Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[NET-3092] JWT Verify claims handling #17452

Merged
merged 10 commits into from
May 30, 2023
Merged

[NET-3092] JWT Verify claims handling #17452

merged 10 commits into from
May 30, 2023

Conversation

roncodingenthusiast
Copy link
Contributor

@roncodingenthusiast roncodingenthusiast commented May 24, 2023
edited
Loading

Description

  • This PR first changes how we write the payload key in the jwt_authn filters. The payload key is based on the path and provider name to eliminate any cross provider/path claims validation
  • Then subsequently we get that payload name and write it on rbac policies for claims validation during http requests

background info

potential todo

  • maybe add more tests for utility functions?

@roncodingenthusiast roncodingenthusiast added pr/no-changelog PR does not need a corresponding .changelog entry pr/no-docs PR does not include docs and should not trigger reminder for cherrypicking them. pr/no-backport labels May 24, 2023
@github-actions github-actions bot added the theme/envoy/xds Related to Envoy support label May 24, 2023
@roncodingenthusiast roncodingenthusiast force-pushed the NET-3092-verify-claims branch 4 times, most recently from f579add to c4bcb35 Compare May 26, 2023 16:38
@roncodingenthusiast roncodingenthusiast marked this pull request as ready for review May 26, 2023 16:38
@roncodingenthusiast roncodingenthusiast changed the title WIP - [NET-3092] JWT Verify claims handling [NET-3092] JWT Verify claims handling May 26, 2023
@roncodingenthusiast roncodingenthusiast requested review from pglass, a team and eikenb and removed request for a team May 26, 2023 16:38
pglass
pglass reviewed May 26, 2023
View reviewed changes
agent/xds/jwt_authn.go Outdated Show resolved Hide resolved
agent/xds/jwt_authn.go Outdated Show resolved Hide resolved
agent/xds/jwt_authn.go Outdated Show resolved Hide resolved
agent/xds/rbac.go Outdated Show resolved Hide resolved
agent/xds/jwt_authn.go Outdated Show resolved Hide resolved
agent/xds/jwt_authn.go Outdated Show resolved Hide resolved
pglass
pglass reviewed May 26, 2023
View reviewed changes
agent/xds/jwt_authn.go Outdated Show resolved Hide resolved
pglass
pglass reviewed May 30, 2023
View reviewed changes
agent/xds/jwt_authn.go Outdated Show resolved Hide resolved
agent/xds/rbac.go Outdated Show resolved Hide resolved
agent/xds/rbac.go Outdated Show resolved Hide resolved
agent/xds/rbac.go Outdated Show resolved Hide resolved
agent/xds/rbac_test.go Outdated Show resolved Hide resolved
agent/xds/rbac.go Show resolved Hide resolved
agent/xds/rbac.go Show resolved Hide resolved
@roncodingenthusiast roncodingenthusiast removed the pr/no-changelog PR does not need a corresponding .changelog entry label May 30, 2023
@roncodingenthusiast roncodingenthusiast merged commit 55e283d into main May 30, 2023
@roncodingenthusiast roncodingenthusiast deleted the NET-3092-verify-claims branch May 30, 2023 17:38
@p-linnane p-linnane mentioned this pull request Jun 27, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pglass pglass pglass approved these changes

@eikenb eikenb Awaiting requested review from eikenb

Assignees
No one assigned
Labels
pr/no-backport pr/no-docs PR does not include docs and should not trigger reminder for cherrypicking them. theme/envoy/xds Related to Envoy support
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@roncodingenthusiast @pglass