From 63f5058c4382774a3c14448dab8e256cc035b098 Mon Sep 17 00:00:00 2001 From: Saman Mahdanian <46444723+SamMHD@users.noreply.github.com> Date: Mon, 18 Nov 2024 22:26:13 +0330 Subject: [PATCH] Update changelogs/unreleased/6661-SamMHD-minor.md Co-authored-by: Tero Saarni --- changelogs/unreleased/6661-SamMHD-minor.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/changelogs/unreleased/6661-SamMHD-minor.md b/changelogs/unreleased/6661-SamMHD-minor.md index 525849aa3d8..9a6330a74e9 100644 --- a/changelogs/unreleased/6661-SamMHD-minor.md +++ b/changelogs/unreleased/6661-SamMHD-minor.md @@ -1,6 +1,8 @@ ## Disable ExtAuth by default if GlobalExtAuth.AuthPolicy.Disabled is set -Global external authorization or vhost-level authorization is enabled by default unless an AuthPolicy explicitly disables it. By default, `disabled` is set to `GlobalExtAuth.AuthPolicy.Disabled`. This global setting can be overridden by vhost-level AuthPolicy, which can further be overridden by route-specific AuthPolicy. Therefore, the final authorization state is determined by the most specific policy applied at the route level. +Global external authorization can now be disabled by default and enabled by overriding the vhost and route level auth policies. +This is achieved by setting the `globalExtAuth.authPolicy.disabled` in the configuration file or `ContourConfiguration` CRD to `true`, and setting the `authPolicy.disabled` to `false` in the vhost and route level auth policies. +The final authorization state is determined by the most specific policy applied at the route level. ## Disable External Authorization in UpgradeHTTPS