From bace35fd164c2337a56050ccce0703f663263370 Mon Sep 17 00:00:00 2001
From: Farshid Tavakolizadeh <email@farshid.ws>
Date: Fri, 21 Aug 2020 17:50:46 +0200
Subject: [PATCH] Upgrade go-sec to allow authz rules with clients only

---
 go.mod                                             | 2 +-
 go.sum                                             | 2 ++
 vendor/github.com/linksmart/go-sec/authz/config.go | 4 ++--
 vendor/modules.txt                                 | 2 +-
 4 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/go.mod b/go.mod
index e9fda1b8..f0ef0538 100644
--- a/go.mod
+++ b/go.mod
@@ -12,7 +12,7 @@ require (
 	github.com/grandcat/zeroconf v1.0.1-0.20200528163356-cfc8183341d9
 	github.com/justinas/alice v0.0.0-20160512134231-052b8b6c18ed
 	github.com/kelseyhightower/envconfig v1.4.0
-	github.com/linksmart/go-sec v1.3.2
+	github.com/linksmart/go-sec v1.3.3
 	github.com/linksmart/service-catalog/v3 v3.0.0-beta.1.0.20200302143206-92739dd2a511
 	github.com/miekg/dns v1.1.29 // indirect
 	github.com/onsi/ginkgo v1.12.0 // indirect
diff --git a/go.sum b/go.sum
index 738d11fc..c578a18a 100644
--- a/go.sum
+++ b/go.sum
@@ -48,6 +48,8 @@ github.com/linksmart/go-sec v1.0.1 h1:UNeRj81/KHCy4hkFcZn7x5N/nM+uNxe+xsLBQzNF7k
 github.com/linksmart/go-sec v1.0.1/go.mod h1:bTksBzP6fCEwIM43z8m3jSRa4YIAWdUwMBYjcoftm1c=
 github.com/linksmart/go-sec v1.3.2 h1:FSW9bvXGFZouNAqJYuv9Kh7Bfhbkezt9V/6/hbgMbAw=
 github.com/linksmart/go-sec v1.3.2/go.mod h1:W9EZRLqptioAzaxMjWEKzd5jye53aoRzMi4KO+FCFjY=
+github.com/linksmart/go-sec v1.3.3 h1:i+wVndlGK4jWujpFWxn1rXZpxkSvDj8GLf9KXAZkTZk=
+github.com/linksmart/go-sec v1.3.3/go.mod h1:W9EZRLqptioAzaxMjWEKzd5jye53aoRzMi4KO+FCFjY=
 github.com/linksmart/service-catalog/v3 v3.0.0-beta.1.0.20200302143206-92739dd2a511 h1:JNHuaKtZUDsgbGJ5bdFBZ4vIUlJB7EBvjLdSaNOFatQ=
 github.com/linksmart/service-catalog/v3 v3.0.0-beta.1.0.20200302143206-92739dd2a511/go.mod h1:2C0k5NvYvMgX2y095WCfuhpfZyKrZXX/TjYxlgR9K8g=
 github.com/miekg/dns v1.1.27 h1:aEH/kqUzUxGJ/UHcEKdJY+ugH6WEzsEBBSPa8zuy1aM=
diff --git a/vendor/github.com/linksmart/go-sec/authz/config.go b/vendor/github.com/linksmart/go-sec/authz/config.go
index 57275fdd..fbbe7085 100644
--- a/vendor/github.com/linksmart/go-sec/authz/config.go
+++ b/vendor/github.com/linksmart/go-sec/authz/config.go
@@ -32,8 +32,8 @@ func (authz *Conf) Validate() error {
 		if len(rule.Methods) == 0 {
 			return errors.New("no methods in an authorization rule")
 		}
-		if len(rule.Users) == 0 && len(rule.Groups) == 0 {
-			return errors.New("at least one user or group must be assigned to each authorization rule")
+		if len(rule.Users)+len(rule.Groups)+len(rule.Clients) == 0 {
+			return errors.New("at least one user, group, or client must be set in each authorization rule")
 		}
 	}
 
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 52fd987a..1f53bb9a 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -43,7 +43,7 @@ github.com/justinas/alice
 # github.com/kelseyhightower/envconfig v1.4.0
 ## explicit
 github.com/kelseyhightower/envconfig
-# github.com/linksmart/go-sec v1.3.2
+# github.com/linksmart/go-sec v1.3.3
 ## explicit
 github.com/linksmart/go-sec/auth/keycloak/obtainer
 github.com/linksmart/go-sec/auth/keycloak/validator