fix(authelia): fix networks access control (#16356)

This commit is contained in:
Stavros Kois 2023-12-22 22:19:14 +02:00 committed by GitHub
parent 38ea5f1c8e
commit 5d04d7bdd2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 19 additions and 8 deletions

View File

@ -0,0 +1,8 @@
ingress:
main:
enabled: true
hosts:
- host: auth.example.com
paths:
- path: /
pathType: Prefix

View File

@ -722,7 +722,7 @@ questions:
description: "two_factor"
- value: "deny"
description: "deny"
- variable: networks
- variable: networks_access_control
label: "Networks"
schema:
type: list

View File

@ -296,11 +296,14 @@ data:
default_policy: {{ .Values.access_control.default_policy }}
{{- end }}
{{- if not .Values.access_control.networks }}
{{- if and .Values.access_control.networks (not .Values.access_control.networks_access_control) -}}
{{- fail "Please change [.Values.access_control.networks] to [.Values.access_control.networks_access_control]" -}}
{{- end -}}
{{- if not .Values.access_control.networks_access_control }}
networks: []
{{- else }}
networks:
{{- range $net := .Values.access_control.networks }}
{{- range $net := .Values.access_control.networks_access_control }}
- name: {{ $net.name }}
networks:
{{- range $net.networks }}

View File

@ -29,15 +29,15 @@ data:
ENCRYPTION_KEY: {{ $encryptionkey }}
{{- if .Values.authentication_backend.ldap.enabled }}
LDAP_PASSWORD: {{ .Values.authentication_backend.ldap.plain_password }}
LDAP_PASSWORD: {{ .Values.authentication_backend.ldap.plain_password | quote }}
{{- end }}
{{- if and .Values.notifier.smtp.enabled .Values.notifier.smtp.plain_password }}
SMTP_PASSWORD: {{ .Values.notifier.smtp.plain_password }}
SMTP_PASSWORD: {{ .Values.notifier.smtp.plain_password | quote }}
{{- end }}
{{- if .Values.duo_api.enabled }}
DUO_API_KEY: {{ .Values.duo_api.plain_api_key }}
DUO_API_KEY: {{ .Values.duo_api.plain_api_key | quote }}
{{- end }}
STORAGE_PASSWORD: {{ $.Values.cnpg.main.creds.password | trimAll "\"" }}

View File

@ -297,8 +297,8 @@ access_control:
## Default policy can either be 'bypass', 'one_factor', 'two_factor' or 'deny'. It is the policy applied to any
## resource if there is no policy to be applied to the user.
default_policy: deny
networks: []
# networks:
networks_access_control: []
# networks_access_control:
# - name: private
# networks:
# - 10.0.0.0/8