From 4606ea39cfc6535bce98633ee2cb13fb4bdfa3c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tore=20Stendal=20L=C3=B8n=C3=B8y?= Date: Fri, 8 Dec 2023 15:14:12 +0100 Subject: [PATCH] fix: fetch default value from configmap --- internal/ingress/annotations/authreqglobal/main.go | 14 +++++++++----- internal/ingress/controller/config/config.go | 1 - internal/ingress/defaults/main.go | 5 ----- 3 files changed, 9 insertions(+), 11 deletions(-) diff --git a/internal/ingress/annotations/authreqglobal/main.go b/internal/ingress/annotations/authreqglobal/main.go index 733f5637c..ab379999d 100644 --- a/internal/ingress/annotations/authreqglobal/main.go +++ b/internal/ingress/annotations/authreqglobal/main.go @@ -17,6 +17,8 @@ limitations under the License. package authreqglobal import ( + "strconv" + networking "k8s.io/api/networking/v1" "k8s.io/ingress-nginx/internal/ingress/annotations/parser" @@ -39,10 +41,6 @@ var globalAuthAnnotations = parser.Annotation{ }, } -type Config struct { - GlobalAuthDefaultEnable bool `json:"global-auth-default-enable,omitempty"` -} - type authReqGlobal struct { r resolver.Resolver annotationConfig parser.Annotation @@ -61,7 +59,13 @@ func NewParser(r resolver.Resolver) parser.IngressAnnotation { func (a authReqGlobal) Parse(ing *networking.Ingress) (interface{}, error) { enableGlobalAuth, err := parser.GetBoolAnnotation(enableGlobalAuthAnnotation, ing, a.annotationConfig.Annotations) if err != nil { - enableGlobalAuth = a.r.GetDefaultBackend().GlobalAuthDefaultEnable + globalAuthDefaultEnable, err := a.r.GetConfigMap("ingress-nginx/ingress-nginx-controller") + if err != nil { + return nil, err + } + + enableGlobalAuth, err = strconv.ParseBool(globalAuthDefaultEnable.Data["global-auth-default-enable"]) + // enableGlobalAuth = a.r.GetDefaultBackend().GlobalAuthDefaultEnable } return enableGlobalAuth, nil diff --git a/internal/ingress/controller/config/config.go b/internal/ingress/controller/config/config.go index 11c756e9f..7b70af90f 100644 --- a/internal/ingress/controller/config/config.go +++ b/internal/ingress/controller/config/config.go @@ -877,7 +877,6 @@ func NewDefault() Configuration { DisableProxyInterceptErrors: false, DenylistSourceRange: []string{}, WhitelistSourceRange: []string{}, - GlobalAuthDefaultEnable: true, SkipAccessLogURLs: []string{}, LimitRate: 0, LimitRateAfter: 0, diff --git a/internal/ingress/defaults/main.go b/internal/ingress/defaults/main.go index dba4927d9..2bb58c858 100644 --- a/internal/ingress/defaults/main.go +++ b/internal/ingress/defaults/main.go @@ -176,11 +176,6 @@ type Backend struct { // By default, the NGINX ingress controller uses a list of all endpoints (Pod IP/port) in the NGINX upstream configuration. // It disables that behavior and instead uses a single upstream in NGINX, the service's Cluster IP and port. ServiceUpstream bool `json:"service-upstream"` - - // By default, the NGINX ingress controller applies global-auth configuration to all Ingress resources, - // if global-auth-url (ConfigMap) is set, and auth-url is not set (Ingess). Default is `true`. By setting this to - // `false`, global-auth is only applied to Ingress resources when global-auth-url (ConfigMap) is set and enable-global-auth is set (Ingress). - GlobalAuthDefaultEnable bool `json:"global-auth-default-enable"` } type SecurityConfiguration struct {