Add Permissions

Elara 2024-08-04 22:27:01 +00:00
parent 6e2988bd67
commit 081d8c1c4e

36
Permissions.md Normal file

@ -0,0 +1,36 @@
## Overview
Seashell's permissions system is designed to control access to specific resources for Seashell users. Users are organized into groups, and each group can have rules to allow or deny access to specific resources. The default policy is to deny access unless explicitly allowed.
## Configuration Structure
The permissions configuration is represented as a map, where each key is the name of a group, and the value is another map containing `allow` and `deny` lists.
### Example
This example is a permission configuration for a `docker` route. In this case, members of `group1` have access to containers 1 and 2, but not 3. Any other container that isn't explicitly allowed will be denied, so `container4` would be denied even though it's not in the deny list.
```hcl
permissions = {
group1 = {
allow = ["container1", "container2"]
deny = ["container3"]
}
}
```
### Wildcards
The permissions system supports wildcards in allow/deny lists. For example, if you wanted to allow admins access to all containers, and allow `group1` to access everything that doesn't start with `admin`, you could do something like this:
```hcl
permissions = {
admins = {
allow = ["*"]
}
group1 = {
allow = ["*"]
deny = ["admin*"]
}
}
```