support authenticating on OU or CN

[joemiller]

i'm thinking about adding an 'evaluator' (or better name?) to go-certauth. Use case is "allow any cert with OU=foo or CN=blah".

eg:

auth := certauth.NewAuth(certauth.Options{
                AllowedOUs: []string{"endpoint", "WWW"},
                AllowedCNs: []string{"client1"},
        })

^^ current code, requires both OU and CN to match.

maybe something like:

auth := certauth.NewAuth(certauth.Options{
                AllowedOUs: []string{"endpoint", "WWW"},
                AllowedCNs: []string{"client1"},
                Eval: "Or",
        })

"Or", "And" ..

[joemiller]

/cc @spheromak @kibra

[spheromak]

@joemiller I wonder what the default expectation is. Would you expect having specified both for it to be a default OR ?

I think implementation wise the field should be an iota

type AuthOperator int

const (
	AllowedOR AuthOperator = iota
	AllowedAND
)

spun up the quick example in playground:
https://play.golang.org/p/GLZAAgQUk1

[joemiller]

@kibra I think you already implemented something that accomplishes a similar goal?

[kibra]

I believe I thought about it, but did not implement anything. Allowing the user to provide a validator function that accepts a request and context would provide this functionality.