40a7135c0c
* core: initial app entitlements Signed-off-by: Jens Langhammer <jens@goauthentik.io> * base off of pbm Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add tests and oauth2 Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add to proxy Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rewrite to use bindings Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make policy bindings form and list more customizable Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * double fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * refine permissions Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add missing rbac modal to app entitlements Signed-off-by: Jens Langhammer <jens@goauthentik.io> * separate scope for app entitlements Signed-off-by: Jens Langhammer <jens@goauthentik.io> * include entitlements mapping in proxy Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add API validation to prevent policies from being bound to entitlements Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make preview Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add initial docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> * remove duplicate docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
59 lines
1.4 KiB
YAML
59 lines
1.4 KiB
YAML
# yaml-language-server: $schema=https://json.schemastore.org/traefik-v2.json
|
|
api:
|
|
insecure: true
|
|
debug: true
|
|
|
|
log:
|
|
level: debug
|
|
accessLog:
|
|
filePath: /dev/stdout
|
|
|
|
entryPoints:
|
|
web:
|
|
address: ":80"
|
|
|
|
# Re-use the same config file to define everything
|
|
providers:
|
|
file:
|
|
filename: /etc/traefik/traefik.yml
|
|
|
|
http:
|
|
middlewares:
|
|
authentik:
|
|
forwardAuth:
|
|
address: http://ak-test-outpost:9000/outpost.goauthentik.io/auth/traefik
|
|
trustForwardHeader: true
|
|
authResponseHeaders:
|
|
- X-authentik-username
|
|
- X-authentik-groups
|
|
- X-authentik-entitlements
|
|
- X-authentik-email
|
|
- X-authentik-name
|
|
- X-authentik-uid
|
|
- X-authentik-jwt
|
|
- X-authentik-meta-jwks
|
|
- X-authentik-meta-outpost
|
|
- X-authentik-meta-provider
|
|
- X-authentik-meta-app
|
|
- X-authentik-meta-version
|
|
routers:
|
|
default-router:
|
|
rule: "Host(`localhost`)"
|
|
middlewares:
|
|
- authentik
|
|
priority: 10
|
|
service: app
|
|
default-router-auth:
|
|
rule: "Host(`localhost`) && PathPrefix(`/outpost.goauthentik.io/`)"
|
|
priority: 15
|
|
service: authentik
|
|
services:
|
|
app:
|
|
loadBalancer:
|
|
servers:
|
|
- url: http://ak-whoami
|
|
authentik:
|
|
loadBalancer:
|
|
servers:
|
|
- url: http://ak-test-outpost:9000/outpost.goauthentik.io
|