zot/pkg/api/config/config.go

package config

import (
	"fmt"
	"time"

	"github.com/getlantern/deepcopy"
	distspec "github.com/opencontainers/distribution-spec/specs-go"
	"github.com/spf13/viper"
	"zotregistry.io/zot/errors"
	extconf "zotregistry.io/zot/pkg/extensions/config"
	"zotregistry.io/zot/pkg/log"
	"zotregistry.io/zot/pkg/storage"
)

var (
	Commit     string // nolint: gochecknoglobals
	BinaryType string // nolint: gochecknoglobals
	GoVersion  string // nolint: gochecknoglobals
)

type StorageConfig struct {
	RootDirectory string
	GC            bool
	Dedupe        bool
	Commit        bool
	GCDelay       time.Duration
	GCInterval    time.Duration
	StorageDriver map[string]interface{} `mapstructure:",omitempty"`
}

type TLSConfig struct {
	Cert   string
	Key    string
	CACert string
}

type AuthHTPasswd struct {
	Path string
}

type AuthConfig struct {
	FailDelay int
	HTPasswd  AuthHTPasswd
	LDAP      *LDAPConfig
	Bearer    *BearerConfig
}

type BearerConfig struct {
	Realm   string
	Service string
	Cert    string
}

type MethodRatelimitConfig struct {
	Method string
	Rate   int
}

type RatelimitConfig struct {
	Rate    *int                    // requests per second
	Methods []MethodRatelimitConfig `mapstructure:",omitempty"`
}

type HTTPConfig struct {
	Address          string
	Port             string
	AllowOrigin      string // comma separated
	TLS              *TLSConfig
	Auth             *AuthConfig
	RawAccessControl map[string]interface{} `mapstructure:"accessControl,omitempty"`
	Realm            string
	AllowReadAccess  bool             `mapstructure:",omitempty"`
	ReadOnly         bool             `mapstructure:",omitempty"`
	Ratelimit        *RatelimitConfig `mapstructure:",omitempty"`
}

type LDAPConfig struct {
	Port          int
	Insecure      bool
	StartTLS      bool // if !Insecure, then StartTLS or LDAPs
	SkipVerify    bool
	SubtreeSearch bool
	Address       string
	BindDN        string
	BindPassword  string
	BaseDN        string
	UserAttribute string
	CACert        string
}

type LogConfig struct {
	Level  string
	Output string
	Audit  string
}

type GlobalStorageConfig struct {
	Dedupe        bool
	GC            bool
	Commit        bool
	GCDelay       time.Duration
	GCInterval    time.Duration
	RootDirectory string
	StorageDriver map[string]interface{} `mapstructure:",omitempty"`
	SubPaths      map[string]StorageConfig
}

type AccessControlConfig struct {
	Repositories Repositories
	AdminPolicy  Policy
}

type Repositories map[string]PolicyGroup

type PolicyGroup struct {
	Policies      []Policy
	DefaultPolicy []string
}

type Policy struct {
	Users   []string
	Actions []string
}

type Config struct {
	DistSpecVersion string `json:"distSpecVersion" mapstructure:"distSpecVersion"`
	GoVersion       string
	Commit          string
	BinaryType      string
	AccessControl   *AccessControlConfig
	Storage         GlobalStorageConfig
	HTTP            HTTPConfig
	Log             *LogConfig
	Extensions      *extconf.ExtensionConfig
}

func New() *Config {
	return &Config{
		DistSpecVersion: distspec.Version,
		GoVersion:       GoVersion,
		Commit:          Commit,
		BinaryType:      BinaryType,
		Storage:         GlobalStorageConfig{GC: true, GCDelay: storage.DefaultGCDelay, Dedupe: true},
		HTTP:            HTTPConfig{Address: "127.0.0.1", Port: "8080"},
		Log:             &LogConfig{Level: "debug"},
	}
}

// Sanitize makes a sanitized copy of the config removing any secrets.
func (c *Config) Sanitize() *Config {
	sanitizedConfig := &Config{}
	if err := deepcopy.Copy(sanitizedConfig, c); err != nil {
		panic(err)
	}

	if c.HTTP.Auth != nil && c.HTTP.Auth.LDAP != nil && c.HTTP.Auth.LDAP.BindPassword != "" {
		sanitizedConfig.HTTP.Auth.LDAP = &LDAPConfig{}

		if err := deepcopy.Copy(sanitizedConfig.HTTP.Auth.LDAP, c.HTTP.Auth.LDAP); err != nil {
			panic(err)
		}

		sanitizedConfig.HTTP.Auth.LDAP.BindPassword = "******"
	}

	return sanitizedConfig
}

func (c *Config) Validate(log log.Logger) error {
	// LDAP configuration
	if c.HTTP.Auth != nil && c.HTTP.Auth.LDAP != nil {
		l := c.HTTP.Auth.LDAP
		if l.UserAttribute == "" {
			log.Error().Str("userAttribute", l.UserAttribute).Msg("invalid LDAP configuration")

			return errors.ErrLDAPConfig
		}
	}

	return nil
}

// LoadAccessControlConfig populates config.AccessControl struct with values from config.
func (c *Config) LoadAccessControlConfig(viperInstance *viper.Viper) error {
	if c.HTTP.RawAccessControl == nil {
		return nil
	}

	c.AccessControl = &AccessControlConfig{}
	c.AccessControl.Repositories = make(map[string]PolicyGroup)

	for policy := range c.HTTP.RawAccessControl {
		var policies []Policy

		var policyGroup PolicyGroup

		if policy == "adminpolicy" {
			adminPolicy := viperInstance.GetStringMapStringSlice("http::accessControl::adminPolicy")
			c.AccessControl.AdminPolicy.Actions = adminPolicy["actions"]
			c.AccessControl.AdminPolicy.Users = adminPolicy["users"]

			continue
		}

		err := viperInstance.UnmarshalKey(fmt.Sprintf("http::accessControl::%s::policies", policy), &policies)
		if err != nil {
			return err
		}

		defaultPolicy := viperInstance.GetStringSlice(fmt.Sprintf("http::accessControl::%s::defaultPolicy", policy))
		policyGroup.Policies = policies
		policyGroup.DefaultPolicy = defaultPolicy
		c.AccessControl.Repositories[policy] = policyGroup
	}

	return nil
}
Added new extension "sync" Periodically poll registries and pull images according to sync's config Added sync on demand, syncing when clients asks for an image which zot doesn't have. Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2021-06-08 15:11:18 -05:00			`package config`
zot: initial commit 2019-06-20 18:36:40 -05:00
			`import (`
Add identity-based access control, closes #51 Add a cli subcommand to verify config files validity 2021-05-13 13:59:12 -05:00			`"fmt"`
gc: add a gcDelay param Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> 2022-02-09 19:51:35 -05:00			`"time"`
Add identity-based access control, closes #51 Add a cli subcommand to verify config files validity 2021-05-13 13:59:12 -05:00
auth: add LDAP support fixes #23 2019-08-15 11:34:54 -05:00			`"github.com/getlantern/deepcopy"`
go.mod: update modules 2021-05-21 15:47:28 -05:00			`distspec "github.com/opencontainers/distribution-spec/specs-go"`
Add identity-based access control, closes #51 Add a cli subcommand to verify config files validity 2021-05-13 13:59:12 -05:00			`"github.com/spf13/viper"`
move references to zotregistry.io and project-zot Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> 2021-12-03 22:50:58 -05:00			`"zotregistry.io/zot/errors"`
			`extconf "zotregistry.io/zot/pkg/extensions/config"`
			`"zotregistry.io/zot/pkg/log"`
gc: add a gcDelay param Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> 2022-02-09 19:51:35 -05:00			`"zotregistry.io/zot/pkg/storage"`
zot: initial commit 2019-06-20 18:36:40 -05:00			`)`

ci/cd:inculde binary type in version information 2021-02-12 19:52:02 -05:00			`var (`
			`Commit string // nolint: gochecknoglobals`
			`BinaryType string // nolint: gochecknoglobals`
Implement an API for performance monitoring Signed-off-by: Alexei Dodon <adodon@cisco.com> 2021-10-15 10:05:00 -05:00			`GoVersion string // nolint: gochecknoglobals`
ci/cd:inculde binary type in version information 2021-02-12 19:52:02 -05:00			`)`
version: add commit id to binary during build 2019-09-16 13:01:59 -05:00
zot: initial commit 2019-06-20 18:36:40 -05:00			`type StorageConfig struct {`
			`RootDirectory string`
config: add gc and dedupe as configurable params (default to enabled) Since we want to conform to dist-spec, sometimes the gc and dedupe optimizations conflict with the conformance tests that are being run. So allow them to be turned off via configuration params. 2020-04-15 18:24:05 -05:00			`GC bool`
			`Dedupe bool`
storage: flush/sync contents to disk on file close Behavior controlled by configuration (default=off) It is a trade-off between performance and consistency. References: [1] https://github.com/golang/go/issues/20599 Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> 2022-01-20 23:11:44 -05:00			`Commit bool`
gc: add a gcDelay param Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> 2022-02-09 19:51:35 -05:00			`GCDelay time.Duration`
make gc periodic Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com> 2022-03-21 13:40:37 -05:00			`GCInterval time.Duration`
storage: add s3 backend support (without GC and dedupe) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2021-07-16 22:53:05 -05:00			StorageDriver map[string]interface{} `mapstructure:",omitempty"`
zot: initial commit 2019-06-20 18:36:40 -05:00			`}`

			`type TLSConfig struct {`
			`Cert string`
			`Key string`
			`CACert string`
			`}`

			`type AuthHTPasswd struct {`
			`Path string`
			`}`

			`type AuthConfig struct {`
			`FailDelay int`
			`HTPasswd AuthHTPasswd`
auth: add LDAP support fixes #23 2019-08-15 11:34:54 -05:00			`LDAP *LDAPConfig`
Add support for bearer/token auth New options added to configuration file to reference a public key used to validate authorization tokens signed by an auth server with corresponding private key. Resolves #24 Signed-off-by: Peter Engelbert <pmengelbert@gmail.com> 2020-01-24 16:32:38 -05:00			`Bearer *BearerConfig`
			`}`

			`type BearerConfig struct {`
			`Realm string`
			`Service string`
			`Cert string`
zot: initial commit 2019-06-20 18:36:40 -05:00			`}`

controller: support rate-limiting incoming requests helps constraining resource usage and against flood attacks. Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> 2022-01-21 15:30:09 -05:00			`type MethodRatelimitConfig struct {`
			`Method string`
			`Rate int`
			`}`

			`type RatelimitConfig struct {`
			`Rate *int // requests per second`
			Methods []MethodRatelimitConfig `mapstructure:",omitempty"`
			`}`

zot: initial commit 2019-06-20 18:36:40 -05:00			`type HTTPConfig struct {`
Add identity-based access control, closes #51 Add a cli subcommand to verify config files validity 2021-05-13 13:59:12 -05:00			`Address string`
			`Port string`
routes: changes required to do browser authentication whenever we make a request that contains header apart from CORS allowed header, browser sends a preflight request and in response accept Access-Control-Allow-Headers. preflight request is in form of OPTIONS method, added new http handler func to set headers and returns HTTP status ok in case of OPTIONS method. in case of authorization, request contains authorization header added authorization header in Access-Control-Allow-Headers list added AllowOrigin field in HTTPConfig this field value is set to Access-Control-Allow-Origin header and will give zot adminstrator to limit incoming request. Signed-off-by: Shivam Mishra <shimish2@cisco.com> 2022-02-15 20:15:13 -05:00			`AllowOrigin string // comma separated`
Add identity-based access control, closes #51 Add a cli subcommand to verify config files validity 2021-05-13 13:59:12 -05:00			`TLS *TLSConfig`
			`Auth *AuthConfig`
			RawAccessControl map[string]interface{} `mapstructure:"accessControl,omitempty"`
			`Realm string`
controller: support rate-limiting incoming requests helps constraining resource usage and against flood attacks. Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> 2022-01-21 15:30:09 -05:00			AllowReadAccess bool `mapstructure:",omitempty"`
			ReadOnly bool `mapstructure:",omitempty"`
			Ratelimit *RatelimitConfig `mapstructure:",omitempty"`
zot: initial commit 2019-06-20 18:36:40 -05:00			`}`

auth: add LDAP support fixes #23 2019-08-15 11:34:54 -05:00			`type LDAPConfig struct {`
			`Port int`
			`Insecure bool`
			`StartTLS bool // if !Insecure, then StartTLS or LDAPs`
			`SkipVerify bool`
			`SubtreeSearch bool`
			`Address string`
			`BindDN string`
			`BindPassword string`
			`BaseDN string`
			`UserAttribute string`
			`CACert string`
			`}`

zot: initial commit 2019-06-20 18:36:40 -05:00			`type LogConfig struct {`
			`Level string`
			`Output string`
logs: add an audit log for API calls with unit tests resolves #178 2021-05-25 03:38:21 -05:00			`Audit string`
zot: initial commit 2019-06-20 18:36:40 -05:00			`}`

config: support multiple storage locations added support to point multiple storage locations in zot by running multiple instance of zot in background. see examples/config-multiple.json for more info about config. Closes #181 2021-04-05 19:40:33 -05:00			`type GlobalStorageConfig struct {`
			`Dedupe bool`
			`GC bool`
storage: flush/sync contents to disk on file close Behavior controlled by configuration (default=off) It is a trade-off between performance and consistency. References: [1] https://github.com/golang/go/issues/20599 Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> 2022-01-20 23:11:44 -05:00			`Commit bool`
gc: add a gcDelay param Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> 2022-02-09 19:51:35 -05:00			`GCDelay time.Duration`
make gc periodic Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com> 2022-03-21 13:40:37 -05:00			`GCInterval time.Duration`
storage: flush/sync contents to disk on file close Behavior controlled by configuration (default=off) It is a trade-off between performance and consistency. References: [1] https://github.com/golang/go/issues/20599 Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> 2022-01-20 23:11:44 -05:00			`RootDirectory string`
storage: add s3 backend support (without GC and dedupe) Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2021-07-16 22:53:05 -05:00			StorageDriver map[string]interface{} `mapstructure:",omitempty"`
config: support multiple storage locations added support to point multiple storage locations in zot by running multiple instance of zot in background. see examples/config-multiple.json for more info about config. Closes #181 2021-04-05 19:40:33 -05:00			`SubPaths map[string]StorageConfig`
			`}`

Added new extension "sync" Periodically poll registries and pull images according to sync's config Added sync on demand, syncing when clients asks for an image which zot doesn't have. Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2021-06-08 15:11:18 -05:00			`type AccessControlConfig struct {`
			`Repositories Repositories`
			`AdminPolicy Policy`
			`}`

			`type Repositories map[string]PolicyGroup`

			`type PolicyGroup struct {`
			`Policies []Policy`
			`DefaultPolicy []string`
			`}`

			`type Policy struct {`
			`Users []string`
			`Actions []string`
			`}`

zot: initial commit 2019-06-20 18:36:40 -05:00			`type Config struct {`
Update dist-spec version automatically Warning if config has wrong dist-spec version Signed-off-by: laurentiuNiculae <themelopeus@gmail.com> 2022-03-07 07:50:15 -05:00			DistSpecVersion string `json:"distSpecVersion" mapstructure:"distSpecVersion"`
			`GoVersion string`
			`Commit string`
			`BinaryType string`
			`AccessControl *AccessControlConfig`
			`Storage GlobalStorageConfig`
			`HTTP HTTPConfig`
			`Log *LogConfig`
			`Extensions *extconf.ExtensionConfig`
zot: initial commit 2019-06-20 18:36:40 -05:00			`}`

Added new extension "sync" Periodically poll registries and pull images according to sync's config Added sync on demand, syncing when clients asks for an image which zot doesn't have. Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2021-06-08 15:11:18 -05:00			`func New() *Config {`
zot: initial commit 2019-06-20 18:36:40 -05:00			`return &Config{`
Update dist-spec version automatically Warning if config has wrong dist-spec version Signed-off-by: laurentiuNiculae <themelopeus@gmail.com> 2022-03-07 07:50:15 -05:00			`DistSpecVersion: distspec.Version,`
			`GoVersion: GoVersion,`
			`Commit: Commit,`
			`BinaryType: BinaryType,`
			`Storage: GlobalStorageConfig{GC: true, GCDelay: storage.DefaultGCDelay, Dedupe: true},`
			`HTTP: HTTPConfig{Address: "127.0.0.1", Port: "8080"},`
			`Log: &LogConfig{Level: "debug"},`
auth: add LDAP support fixes #23 2019-08-15 11:34:54 -05:00			`}`
			`}`

Upgraded build pipeline Go version changed to 1.14.4 Golangci-lint changed to 1.26.0 Bazel version changed to 3.0.0 Bazel rules_go version changed to 0.23.3 Bazel gazelle version changed to v0.21.0 Bazel build tools version changed to 0.25.1 Bazel skylib version changed to 1.0.2 2020-05-11 17:13:24 -05:00			`// Sanitize makes a sanitized copy of the config removing any secrets.`
auth: add LDAP support fixes #23 2019-08-15 11:34:54 -05:00			`func (c Config) Sanitize() Config {`
lint: upgrade golangci-lint Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> 2021-12-13 14:23:31 -05:00			`sanitizedConfig := &Config{}`
			`if err := deepcopy.Copy(sanitizedConfig, c); err != nil {`
Added new extension "sync" Periodically poll registries and pull images according to sync's config Added sync on demand, syncing when clients asks for an image which zot doesn't have. Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2021-06-08 15:11:18 -05:00			`panic(err)`
			`}`
Fixing all the issues with upgrading to golangci-lint 1.21.0 2019-12-13 00:53:18 -05:00
Added new extension "sync" Periodically poll registries and pull images according to sync's config Added sync on demand, syncing when clients asks for an image which zot doesn't have. Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2021-06-08 15:11:18 -05:00			`if c.HTTP.Auth != nil && c.HTTP.Auth.LDAP != nil && c.HTTP.Auth.LDAP.BindPassword != "" {`
lint: upgrade golangci-lint Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> 2021-12-13 14:23:31 -05:00			`sanitizedConfig.HTTP.Auth.LDAP = &LDAPConfig{}`
Fixing all the issues with upgrading to golangci-lint 1.21.0 2019-12-13 00:53:18 -05:00
lint: upgrade golangci-lint Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> 2021-12-13 14:23:31 -05:00			`if err := deepcopy.Copy(sanitizedConfig.HTTP.Auth.LDAP, c.HTTP.Auth.LDAP); err != nil {`
auth: add LDAP support fixes #23 2019-08-15 11:34:54 -05:00			`panic(err)`
			`}`
Fixing all the issues with upgrading to golangci-lint 1.21.0 2019-12-13 00:53:18 -05:00
lint: upgrade golangci-lint Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> 2021-12-13 14:23:31 -05:00			`sanitizedConfig.HTTP.Auth.LDAP.BindPassword = "******"`
auth: add LDAP support fixes #23 2019-08-15 11:34:54 -05:00			`}`
Fixing all the issues with upgrading to golangci-lint 1.21.0 2019-12-13 00:53:18 -05:00
lint: upgrade golangci-lint Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> 2021-12-13 14:23:31 -05:00			`return sanitizedConfig`
auth: add LDAP support fixes #23 2019-08-15 11:34:54 -05:00			`}`

log: improve logging - add a panic recovery handler - add logs on unexpected error paths - use logger's panic method 2019-11-25 17:33:58 -05:00			`func (c *Config) Validate(log log.Logger) error {`
auth: add LDAP support fixes #23 2019-08-15 11:34:54 -05:00			`// LDAP configuration`
			`if c.HTTP.Auth != nil && c.HTTP.Auth.LDAP != nil {`
			`l := c.HTTP.Auth.LDAP`
			`if l.UserAttribute == "" {`
			`log.Error().Str("userAttribute", l.UserAttribute).Msg("invalid LDAP configuration")`
lint: upgrade golangci-lint Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> 2021-12-13 14:23:31 -05:00
auth: add LDAP support fixes #23 2019-08-15 11:34:54 -05:00			`return errors.ErrLDAPConfig`
			`}`
zot: initial commit 2019-06-20 18:36:40 -05:00			`}`
Fixing all the issues with upgrading to golangci-lint 1.21.0 2019-12-13 00:53:18 -05:00
auth: add LDAP support fixes #23 2019-08-15 11:34:54 -05:00			`return nil`
zot: initial commit 2019-06-20 18:36:40 -05:00			`}`
Add identity-based access control, closes #51 Add a cli subcommand to verify config files validity 2021-05-13 13:59:12 -05:00
			`// LoadAccessControlConfig populates config.AccessControl struct with values from config.`
[Identity-based Authorization] Add an option to specify a global policy for all repositories using regex. Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2021-09-10 10:23:26 -05:00			`func (c Config) LoadAccessControlConfig(viperInstance viper.Viper) error {`
Add identity-based access control, closes #51 Add a cli subcommand to verify config files validity 2021-05-13 13:59:12 -05:00			`if c.HTTP.RawAccessControl == nil {`
			`return nil`
			`}`

			`c.AccessControl = &AccessControlConfig{}`
			`c.AccessControl.Repositories = make(map[string]PolicyGroup)`

lint: upgrade golangci-lint Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> 2021-12-13 14:23:31 -05:00			`for policy := range c.HTTP.RawAccessControl {`
Add identity-based access control, closes #51 Add a cli subcommand to verify config files validity 2021-05-13 13:59:12 -05:00			`var policies []Policy`

			`var policyGroup PolicyGroup`

lint: upgrade golangci-lint Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> 2021-12-13 14:23:31 -05:00			`if policy == "adminpolicy" {`
[Identity-based Authorization] Add an option to specify a global policy for all repositories using regex. Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2021-09-10 10:23:26 -05:00			`adminPolicy := viperInstance.GetStringMapStringSlice("http::accessControl::adminPolicy")`
Add identity-based access control, closes #51 Add a cli subcommand to verify config files validity 2021-05-13 13:59:12 -05:00			`c.AccessControl.AdminPolicy.Actions = adminPolicy["actions"]`
			`c.AccessControl.AdminPolicy.Users = adminPolicy["users"]`

			`continue`
			`}`

[Identity-based Authorization] Add an option to specify a global policy for all repositories using regex. Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2021-09-10 10:23:26 -05:00			`err := viperInstance.UnmarshalKey(fmt.Sprintf("http::accessControl::%s::policies", policy), &policies)`
Add identity-based access control, closes #51 Add a cli subcommand to verify config files validity 2021-05-13 13:59:12 -05:00			`if err != nil {`
			`return err`
			`}`

[Identity-based Authorization] Add an option to specify a global policy for all repositories using regex. Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2021-09-10 10:23:26 -05:00			`defaultPolicy := viperInstance.GetStringSlice(fmt.Sprintf("http::accessControl::%s::defaultPolicy", policy))`
Add identity-based access control, closes #51 Add a cli subcommand to verify config files validity 2021-05-13 13:59:12 -05:00			`policyGroup.Policies = policies`
			`policyGroup.DefaultPolicy = defaultPolicy`
lint: upgrade golangci-lint Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> 2021-12-13 14:23:31 -05:00			`c.AccessControl.Repositories[policy] = policyGroup`
Add identity-based access control, closes #51 Add a cli subcommand to verify config files validity 2021-05-13 13:59:12 -05:00			`}`

			`return nil`
			`}`