Implement access control in traefik #4

Closed
opened 2025-04-22 22:42:20 +00:00 by abed.alrahman · 2 comments
Member

Ref epic: #13

Goal: Configure Traefik to enforce access control by using the auth-service as a forward authentication target for relevant backend services.

Description:
This ticket should configure Traefik to use the forward auth middleware, along with the auth-service to authenticate the request.

Prerequisites:

The auth-service is deployed with a functional /auth endpoint.

What needs to be done:

Identify the backend services that require access control via auth-service.
For each identified service, modify its Docker Swarm configuration to add Traefik labels that:
    Define a forwardAuth middleware pointing to the auth-service's /auth endpoint.
    Apply this middleware to the service's Traefik router(s).
Deploy the updated service configurations to the Docker Swarm stack.
Perform end-to-end tests to verify that Traefik correctly blocks/allows requests based on the auth-service's decisions.

Deliverables:

Updated Docker Swarm YAML configuration file(s) with the necessary Traefik labels.
Verify that the access control flow through Traefik is working correctly.
Ref epic: [#13](https://git.cleverthis.com/clevermicro/user-management/issues/13) Goal: Configure Traefik to enforce access control by using the auth-service as a forward authentication target for relevant backend services. Description: This ticket should configure Traefik to use the forward auth middleware, along with the auth-service to authenticate the request. Prerequisites: The auth-service is deployed with a functional /auth endpoint. What needs to be done: Identify the backend services that require access control via auth-service. For each identified service, modify its Docker Swarm configuration to add Traefik labels that: Define a forwardAuth middleware pointing to the auth-service's /auth endpoint. Apply this middleware to the service's Traefik router(s). Deploy the updated service configurations to the Docker Swarm stack. Perform end-to-end tests to verify that Traefik correctly blocks/allows requests based on the auth-service's decisions. Deliverables: Updated Docker Swarm YAML configuration file(s) with the necessary Traefik labels. Verify that the access control flow through Traefik is working correctly.
abed.alrahman added the
Points
21
Priority
Medium
Blocked
labels 2025-04-22 22:42:20 +00:00
stanislav.hejny added the
Type
Task
label 2025-04-29 10:35:28 +00:00
Member

depends on / is blocked by 'have independent keycloak instance deployed' in CleverThis company context, as a DEVELOPMENT env instance (identity-management project task)

depends on / is blocked by 'have independent keycloak instance deployed' in CleverThis company context, as a DEVELOPMENT env instance (identity-management project task)
stanislav.hejny added the
State
Verified
label 2025-04-30 18:48:51 +00:00
Owner

@stanislav.hejny @aleenaumair

This ticket doesnt have a milestone. Please fix that before proceeding. I will MoSCoW anyway.

@stanislav.hejny @aleenaumair This ticket doesnt have a milestone. Please fix that before proceeding. I will MoSCoW anyway.
freemo added the
MoSCoW
Should have
label 2025-05-05 01:12:35 +00:00
aleenaumair added this to the V.01 milestone 2025-05-05 10:02:40 +00:00
hurui200320 added a new dependency 2025-05-15 10:05:36 +00:00
abed.alrahman self-assigned this 2025-05-16 02:10:10 +00:00
abed.alrahman added
State
In Progress
and removed
State
Verified
labels 2025-05-16 02:10:34 +00:00
hurui200320 removed a dependency 2025-05-19 08:34:43 +00:00
abed.alrahman removed the Blocked label 2025-05-20 01:22:59 +00:00
abed.alrahman added this to the Sprint May 15th - 28th project 2025-05-20 01:23:08 +00:00
abed.alrahman added
State
In Review
and removed
State
In Progress
labels 2025-05-22 00:16:38 +00:00
hurui200320 added
State
Completed
and removed
State
In Review
labels 2025-06-10 04:54:04 +00:00
Sign in to join this conversation.
3 Participants
Notifications
Due Date
No due date set.
Blocks
You do not have permission to read 1 dependency
Depends on
You do not have permission to read 1 dependency
Reference: clevermicro/user-management#4