From b4963bec76b7a42534580cf6ed197db7752c6a28 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Wed, 1 Dec 2021 21:47:13 +0100
Subject: [PATCH] providers/proxy: fix defaults for traefik integration

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
---
 authentik/providers/proxy/controllers/k8s/traefik.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/authentik/providers/proxy/controllers/k8s/traefik.py b/authentik/providers/proxy/controllers/k8s/traefik.py
index 0e87eb2be..9a0602ff3 100644
--- a/authentik/providers/proxy/controllers/k8s/traefik.py
+++ b/authentik/providers/proxy/controllers/k8s/traefik.py
@@ -20,9 +20,11 @@ class TraefikMiddlewareSpecForwardAuth:
 
     address: str
     # pylint: disable=invalid-name
-    authResponseHeadersRegex: str
+    authResponseHeadersRegex: str = field(default="")
     # pylint: disable=invalid-name
-    trustForwardHeader: bool
+    authResponseHeaders: list[str] = field(default_factory=list)
+    # pylint: disable=invalid-name
+    trustForwardHeader: bool = field(default=True)
 
 
 @dataclass
@@ -108,6 +110,7 @@ class TraefikMiddlewareReconciler(KubernetesObjectReconciler[TraefikMiddleware])
             spec=TraefikMiddlewareSpec(
                 forwardAuth=TraefikMiddlewareSpecForwardAuth(
                     address=f"http://{self.name}.{self.namespace}:9000/akprox/auth/traefik",
+                    authResponseHeaders=[],
                     authResponseHeadersRegex="^.*$",
                     trustForwardHeader=True,
                 )