fix(authelia): fix networks access control (#16356)
This commit is contained in:
parent
38ea5f1c8e
commit
5d04d7bdd2
|
@ -0,0 +1,8 @@
|
|||
ingress:
|
||||
main:
|
||||
enabled: true
|
||||
hosts:
|
||||
- host: auth.example.com
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
|
@ -722,7 +722,7 @@ questions:
|
|||
description: "two_factor"
|
||||
- value: "deny"
|
||||
description: "deny"
|
||||
- variable: networks
|
||||
- variable: networks_access_control
|
||||
label: "Networks"
|
||||
schema:
|
||||
type: list
|
||||
|
|
|
@ -296,11 +296,14 @@ data:
|
|||
default_policy: {{ .Values.access_control.default_policy }}
|
||||
{{- end }}
|
||||
|
||||
{{- if not .Values.access_control.networks }}
|
||||
{{- if and .Values.access_control.networks (not .Values.access_control.networks_access_control) -}}
|
||||
{{- fail "Please change [.Values.access_control.networks] to [.Values.access_control.networks_access_control]" -}}
|
||||
{{- end -}}
|
||||
{{- if not .Values.access_control.networks_access_control }}
|
||||
networks: []
|
||||
{{- else }}
|
||||
networks:
|
||||
{{- range $net := .Values.access_control.networks }}
|
||||
{{- range $net := .Values.access_control.networks_access_control }}
|
||||
- name: {{ $net.name }}
|
||||
networks:
|
||||
{{- range $net.networks }}
|
||||
|
|
|
@ -29,15 +29,15 @@ data:
|
|||
ENCRYPTION_KEY: {{ $encryptionkey }}
|
||||
|
||||
{{- if .Values.authentication_backend.ldap.enabled }}
|
||||
LDAP_PASSWORD: {{ .Values.authentication_backend.ldap.plain_password }}
|
||||
LDAP_PASSWORD: {{ .Values.authentication_backend.ldap.plain_password | quote }}
|
||||
{{- end }}
|
||||
|
||||
{{- if and .Values.notifier.smtp.enabled .Values.notifier.smtp.plain_password }}
|
||||
SMTP_PASSWORD: {{ .Values.notifier.smtp.plain_password }}
|
||||
SMTP_PASSWORD: {{ .Values.notifier.smtp.plain_password | quote }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.duo_api.enabled }}
|
||||
DUO_API_KEY: {{ .Values.duo_api.plain_api_key }}
|
||||
DUO_API_KEY: {{ .Values.duo_api.plain_api_key | quote }}
|
||||
{{- end }}
|
||||
|
||||
STORAGE_PASSWORD: {{ $.Values.cnpg.main.creds.password | trimAll "\"" }}
|
||||
|
|
|
@ -297,8 +297,8 @@ access_control:
|
|||
## Default policy can either be 'bypass', 'one_factor', 'two_factor' or 'deny'. It is the policy applied to any
|
||||
## resource if there is no policy to be applied to the user.
|
||||
default_policy: deny
|
||||
networks: []
|
||||
# networks:
|
||||
networks_access_control: []
|
||||
# networks_access_control:
|
||||
# - name: private
|
||||
# networks:
|
||||
# - 10.0.0.0/8
|
||||
|
|
Loading…
Reference in New Issue