From 78c47b305bbed75df53173f05c0e3afb64943b4b Mon Sep 17 00:00:00 2001
From: "Weiyanli Chen(York)" <6115189+cwyl02@users.noreply.github.com>
Date: Tue, 15 Aug 2023 10:02:55 -0400
Subject: [PATCH] fix: not skipping authz for kube dashboard (#1462)

* fix: should not skip authz for any path

see TFA Code about this config option:

https://github.com/mesosphere/

traefik-forward-auth/blob/master/internal/handlers/server.go#L497-L504

had to break the URL to 2 lines thanks to pre-commit ;)

* fix: bring back kiali skip authz
---
 services/traefik-forward-auth-mgmt/0.3.9/defaults/cm.yaml | 2 --
 services/traefik-forward-auth/0.3.9/defaults/cm.yaml      | 4 +++-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/services/traefik-forward-auth-mgmt/0.3.9/defaults/cm.yaml b/services/traefik-forward-auth-mgmt/0.3.9/defaults/cm.yaml
index 312fdbe0c..885e901f8 100644
--- a/services/traefik-forward-auth-mgmt/0.3.9/defaults/cm.yaml
+++ b/services/traefik-forward-auth-mgmt/0.3.9/defaults/cm.yaml
@@ -35,8 +35,6 @@ data:
       enableRBAC: true
       enableImpersonation: true
       rbacPassThroughPaths:
-        - "/dkp/kubernetes/"
-        - "/dkp/kubernetes/*"
         - "/dkp/kiali/"
         - "/dkp/kiali/*"
     ingress:
diff --git a/services/traefik-forward-auth/0.3.9/defaults/cm.yaml b/services/traefik-forward-auth/0.3.9/defaults/cm.yaml
index b54e0a399..33203493b 100644
--- a/services/traefik-forward-auth/0.3.9/defaults/cm.yaml
+++ b/services/traefik-forward-auth/0.3.9/defaults/cm.yaml
@@ -33,7 +33,9 @@ data:
       whitelist: []
       enableRBAC: true
       enableImpersonation: true
-      rbacPassThroughPaths: ["/dkp/kubernetes/", "/dkp/kubernetes/*"]
+      rbacPassThroughPaths:
+        - "/dkp/kiali/"
+        - "/dkp/kiali/*"
       extraConfig: |
         cookie-name =  _forward_auth_kommander
         csrf-cookie-name = _forward_auth_csrf_kommander