ingress-controller icon indicating copy to clipboard operation
ingress-controller copied to clipboard

Published 20 hours ago verified publisher icon pomerium

footgun: configuring IdP, not setting authenticate

Open wasaga opened this issue 1 year ago • 0 comments

What happened?

we made authenticate options of the CRD optional when hosted authenticate was introduced, it is now possible to set identityProvider portion of the CRD without filling in authenticate portion.

This configuration would be applied, as CRD rules cannot prevent it now, although it's fundamentally incorrect, and will cause some side effects.

What did you expect to happen?

Such configuration should be rejected, and an error set to the CRD /status section.

wasaga avatar Jan 12 '24 19:01 wasaga