authelia: send login message to os.users.<olaresid>

2025-07-09 21:30:05 +08:00
3 changed files with 30 additions and 11 deletions
--- a/apps/.olares/config/user/helm-charts/system-apps/templates/system-frontend.yaml
+++ b/apps/.olares/config/user/helm-charts/system-apps/templates/system-frontend.yaml
@@ -2144,6 +2144,9 @@ spec:
          - appName: notifications
            sub: allow
            pub: allow
+          - appName: authelia
+            sub: allow
+            pub: allow
        name: "notification.*"
        permission:
          pub: allow
--- a/framework/authelia/.olares/config/cluster/deploy/auth_backend_deploy.yaml
+++ b/framework/authelia/.olares/config/cluster/deploy/auth_backend_deploy.yaml
@@ -82,13 +82,20 @@ spec:
          key: nats_password
          name: authelia-secrets
    refs:
-    - appName: notifications
+    - appName: user-service
      appNamespace: os
      subjects:
-      - name: notification
+      - name: "notification.*"
        perm:
        - pub
        - sub
+    - appName: notifications
+      appNamespace: os
+      subjects:
+        - name: "users.*"
+          perm:
+            - pub
+            - sub
    user: os-authelia

 ---
@@ -354,7 +361,7 @@ spec:
          privileged: true
      containers:      
      - name: authelia
-        image: beclab/auth:0.2.11
+        image: beclab/auth:0.2.12
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 9091
@@ -379,6 +386,8 @@ spec:
              name: authelia-secrets
        - name: NATS_SUBJECT
          value: "os.notification"
+        - name: NATS_SUBJECT_FOR_USERS
+          value: "os.users"

        volumeMounts:
        - name: config
--- a/framework/notifications/.olares/config/cluster/deploy/notification_deploy.yaml
+++ b/framework/notifications/.olares/config/cluster/deploy/notification_deploy.yaml
@@ -79,7 +79,7 @@ spec:
          - appName: authelia
            pub: allow
            sub: allow
-        name: notification
+        name: "notification.*"
        permission:
          pub: allow
          sub: allow
@@ -96,15 +96,22 @@ spec:
          - appName: knowledge
            pub: deny
            sub: allow
-        name: users
+          - appName: authlia
+            pub: allow
+            sub: allow
+        name: "users.*"
        permission:
          pub: deny
          sub: allow
-      - name: groups
+      - name: "groups.*"
        permission:
          pub: deny
          sub: allow
-      - name: application
+      - name: "application.*"
+        permission:
+          pub: deny
+          sub: allow
+      - name: "vault.*"
        permission:
          pub: deny
          sub: allow
@@ -186,13 +193,13 @@ spec:
        - name: NATS_SUBJECT
          value: "os.notification"
        - name: NATS_SUBJECT_SYSTEM_USERS
-          value: "os.users"
+          value: "os.users.*"
        - name: NATS_SUBJECT_SYSTEM_GROUPS
-          value: "os.groups"
+          value: "os.groups.*"
        - name: NATS_SUBJECT_SYSTEM_APPLICATION
-          value: "os.application"
+          value: "os.application.*"
        - name: NATS_SUBJECT_SYSTEM_VAULT
-          value: "os.vault"
+          value: "os.vault.*"
        livenessProbe:
          tcpSocket:
            port: 3010