-
Notifications
You must be signed in to change notification settings - Fork 11
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Introduce per-user path restrictions [RHELDST-23442]
Previously, exodus-gw's publish APIs allowed any authorized user to publish to any paths within a given CDN environment. Now, it is possible to restrict individual users to publishing to certain paths in a given CDN environment using the publish_paths setting, or the EXODUS_GW_PUBLISH_PATHS environment variable. An example of the publish paths config: { "pre": { "fake-user": [ "^(/content)?/origin/files/sha256/[0-f]{2}/[0-f]{64}/[^/]{1,300}$" ], }, "live": { "fake-user": [ "^(/content)?/origin/files/sha256/[0-f]{2}/[0-f]{64}/[^/]{1,300}$" ], } } Any clients identified in the config are authorized to publish to any path which matches the defined regex. When a client attempts to publish to a path to which does not match the defined regex, they will get a 403 response. Any client which is not included in the publish_paths config will be authorized to publish to any path (assuming they have the necessary publish roles). This should reduce the risk of conflicts and other issues between exodus-gw users.
- Loading branch information
1 parent
592b192
commit b44b14b
Showing
3 changed files
with
138 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters