108073bb183b3c52676aaabfb2bff829310ff0 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Tue, 7 Apr 2015 23:56:10 -0400
Subject: Move authz checks from Secrets to own class

Add a Namespace authorization class to use in the pipeline instead
of performing authorization within the Secrets class
---
 custodia.conf | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'custodia.conf')

diff --git a/custodia.conf b/custodia.conf
index a9009f7..79d7085 100644
--- a/custodia.conf
+++ b/custodia.conf
@@ -12,7 +12,12 @@ name = REMOTE_USER
 
 [authz:paths]
 handler = custodia.httpd.authorizers.SimplePathAuthz
-paths = /
+paths = /.
+
+[authz:namespaces]
+handler = custodia.secrets.Namespaces
+path = /secrets/
+store = simple
 
 [store:simple]
 handler = custodia.store.sqlite.SqliteStore
@@ -30,6 +35,11 @@ handler = custodia.store.sqlite.SqliteStore
 dburi = secrets.db
 table = tenant1
 
+[authz:tenant1]
+handler = custodia.secrets.Namespaces
+path = /tenant1/secrets/
+store = tenant1
+
 [/tenant1/secrets]
 handler = custodia.root.Secrets
 store = tenant1
-- 
cgit