fix(authelia): fix networks access control (#16356)

This commit is contained in:
Stavros Kois 2023-12-22 22:19:14 +02:00 committed by GitHub
parent 38ea5f1c8e
commit 5d04d7bdd2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 19 additions and 8 deletions

View File

@ -0,0 +1,8 @@
ingress:
main:
enabled: true
hosts:
- host: auth.example.com
paths:
- path: /
pathType: Prefix

View File

@ -722,7 +722,7 @@ questions:
description: "two_factor" description: "two_factor"
- value: "deny" - value: "deny"
description: "deny" description: "deny"
- variable: networks - variable: networks_access_control
label: "Networks" label: "Networks"
schema: schema:
type: list type: list

View File

@ -296,11 +296,14 @@ data:
default_policy: {{ .Values.access_control.default_policy }} default_policy: {{ .Values.access_control.default_policy }}
{{- end }} {{- end }}
{{- if not .Values.access_control.networks }} {{- if and .Values.access_control.networks (not .Values.access_control.networks_access_control) -}}
{{- fail "Please change [.Values.access_control.networks] to [.Values.access_control.networks_access_control]" -}}
{{- end -}}
{{- if not .Values.access_control.networks_access_control }}
networks: [] networks: []
{{- else }} {{- else }}
networks: networks:
{{- range $net := .Values.access_control.networks }} {{- range $net := .Values.access_control.networks_access_control }}
- name: {{ $net.name }} - name: {{ $net.name }}
networks: networks:
{{- range $net.networks }} {{- range $net.networks }}

View File

@ -29,15 +29,15 @@ data:
ENCRYPTION_KEY: {{ $encryptionkey }} ENCRYPTION_KEY: {{ $encryptionkey }}
{{- if .Values.authentication_backend.ldap.enabled }} {{- if .Values.authentication_backend.ldap.enabled }}
LDAP_PASSWORD: {{ .Values.authentication_backend.ldap.plain_password }} LDAP_PASSWORD: {{ .Values.authentication_backend.ldap.plain_password | quote }}
{{- end }} {{- end }}
{{- if and .Values.notifier.smtp.enabled .Values.notifier.smtp.plain_password }} {{- if and .Values.notifier.smtp.enabled .Values.notifier.smtp.plain_password }}
SMTP_PASSWORD: {{ .Values.notifier.smtp.plain_password }} SMTP_PASSWORD: {{ .Values.notifier.smtp.plain_password | quote }}
{{- end }} {{- end }}
{{- if .Values.duo_api.enabled }} {{- if .Values.duo_api.enabled }}
DUO_API_KEY: {{ .Values.duo_api.plain_api_key }} DUO_API_KEY: {{ .Values.duo_api.plain_api_key | quote }}
{{- end }} {{- end }}
STORAGE_PASSWORD: {{ $.Values.cnpg.main.creds.password | trimAll "\"" }} STORAGE_PASSWORD: {{ $.Values.cnpg.main.creds.password | trimAll "\"" }}

View File

@ -297,8 +297,8 @@ access_control:
## Default policy can either be 'bypass', 'one_factor', 'two_factor' or 'deny'. It is the policy applied to any ## Default policy can either be 'bypass', 'one_factor', 'two_factor' or 'deny'. It is the policy applied to any
## resource if there is no policy to be applied to the user. ## resource if there is no policy to be applied to the user.
default_policy: deny default_policy: deny
networks: [] networks_access_control: []
# networks: # networks_access_control:
# - name: private # - name: private
# networks: # networks:
# - 10.0.0.0/8 # - 10.0.0.0/8