Configure allowed domains in Gangway

[dbarranco]

Hello!

Thanks a lot for this tool, it is a very good way to authenticate our devs in our set of Kubernetes clusters :)

I was doing a proof of concept today using the Google oAuth and I was wondering if it would be possible to restrict only some domains in the application.
Currently we have several domains that are able to pass the Google authentication (let's say @bitnami.com, @vmware.com), but we would only like to allow logins from the @vmare.com domains, as any user that configures their Kubernetes configuration file with a different domain will see a:

ᐅ k get componentstatuses
error: You must be logged in to the server (Unauthorized)

Which is fine, obviously, but I wouldn't expect users logging into the Gangway application with their personal mail addresses or any other domain different than the one I want.

Thanks again!
Do not hesitate to ask me if this issue is not clear at all.

[dbarranco]

Just for the record, I can allow or block hosted domains in the API server with:

- --oidc-required-claim=hd=vmware.com

but still, it would be useful to allow or block domains in Gangway.
Something similar to:

https://grafana.com/docs/grafana/latest/auth/google/#enable-google-oauth-in-grafana