From e5ca7b22c3e2368c715db0bdd6f62149409ce8a0 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Sun, 10 Sep 2023 01:06:00 +0200
Subject: [PATCH] fix(monitoring): Fix oauth2-proxy scope

Currently the fix for various DoS attack turned out to be an own DoS
attack since it removed the default scopes from the keycloak provider.
---
 clusters/k8s01/monitoring/oauth2.yaml | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/clusters/k8s01/monitoring/oauth2.yaml b/clusters/k8s01/monitoring/oauth2.yaml
index e0850e7ca..23efe924f 100644
--- a/clusters/k8s01/monitoring/oauth2.yaml
+++ b/clusters/k8s01/monitoring/oauth2.yaml
@@ -12,8 +12,8 @@ sops:
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2023-02-22T23:30:38Z"
-    mac: ENC[AES256_GCM,data:icc9X76kAgpmBnWf6HXet+OPtRX9TM3sCd4tah6CK/Gk97fq+4CTzu8KX0NIlCm8aZYawyDmJbnIIiPArVTrpCdU8xtFm0OJpH77Tc7TVOA8HuLf8Vg6Y0BJPtA4EduxQD80QfhBngOMdW23HkteZE104gawNYpz9su2mo22VqM=,iv:MorHqEYGkevtmPmE5UzfGOq6l0X3HXV75d/Pl4CUQFY=,tag:IP4a/X1JUBKMhcBU3e3mzw==,type:str]
+    lastmodified: "2023-09-09T23:05:43Z"
+    mac: ENC[AES256_GCM,data:zya2+c57sZhdpT45OWjTOcqFBmFDGVlNJmTQrwV2JxE6wj/oOI52ULJ1Mu1UaEnkYRmMGirWp3smjk+KLPPyyKiXZz5sVro93B5AVuRi6hGZ6Jv0Qc3IIDxPMRbFyKlSKW8JHNoXrxQwwdW9jcVC8J0isg9w+DmKAWlFIY7RYvU=,iv:jyG4iqklzkV7AYuqfiQOANpbGyZzPQFRoNMtUHg7YEg=,tag:5+YZzAE9gilAf6LIjZ854g==,type:str]
     pgp:
         - created_at: "2022-01-22T04:06:16Z"
           enc: |-
@@ -90,6 +90,7 @@ spec:
             allowed-role: monitoring-k8s01:admin
             whitelist-domain: ENC[AES256_GCM,data:lPjezumXqntAyndo5dw8UlcN53AYvlTjH107otM=,iv:zq1ufpUpHAbSBhyZ9QOuU/1rROgtzpeBNFskOFQU6f0=,tag:qUNLlVDmPVUoEeotjumqFg==,type:str]
             session-cookie-minimal: "true"
+            scope: clusters/k8s01/longhorn/oauth2.yaml
         replicaCount: 2
         securityContext:
             enabled: true
@@ -127,8 +128,8 @@ sops:
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2023-02-22T23:30:38Z"
-    mac: ENC[AES256_GCM,data:icc9X76kAgpmBnWf6HXet+OPtRX9TM3sCd4tah6CK/Gk97fq+4CTzu8KX0NIlCm8aZYawyDmJbnIIiPArVTrpCdU8xtFm0OJpH77Tc7TVOA8HuLf8Vg6Y0BJPtA4EduxQD80QfhBngOMdW23HkteZE104gawNYpz9su2mo22VqM=,iv:MorHqEYGkevtmPmE5UzfGOq6l0X3HXV75d/Pl4CUQFY=,tag:IP4a/X1JUBKMhcBU3e3mzw==,type:str]
+    lastmodified: "2023-09-09T23:05:43Z"
+    mac: ENC[AES256_GCM,data:zya2+c57sZhdpT45OWjTOcqFBmFDGVlNJmTQrwV2JxE6wj/oOI52ULJ1Mu1UaEnkYRmMGirWp3smjk+KLPPyyKiXZz5sVro93B5AVuRi6hGZ6Jv0Qc3IIDxPMRbFyKlSKW8JHNoXrxQwwdW9jcVC8J0isg9w+DmKAWlFIY7RYvU=,iv:jyG4iqklzkV7AYuqfiQOANpbGyZzPQFRoNMtUHg7YEg=,tag:5+YZzAE9gilAf6LIjZ854g==,type:str]
     pgp:
         - created_at: "2022-01-22T04:06:16Z"
           enc: |-
@@ -194,8 +195,8 @@ sops:
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2023-02-22T23:30:38Z"
-    mac: ENC[AES256_GCM,data:icc9X76kAgpmBnWf6HXet+OPtRX9TM3sCd4tah6CK/Gk97fq+4CTzu8KX0NIlCm8aZYawyDmJbnIIiPArVTrpCdU8xtFm0OJpH77Tc7TVOA8HuLf8Vg6Y0BJPtA4EduxQD80QfhBngOMdW23HkteZE104gawNYpz9su2mo22VqM=,iv:MorHqEYGkevtmPmE5UzfGOq6l0X3HXV75d/Pl4CUQFY=,tag:IP4a/X1JUBKMhcBU3e3mzw==,type:str]
+    lastmodified: "2023-09-09T23:05:43Z"
+    mac: ENC[AES256_GCM,data:zya2+c57sZhdpT45OWjTOcqFBmFDGVlNJmTQrwV2JxE6wj/oOI52ULJ1Mu1UaEnkYRmMGirWp3smjk+KLPPyyKiXZz5sVro93B5AVuRi6hGZ6Jv0Qc3IIDxPMRbFyKlSKW8JHNoXrxQwwdW9jcVC8J0isg9w+DmKAWlFIY7RYvU=,iv:jyG4iqklzkV7AYuqfiQOANpbGyZzPQFRoNMtUHg7YEg=,tag:5+YZzAE9gilAf6LIjZ854g==,type:str]
     pgp:
         - created_at: "2022-01-22T04:06:16Z"
           enc: |-
-- 
GitLab