fix(authelia): fix networks access control (#16356)
This commit is contained in:
parent
38ea5f1c8e
commit
5d04d7bdd2
|
@ -0,0 +1,8 @@
|
||||||
|
ingress:
|
||||||
|
main:
|
||||||
|
enabled: true
|
||||||
|
hosts:
|
||||||
|
- host: auth.example.com
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
|
@ -722,7 +722,7 @@ questions:
|
||||||
description: "two_factor"
|
description: "two_factor"
|
||||||
- value: "deny"
|
- value: "deny"
|
||||||
description: "deny"
|
description: "deny"
|
||||||
- variable: networks
|
- variable: networks_access_control
|
||||||
label: "Networks"
|
label: "Networks"
|
||||||
schema:
|
schema:
|
||||||
type: list
|
type: list
|
||||||
|
|
|
@ -296,11 +296,14 @@ data:
|
||||||
default_policy: {{ .Values.access_control.default_policy }}
|
default_policy: {{ .Values.access_control.default_policy }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
{{- if not .Values.access_control.networks }}
|
{{- if and .Values.access_control.networks (not .Values.access_control.networks_access_control) -}}
|
||||||
|
{{- fail "Please change [.Values.access_control.networks] to [.Values.access_control.networks_access_control]" -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if not .Values.access_control.networks_access_control }}
|
||||||
networks: []
|
networks: []
|
||||||
{{- else }}
|
{{- else }}
|
||||||
networks:
|
networks:
|
||||||
{{- range $net := .Values.access_control.networks }}
|
{{- range $net := .Values.access_control.networks_access_control }}
|
||||||
- name: {{ $net.name }}
|
- name: {{ $net.name }}
|
||||||
networks:
|
networks:
|
||||||
{{- range $net.networks }}
|
{{- range $net.networks }}
|
||||||
|
|
|
@ -29,15 +29,15 @@ data:
|
||||||
ENCRYPTION_KEY: {{ $encryptionkey }}
|
ENCRYPTION_KEY: {{ $encryptionkey }}
|
||||||
|
|
||||||
{{- if .Values.authentication_backend.ldap.enabled }}
|
{{- if .Values.authentication_backend.ldap.enabled }}
|
||||||
LDAP_PASSWORD: {{ .Values.authentication_backend.ldap.plain_password }}
|
LDAP_PASSWORD: {{ .Values.authentication_backend.ldap.plain_password | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
{{- if and .Values.notifier.smtp.enabled .Values.notifier.smtp.plain_password }}
|
{{- if and .Values.notifier.smtp.enabled .Values.notifier.smtp.plain_password }}
|
||||||
SMTP_PASSWORD: {{ .Values.notifier.smtp.plain_password }}
|
SMTP_PASSWORD: {{ .Values.notifier.smtp.plain_password | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
{{- if .Values.duo_api.enabled }}
|
{{- if .Values.duo_api.enabled }}
|
||||||
DUO_API_KEY: {{ .Values.duo_api.plain_api_key }}
|
DUO_API_KEY: {{ .Values.duo_api.plain_api_key | quote }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
STORAGE_PASSWORD: {{ $.Values.cnpg.main.creds.password | trimAll "\"" }}
|
STORAGE_PASSWORD: {{ $.Values.cnpg.main.creds.password | trimAll "\"" }}
|
||||||
|
|
|
@ -297,8 +297,8 @@ access_control:
|
||||||
## Default policy can either be 'bypass', 'one_factor', 'two_factor' or 'deny'. It is the policy applied to any
|
## Default policy can either be 'bypass', 'one_factor', 'two_factor' or 'deny'. It is the policy applied to any
|
||||||
## resource if there is no policy to be applied to the user.
|
## resource if there is no policy to be applied to the user.
|
||||||
default_policy: deny
|
default_policy: deny
|
||||||
networks: []
|
networks_access_control: []
|
||||||
# networks:
|
# networks_access_control:
|
||||||
# - name: private
|
# - name: private
|
||||||
# networks:
|
# networks:
|
||||||
# - 10.0.0.0/8
|
# - 10.0.0.0/8
|
||||||
|
|
Loading…
Reference in New Issue