haproxy-ingress icon indicating copy to clipboard operation
haproxy-ingress copied to clipboard

Published 20 hours ago verified publisher icon jcmoraisjr

Global configuration for an external auth service has no effekt

Open dadrus opened this issue 10 months ago • 1 comments

According to the official documentation, the Ingress Controller can be configured globally using a ConfigMap to forward all requests to an external auth service. Unfortunately, the following configuration has no effect:

apiVersion: v1
kind: ConfigMap
data:
  auth-url: "https://<auth service name>.<namespace>.svc.cluster.local:<port>" 
  auth-headers-succeed: "authorization" 
  headers: | 
    X-Forwarded-Uri: %[baseq]
    X-Forwarded-Method: %[method]
    X-Forwarded-Host: %[req.hdr(host)]

Same keys used as annotations on the ingress resource work however perfectly fine:

annotations:
  haproxy-ingress.github.io/auth-url: "https://<auth service name>.<namespace>.svc.cluster.local:<port>"
  haproxy-ingress.github.io/auth-headers-succeed: "authorization"
  haproxy-ingress.github.io/headers: |
    X-Forwarded-Uri: %[baseq]
    X-Forwarded-Method: %[method]
    X-Forwarded-Host: %[req.hdr(host)]

Am I doing something wrong, or is it indeed a bug?

dadrus avatar Apr 01 '24 15:04 dadrus

Hi, this is a config limitation, a few options wasn't designed to work properly as a global config, mostly due to the missing of a namespace. Regarding external authentication it was somewhat simple to fix and I've just addressed. Should be available in the next v0.15 and v0.14 releases.

jcmoraisjr avatar May 05 '24 00:05 jcmoraisjr

Fixed, merged, and the new behavior will be available in the next v0.14 and v0.15 versions.

jcmoraisjr avatar Jun 03 '24 12:06 jcmoraisjr