Implement access control in traefik #4

Closed
opened 2025-04-22 22:42:20 +00:00 by abed.alrahman · 2 comments
Member

Ref epic: #13

Goal: Configure Traefik to enforce access control by using the auth-service as a forward authentication target for relevant backend services.

Description:
This ticket should configure Traefik to use the forward auth middleware, along with the auth-service to authenticate the request.

Prerequisites:

The auth-service is deployed with a functional /auth endpoint.

What needs to be done:

Identify the backend services that require access control via auth-service.
For each identified service, modify its Docker Swarm configuration to add Traefik labels that:
    Define a forwardAuth middleware pointing to the auth-service's /auth endpoint.
    Apply this middleware to the service's Traefik router(s).
Deploy the updated service configurations to the Docker Swarm stack.
Perform end-to-end tests to verify that Traefik correctly blocks/allows requests based on the auth-service's decisions.

Deliverables:

Updated Docker Swarm YAML configuration file(s) with the necessary Traefik labels.
Verify that the access control flow through Traefik is working correctly.
Ref epic: [#13](https://git.cleverthis.com/clevermicro/user-management/issues/13) Goal: Configure Traefik to enforce access control by using the auth-service as a forward authentication target for relevant backend services. Description: This ticket should configure Traefik to use the forward auth middleware, along with the auth-service to authenticate the request. Prerequisites: The auth-service is deployed with a functional /auth endpoint. What needs to be done: Identify the backend services that require access control via auth-service. For each identified service, modify its Docker Swarm configuration to add Traefik labels that: Define a forwardAuth middleware pointing to the auth-service's /auth endpoint. Apply this middleware to the service's Traefik router(s). Deploy the updated service configurations to the Docker Swarm stack. Perform end-to-end tests to verify that Traefik correctly blocks/allows requests based on the auth-service's decisions. Deliverables: Updated Docker Swarm YAML configuration file(s) with the necessary Traefik labels. Verify that the access control flow through Traefik is working correctly.

depends on / is blocked by 'have independent keycloak instance deployed' in CleverThis company context, as a DEVELOPMENT env instance (identity-management project task)

depends on / is blocked by 'have independent keycloak instance deployed' in CleverThis company context, as a DEVELOPMENT env instance (identity-management project task)
Owner

@stanislav.hejny @aleenaumair

This ticket doesnt have a milestone. Please fix that before proceeding. I will MoSCoW anyway.

@stanislav.hejny @aleenaumair This ticket doesnt have a milestone. Please fix that before proceeding. I will MoSCoW anyway.
aleenaumair added this to the V.01 milestone 2025-05-05 10:02:40 +00:00
hurui200320 2025-06-10 04:54:04 +00:00
Sign in to join this conversation.
No milestone
No assignees
3 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Blocks
You do not have permission to read 1 dependency
Depends on
You do not have permission to read 1 dependency
Reference: clevermicro/user-management#4
No description provided.