From 5d04d7bdd2e8f16366eb273329dd2274f8fc559a Mon Sep 17 00:00:00 2001 From: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Date: Fri, 22 Dec 2023 22:19:14 +0200 Subject: [PATCH] fix(authelia): fix networks access control (#16356) --- charts/enterprise/authelia/ci/basic-values.yaml | 8 ++++++++ charts/enterprise/authelia/questions.yaml | 2 +- charts/enterprise/authelia/templates/_configmap.tpl | 7 +++++-- charts/enterprise/authelia/templates/_secrets.tpl | 6 +++--- charts/enterprise/authelia/values.yaml | 4 ++-- 5 files changed, 19 insertions(+), 8 deletions(-) create mode 100644 charts/enterprise/authelia/ci/basic-values.yaml diff --git a/charts/enterprise/authelia/ci/basic-values.yaml b/charts/enterprise/authelia/ci/basic-values.yaml new file mode 100644 index 00000000000..45d15f61097 --- /dev/null +++ b/charts/enterprise/authelia/ci/basic-values.yaml @@ -0,0 +1,8 @@ +ingress: + main: + enabled: true + hosts: + - host: auth.example.com + paths: + - path: / + pathType: Prefix diff --git a/charts/enterprise/authelia/questions.yaml b/charts/enterprise/authelia/questions.yaml index b1ca14d1ac4..d6f95a238f3 100644 --- a/charts/enterprise/authelia/questions.yaml +++ b/charts/enterprise/authelia/questions.yaml @@ -722,7 +722,7 @@ questions: description: "two_factor" - value: "deny" description: "deny" - - variable: networks + - variable: networks_access_control label: "Networks" schema: type: list diff --git a/charts/enterprise/authelia/templates/_configmap.tpl b/charts/enterprise/authelia/templates/_configmap.tpl index 92fcd45a4a2..c100da838fd 100644 --- a/charts/enterprise/authelia/templates/_configmap.tpl +++ b/charts/enterprise/authelia/templates/_configmap.tpl @@ -296,11 +296,14 @@ data: default_policy: {{ .Values.access_control.default_policy }} {{- end }} - {{- if not .Values.access_control.networks }} + {{- if and .Values.access_control.networks (not .Values.access_control.networks_access_control) -}} + {{- fail "Please change [.Values.access_control.networks] to [.Values.access_control.networks_access_control]" -}} + {{- end -}} + {{- if not .Values.access_control.networks_access_control }} networks: [] {{- else }} networks: - {{- range $net := .Values.access_control.networks }} + {{- range $net := .Values.access_control.networks_access_control }} - name: {{ $net.name }} networks: {{- range $net.networks }} diff --git a/charts/enterprise/authelia/templates/_secrets.tpl b/charts/enterprise/authelia/templates/_secrets.tpl index 14ed88d973d..4445f29e909 100644 --- a/charts/enterprise/authelia/templates/_secrets.tpl +++ b/charts/enterprise/authelia/templates/_secrets.tpl @@ -29,15 +29,15 @@ data: ENCRYPTION_KEY: {{ $encryptionkey }} {{- if .Values.authentication_backend.ldap.enabled }} - LDAP_PASSWORD: {{ .Values.authentication_backend.ldap.plain_password }} + LDAP_PASSWORD: {{ .Values.authentication_backend.ldap.plain_password | quote }} {{- end }} {{- if and .Values.notifier.smtp.enabled .Values.notifier.smtp.plain_password }} - SMTP_PASSWORD: {{ .Values.notifier.smtp.plain_password }} + SMTP_PASSWORD: {{ .Values.notifier.smtp.plain_password | quote }} {{- end }} {{- if .Values.duo_api.enabled }} - DUO_API_KEY: {{ .Values.duo_api.plain_api_key }} + DUO_API_KEY: {{ .Values.duo_api.plain_api_key | quote }} {{- end }} STORAGE_PASSWORD: {{ $.Values.cnpg.main.creds.password | trimAll "\"" }} diff --git a/charts/enterprise/authelia/values.yaml b/charts/enterprise/authelia/values.yaml index be2421983cc..6079b4463f3 100644 --- a/charts/enterprise/authelia/values.yaml +++ b/charts/enterprise/authelia/values.yaml @@ -297,8 +297,8 @@ access_control: ## Default policy can either be 'bypass', 'one_factor', 'two_factor' or 'deny'. It is the policy applied to any ## resource if there is no policy to be applied to the user. default_policy: deny - networks: [] - # networks: + networks_access_control: [] + # networks_access_control: # - name: private # networks: # - 10.0.0.0/8