Docs: groups ppl criterion #1154
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ZPain8464
added
backport 0-22-0
backport 0-23-0
✅ Deploy Preview for pomerium-docs ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
wasaga
requested changes
Jan 11, 2024
content/docs/capabilities/ppl.mdx
Outdated
| | `device` | [Device matcher] | Returns true if the incoming request includes a valid device ID or type. | | ||
| | `domain` | [String Matcher] | Returns true if the logged-in user's email address domain (the part after `@`) matches the given value. | | ||
| | `email` | [String Matcher] | Returns true if the logged-in user's email address matches the given value. | | ||
| | \* `groups` | [String Matcher] | Returns true if a user's group ID matches the supplied value **exactly**. `groups` data is only available after a successful directory sync. See [Identity Providers](/docs/identity-providers) for vendor-specific directory sync steps. | |
There was a problem hiding this comment.
I believe groups is not using String Matcher, but rather String List Matcher that has a single operator has that checks that a given string is present in a given list of strings.
wasaga
reviewed
Jan 11, 2024
|
|
||
| A string list matcher is an object that supports a single `has` operator as a key. The `has` operator checks that a given string is present in a list of strings. | ||
|
|
||
| The `groups` and `record` criteria both support the `has` operator. |
There was a problem hiding this comment.
the example below does not demonstrate has operator for record
There was a problem hiding this comment.
@wasaga I meant to add that. Thanks for catching it. I've updated the example.
wasaga
reviewed
Jan 11, 2024
content/docs/capabilities/ppl.mdx
Outdated
| @@ -322,7 +322,7 @@ allow: | |||
| - record: | |||
| type: pomerium.io/ExternalDataSource | |||
| field: id | |||
There was a problem hiding this comment.
id field is not a list
I believe has is only applicable to foreign_field.
@calebdoxsey do you have a good example maybe for has usage in record ?
There was a problem hiding this comment.
allow:
and:
- record:
type: example.com/geoip
field: country
is: "US"
- record:
type: example.com/hr_user
field: departments
has: "engineering"There was a problem hiding this comment.
@calebdoxsey Is this part necessary? Or is this just showing another operator that also uses list string matching?
- record:
type: example.com/geoip
field: country
is: "US"There was a problem hiding this comment.
Right that's showing using is. The record operator supports contains, ends_with, is, starts_with and has. It depends on what data is stored. If it's a list you'd want to use has. If it's a string you'd want to use one of the string matchers.
wasaga
approved these changes
Jan 11, 2024
backport-actions-token bot
pushed a commit
that referenced
this pull request
Jan 11, 2024
* updates table * adds groups entry * adds string list matcher * updates record example * updates examples * runs prettier
backport-actions-token bot
pushed a commit
that referenced
this pull request
Jan 11, 2024
* updates table * adds groups entry * adds string list matcher * updates record example * updates examples * runs prettier
backport-actions-token bot
pushed a commit
that referenced
this pull request
Jan 11, 2024
* updates table * adds groups entry * adds string list matcher * updates record example * updates examples * runs prettier
backport-actions-token bot
pushed a commit
that referenced
this pull request
Jan 11, 2024
* updates table * adds groups entry * adds string list matcher * updates record example * updates examples * runs prettier
ZPain8464
added a commit
that referenced
this pull request
Jan 11, 2024
Docs: groups ppl criterion (#1154) * updates table * adds groups entry * adds string list matcher * updates record example * updates examples * runs prettier Co-authored-by: zachary painter <[email protected]>
ZPain8464
added a commit
that referenced
this pull request
Jan 11, 2024
Docs: groups ppl criterion (#1154) * updates table * adds groups entry * adds string list matcher * updates record example * updates examples * runs prettier Co-authored-by: zachary painter <[email protected]>
ZPain8464
added a commit
that referenced
this pull request
Jan 11, 2024
Docs: groups ppl criterion (#1154) * updates table * adds groups entry * adds string list matcher * updates record example * updates examples * runs prettier Co-authored-by: zachary painter <[email protected]>
ZPain8464
added a commit
that referenced
this pull request
Jan 11, 2024
Docs: groups ppl criterion (#1154) * updates table * adds groups entry * adds string list matcher * updates record example * updates examples * runs prettier Co-authored-by: zachary painter <[email protected]>
ZPain8464
added a commit
that referenced
this pull request
Jan 25, 2024
* Docs: adds core v0.25 changelog (#1151) adds core v0.25 changelog * Docs: adds core upgrade guide (#1156) * adds core upgrade guide * fixes cspell failure * Update content/docs/deploy/core/upgrading.mdx Co-authored-by: Kenneth Jenkins <[email protected]> * Update cspell.json Co-authored-by: Kenneth Jenkins <[email protected]> --------- Co-authored-by: Kenneth Jenkins <[email protected]> * Docs: updates archived versions (#1158) updates archived versions * Docs: adds console upgrade guide (#1157) * adds console upgrade guide * updates text * Docs: adds v0.25.0 Console changelog callouts (#1137) * adds v0.25.0 Console changelog callouts * runs prettier and cleans up grammar * Update content/docs/deploy/enterprise/changelog.mdx Co-authored-by: bobby <[email protected]> * Update content/docs/deploy/enterprise/changelog.mdx Co-authored-by: bobby <[email protected]> * adds feedback * Update content/docs/deploy/enterprise/changelog.mdx Co-authored-by: bobby <[email protected]> * Update content/docs/deploy/enterprise/changelog.mdx Co-authored-by: bobby <[email protected]> * Update content/docs/deploy/enterprise/changelog.mdx Co-authored-by: Kenneth Jenkins <[email protected]> * Update content/docs/deploy/enterprise/changelog.mdx --------- Co-authored-by: bobby <[email protected]> Co-authored-by: Kenneth Jenkins <[email protected]> * Docs: fixes console formatting (#1169) * fixes console formatting * adds h5s for subsections * Docs: removes cookie secure example from Enterprise tab (#1172) * removes cookie secure example from Enterprise tab * Update content/docs/reference/cookies.mdx Co-authored-by: Kenneth Jenkins <[email protected]> --------- Co-authored-by: Kenneth Jenkins <[email protected]> * Docs: groups ppl criterion (#1154) * updates table * adds groups entry * adds string list matcher * updates record example * updates examples * runs prettier * Fundamentals / JWT Verification page: fix links (#1180) Fix the link syntax for a couple of external links. * adds cookie secure notice * removes v0.25 mention from cookie secure setting * adds deprecation notice * adds deprecation flag to description * Update content/docs/reference/cookies.mdx * Update content/docs/reference/cookies.mdx * updates cookie setting * Update content/docs/reference/cookies.mdx Co-authored-by: Kenneth Jenkins <[email protected]> --------- Co-authored-by: Kenneth Jenkins <[email protected]> Co-authored-by: bobby <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #1146.