Goal: 

As a Developer, I want a middleware that centralize RBAC authorization for the backend service that satisfies:

• For every authorized permissions for some, the middleware allows the operation.

• By default if no required permission is found reject with 403 Unauthorized.
• The middleware is skipped for endpoints not intended for use by users / service accounts.

Instead of starting from zero, use what currently is working for hmscontent; I suggest decoupling the mapping in a YAML file (even if this YAML file is included in the binary): 

https://github.com/content-services/content-sources-backend/tree/main/pkg/middleware 

Note:

The endpoints not related with users are:

• GET /signing_keys (public access is OK for this resource)
• POST /host-conf/:inventory_id/:fqdn
• PUT /domains/:uuid
• POST /domains/:uuid

In most cases, use of these endpoints will be subject to checks that the client is a machine account (authenticated by certificate). User access is prevented based on the account type, rather than relying on RBAC.  This behaviour is provided by a different middleware.

PR at: https://github.com/podengo-project/idmsvc-backend/pull/146