github/zot
1
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2026-06-17 21:17:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat(authz): introduce conditional access control via CEL (#4040)

Browse Source
This commit is contained in:
Matheus Pimenta
2026-05-09 20:43:00 +01:00
committed by GitHub
parent ddb6279a25
commit 8a6674f198
15 changed files with 1636 additions and 85 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/cel/claim_processor.go
+4
View File
@@ -19,6 +19,9 @@ const defaultUsernameExpr = "claims.iss + '/' + claims.sub"
type ClaimResult struct {
Username string
Groups []string
// Claims is the raw OIDC claim set. Carried through so authorization-time
// CEL expressions can reference token claims directly via `req.claims`.
Claims map[string]any
}
// ClaimProcessor processes OIDC claims using CEL expressions.
@@ -206,6 +209,7 @@ func (c *ClaimProcessor) Process(ctx context.Context, claims map[string]any) (*C
return &ClaimResult{
Username: username,
Groups: groups,
Claims: claims,
}, nil
}