diff --git a/stack/templates/_helpers.tpl b/stack/templates/_helpers.tpl index 6513f83..da7ea4f 100644 --- a/stack/templates/_helpers.tpl +++ b/stack/templates/_helpers.tpl @@ -189,5 +189,5 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- define "oidcProxy.nginxAuthAnnotations" -}} nginx.ingress.kubernetes.io/auth-url: "http://{{ include "oidcProxy.name" . }}.{{ .Release.Namespace }}.svc.cluster.local:4180/oauth2/auth" nginx.ingress.kubernetes.io/auth-signin: "https://{{- include "oidcProxy.authDomain" . }}/oauth2/start?rd=https://$host$escaped_request_uri" -nginx.ingress.kubernetes.io/auth-response-headers: {{join "," (concat (list "Authorization" "X-Forwarded-Email") .Values.global.oidcProxy.additionalHeaders) }} +nginx.ingress.kubernetes.io/auth-response-headers: {{join "," (concat (list "Authorization" "X-Auth-Request-User" "X-Auth-Request-Groups" "X-Auth-Request-Email" "X-Auth-Request-Preferred-Username") .Values.global.oidcProxy.additionalHeaders) }} {{- end -}} \ No newline at end of file diff --git a/stack/tests/ingress_test.yaml b/stack/tests/ingress_test.yaml index 95d9c3e..1614e5e 100644 --- a/stack/tests/ingress_test.yaml +++ b/stack/tests/ingress_test.yaml @@ -28,7 +28,7 @@ tests: - documentIndex: 0 equal: path: metadata.annotations["nginx.ingress.kubernetes.io/auth-response-headers"] - value: "Authorization,X-Forwarded-Email" + value: "Authorization,X-Auth-Request-User,X-Auth-Request-Groups,X-Auth-Request-Email,X-Auth-Request-Preferred-Username" - it: adds additional nginx auth headers when using additionalHeaders set: global: @@ -49,4 +49,4 @@ tests: - documentIndex: 0 equal: path: metadata.annotations["nginx.ingress.kubernetes.io/auth-response-headers"] - value: "Authorization,X-Forwarded-Email,X-Forwarded-User,blahblahblah" + value: "Authorization,X-Auth-Request-User,X-Auth-Request-Groups,X-Auth-Request-Email,X-Auth-Request-Preferred-Username,X-Forwarded-User,blahblahblah"