Closed morvencao closed 2 years ago
Issues go stale after 90d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen
.
If this issue is safe to close now please do so with /close
.
/lifecycle stale
Stale issues rot after 30d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle rotten
.
Rotten issues close after an additional 30d of inactivity.
Exclude this issue from closing by commenting /lifecycle frozen
.
If this issue is safe to close now please do so with /close
.
/lifecycle rotten /remove-lifecycle stale
Rotten issues close after 30d of inactivity.
Reopen the issue by commenting /reopen
.
Mark the issue as fresh by commenting /remove-lifecycle rotten
.
Exclude this issue from closing again by commenting /lifecycle frozen
.
/close
@openshift-bot: Closing this issue.
Configured multiple path prefixes to the
--openshift-delegate-urls
parameter by following the doc here: https://github.com/openshift/oauth-proxy#delegate-authentication-and-authorization-to-openshift-for-infrastructureThen I found that requests for
/foo
are bypass to upstream even if the bear token in the request header doesn't have permission of{"group":"test","resource":"myproxy","verb":"*"}
The doc say when there are multiple path prefixes, the longest path prefix is checked.
Definitely, it is not the case ax expected, I found it always match
/
path, so any token with{"resource":"projects","verb":"list"}
can pass the authZ check.