You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
fix(authpolicy): use three-way CEL expressions in OIDC patch template
Remove when:null and selector:null from the OIDC merge patch — Kubernetes
merge patch does not reliably delete these fields, causing X-MaaS-Username
to remain restricted to sk-oai-* tokens and yielding 500 AUTH_FAILURE
refId 003 on OIDC DELETE and header-injection requests.
The patch template now uses clean three-way CEL expressions without any
when clause. The base auth-policy is unchanged (split headers approach
for non-OIDC flows).
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
0 commit comments