package schema // AccessControlConfiguration represents the configuration related to ACLs. type AccessControlConfiguration struct { DefaultPolicy string `mapstructure:"default_policy"` Networks []ACLNetwork `mapstructure:"networks"` Rules []ACLRule `mapstructure:"rules"` } // ACLNetwork represents one ACL network group entry; "weak" coerces a single value into slice. type ACLNetwork struct { Name []string `mapstructure:"name,weak"` Networks []string `mapstructure:"networks"` } // ACLRule represents one ACL rule entry; "weak" coerces a single value into slice. type ACLRule struct { Domains []string `mapstructure:"domain,weak"` Policy string `mapstructure:"policy"` Subjects [][]string `mapstructure:"subject,weak"` Networks []string `mapstructure:"networks"` Resources []string `mapstructure:"resources"` } // DefaultACLNetwork represents the default configuration related to access control network group configuration. var DefaultACLNetwork = []ACLNetwork{ { Name: []string{"localhost"}, Networks: []string{"127.0.0.1"}, }, { Name: []string{"internal"}, Networks: []string{"10.0.0.0/8"}, }, } // DefaultACLRule represents the default configuration related to access control rule configuration. var DefaultACLRule = []ACLRule{ { Domains: []string{"public.example.com"}, Policy: "bypass", }, { Domains: []string{"singlefactor.example.com"}, Policy: "one_factor", }, { Domains: []string{"secure.example.com"}, Policy: "two_factor", }, }