From a47459c695a4a95b530881494b88ff6ad041ea41 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 16 Aug 2023 03:57:45 +0800 Subject: [PATCH] fix: not skipping authz for kube dashboard (2.5) (#1486) fix: not skipping authz for kube dashboard (#1462) * fix: should not skip authz for any path see TFA Code about this config option: https://github.com/mesosphere/ traefik-forward-auth/blob/master/internal/handlers/server.go#L497-L504 had to break the URL to 2 lines thanks to pre-commit ;) * fix: bring back kiali skip authz (cherry picked from commit 78c47b305bbed75df53173f05c0e3afb64943b4b) Co-authored-by: Weiyanli Chen(York) <6115189+cwyl02@users.noreply.github.com> --- services/traefik-forward-auth-mgmt/0.3.9/defaults/cm.yaml | 2 -- services/traefik-forward-auth/0.3.8/defaults/cm.yaml | 4 +++- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/services/traefik-forward-auth-mgmt/0.3.9/defaults/cm.yaml b/services/traefik-forward-auth-mgmt/0.3.9/defaults/cm.yaml index 2a0fe5928..8f882c1ba 100644 --- a/services/traefik-forward-auth-mgmt/0.3.9/defaults/cm.yaml +++ b/services/traefik-forward-auth-mgmt/0.3.9/defaults/cm.yaml @@ -34,8 +34,6 @@ data: enableRBAC: true enableImpersonation: true rbacPassThroughPaths: - - "/dkp/kubernetes/" - - "/dkp/kubernetes/*" - "/dkp/kiali/" - "/dkp/kiali/*" ingress: diff --git a/services/traefik-forward-auth/0.3.8/defaults/cm.yaml b/services/traefik-forward-auth/0.3.8/defaults/cm.yaml index 0cc59d0bd..1c72b0838 100644 --- a/services/traefik-forward-auth/0.3.8/defaults/cm.yaml +++ b/services/traefik-forward-auth/0.3.8/defaults/cm.yaml @@ -34,7 +34,9 @@ data: whitelist: [] enableRBAC: true enableImpersonation: true - rbacPassThroughPaths: ["/dkp/kubernetes/", "/dkp/kubernetes/*"] + rbacPassThroughPaths: + - "/dkp/kiali/" + - "/dkp/kiali/*" extraConfig: | cookie-name = _forward_auth_kommander csrf-cookie-name = _forward_auth_csrf_kommander