fix(authelia): fix networks access control (#16356)

2023-12-22 22:19:14 +02:00 · 2023-12-22 22:19:14 +02:00 · 5d04d7bdd2
parent 38ea5f1c8e
commit 5d04d7bdd2
5 changed files with 19 additions and 8 deletions
--- a/charts/enterprise/authelia/ci/basic-values.yaml
+++ b/charts/enterprise/authelia/ci/basic-values.yaml
@ -0,0 +1,8 @@
+ingress:
+  main:
+    enabled: true
+    hosts:
+      - host: auth.example.com
+        paths:
+          - path: /
+            pathType: Prefix
--- a/charts/enterprise/authelia/questions.yaml
+++ b/charts/enterprise/authelia/questions.yaml
@ -722,7 +722,7 @@ questions:
                description: "two_factor"
              - value: "deny"
                description: "deny"
-        - variable: networks
+        - variable: networks_access_control
          label: "Networks"
          schema:
            type: list
--- a/charts/enterprise/authelia/templates/_configmap.tpl
+++ b/charts/enterprise/authelia/templates/_configmap.tpl
@ -296,11 +296,14 @@ data:
      default_policy: {{ .Values.access_control.default_policy }}
    {{- end }}

-    {{- if not .Values.access_control.networks }}
+    {{- if and .Values.access_control.networks (not .Values.access_control.networks_access_control) -}}
+      {{- fail "Please change [.Values.access_control.networks] to [.Values.access_control.networks_access_control]" -}}
+    {{- end -}}
+    {{- if not .Values.access_control.networks_access_control }}
      networks: []
    {{- else }}
      networks:
-    {{- range $net := .Values.access_control.networks }}
+    {{- range $net := .Values.access_control.networks_access_control }}
      - name: {{ $net.name }}
        networks:
          {{- range $net.networks }}
--- a/charts/enterprise/authelia/templates/_secrets.tpl
+++ b/charts/enterprise/authelia/templates/_secrets.tpl
@ -29,15 +29,15 @@ data:
  ENCRYPTION_KEY: {{ $encryptionkey }}

  {{- if .Values.authentication_backend.ldap.enabled }}
-  LDAP_PASSWORD: {{ .Values.authentication_backend.ldap.plain_password }}
+  LDAP_PASSWORD: {{ .Values.authentication_backend.ldap.plain_password | quote }}
  {{- end }}

  {{- if and .Values.notifier.smtp.enabled .Values.notifier.smtp.plain_password }}
-  SMTP_PASSWORD: {{ .Values.notifier.smtp.plain_password }}
+  SMTP_PASSWORD: {{ .Values.notifier.smtp.plain_password | quote }}
  {{- end }}

  {{- if .Values.duo_api.enabled }}
-  DUO_API_KEY: {{ .Values.duo_api.plain_api_key }}
+  DUO_API_KEY: {{ .Values.duo_api.plain_api_key | quote }}
  {{- end }}

  STORAGE_PASSWORD: {{ $.Values.cnpg.main.creds.password | trimAll "\"" }}
--- a/charts/enterprise/authelia/values.yaml
+++ b/charts/enterprise/authelia/values.yaml
@ -297,8 +297,8 @@ access_control:
  ## Default policy can either be 'bypass', 'one_factor', 'two_factor' or 'deny'. It is the policy applied to any
  ## resource if there is no policy to be applied to the user.
  default_policy: deny
-  networks: []
-  # networks:
+  networks_access_control: []
+  # networks_access_control:
  # - name: private
  #   networks:
  #   - 10.0.0.0/8