github/karma
1
0
Fork 0
mirror of https://github.com/prymitive/karma synced 2026-05-05 03:16:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(acl): do not validate group names from proxies

Browse Source 
Validating the group name made sense when they were defined statically
in the configuration file. However when using a HTTP proxy to provide
group information it just causes issues.
This commit is contained in:
Taavi Väänänen
2021-12-06 16:52:47 +02:00
committed by Łukasz Mierzwa
parent 3745f4c0f1
commit 7e5571e135
1 changed files with 12 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
cmd/karma/acl.go
View File

@@ -182,16 +182,20 @@ func newSilenceACLFromConfig(cfg config.SilenceACLRule) (*silenceACL, error) {
}
for _, groupName := range cfg.Scope.Groups {
var wasFound bool
for _, authGroup := range config.Config.Authorization.Groups {
if authGroup.Name == groupName {
wasFound = true
break
// Can't validate the group name if it comes dynamically from a http proxy
if config.Config.Authentication.Header.GroupName == "" {
var wasFound bool
for _, authGroup := range config.Config.Authorization.Groups {
if authGroup.Name == groupName {
wasFound = true
break
}
}
if !wasFound {
return nil, fmt.Errorf("invalid silence ACL rule, no group with name %q found in authorization.groups configuration", groupName)
}
}
if !wasFound {
return nil, fmt.Errorf("invalid silence ACL rule, no group with name %q found in authorization.groups configuration", groupName)
}
acl.Scope.Groups = append(acl.Scope.Groups, groupName)
}