Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow for default open on gatekeeper #553

Closed
filippomc opened this issue Aug 29, 2022 · 1 comment · Fixed by #554
Closed

Allow for default open on gatekeeper #553

filippomc opened this issue Aug 29, 2022 · 1 comment · Fixed by #554
Assignees
@filippomc
Labels
enhancement New feature or request scope:deployment
Milestone
v2.0.0

Comments

@filippomc
Copy link
Collaborator

filippomc commented Aug 29, 2022
edited
Loading

The gatekeeper by default is set in "default-deny" mode.
This is to allow for a default white listed option.

One way to achieve this would be to use a ternary logic on the secured attribute:

harness:
  secured: "open"
@filippomc filippomc self-assigned this Aug 29, 2022
filippomc added a commit that referenced this issue Aug 29, 2022
@filippomc
#553 +Default allow option on gk
d0fedcc
@filippomc filippomc mentioned this issue Aug 29, 2022
Merged
18 tasks
@filippomc filippomc added enhancement New feature or request scope:deployment labels Aug 29, 2022
@filippomc filippomc added this to the v2.0.0 milestone Aug 29, 2022
filippomc added a commit that referenced this issue Aug 29, 2022
@filippomc
#553 add documentation
cc61c8e
zsinnema added a commit that referenced this issue Aug 29, 2022
@zsinnema
Merge pull request #554 from MetaCell/feature/553
27ae0fe 
#553 +Default allow option on gk
@filippomc
Copy link
Collaborator Author

Note that cannot simply do

- uri: /*
  white-listed: true

As cannot white list everything with default deny option enabled

The gatekeeper fails with:

2022-08-29T14:49:20.010Z        info    starting the service    {"prog": "gatekeeper", "author": "go-gatekeeper", "version": "1.3.8 (git+sha: 499bcbe-dirty, built: 09-01-2022)"}
2022-08-29T14:49:20.010Z        info    attempting to retrieve configuration discovery url      {"url": "http://accounts.areg.local/auth/realms/areg", "timeout": "30s"}
2022-08-29T14:49:20.022Z        info    successfully retrieved openid configuration from the discovery
2022-08-29T14:49:20.022Z        info    enabled reverse proxy mode, upstream url        {"url": "http://areg-portal.areg:8080/"}
2022-08-29T14:49:20.022Z        info    enabled health service  {"path": "/oauth/health"}
2022-08-29T14:49:20.022Z        info    using session cookies only for access and refresh tokens
2022-08-29T14:49:20.022Z        info    loading the custom templates    {"templates": "/templates/access-denied.html.tmpl"}
2022-08-29T14:49:20.023Z        warn    the resource url is not a prefix        {"resource": "/", "change": "/", "amended": ""}
[error] you've asked for a default denial but whitelisted everything

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@filippomc filippomc

Labels
enhancement New feature or request scope:deployment
Projects
None yet
Milestone
v2.0.0
Development

Successfully merging a pull request may close this issue.

#553 +Default allow option on gk MetaCell/cloud-harness
1 participant
@filippomc