Skip to content

[NET-3092] JWT Verify claims handling#17452

Merged
roncodingenthusiast merged 10 commits into
mainfrom
NET-3092-verify-claims
May 30, 2023
Merged

[NET-3092] JWT Verify claims handling#17452
roncodingenthusiast merged 10 commits into
mainfrom
NET-3092-verify-claims

Conversation

@roncodingenthusiast
Copy link
Copy Markdown
Contributor

@roncodingenthusiast roncodingenthusiast commented May 24, 2023
edited
Loading

Description

  • This PR first changes how we write the payload key in the jwt_authn filters. The payload key is based on the path and provider name to eliminate any cross provider/path claims validation
  • Then subsequently we get that payload name and write it on rbac policies for claims validation during http requests

background info

potential todo

  • maybe add more tests for utility functions?

@roncodingenthusiast roncodingenthusiast added pr/no-changelog PR does not need a corresponding .changelog entry pr/no-docs PR does not include docs and should not trigger reminder for cherrypicking them. pr/no-backport labels May 24, 2023
@github-actions github-actions Bot added the theme/envoy/xds Related to Envoy support label May 24, 2023
roncodingenthusiast
roncodingenthusiast commented May 24, 2023
View reviewed changes
Comment thread agent/xds/rbac.go
@roncodingenthusiast roncodingenthusiast force-pushed the NET-3092-verify-claims branch 4 times, most recently from f579add to c4bcb35 Compare May 26, 2023 16:38
@roncodingenthusiast roncodingenthusiast marked this pull request as ready for review May 26, 2023 16:38
@roncodingenthusiast roncodingenthusiast changed the title WIP - [NET-3092] JWT Verify claims handling [NET-3092] JWT Verify claims handling May 26, 2023
@roncodingenthusiast roncodingenthusiast requested review from a team, eikenb and pglass and removed request for a team May 26, 2023 16:38
pglass
pglass reviewed May 26, 2023
View reviewed changes
Comment thread agent/xds/jwt_authn.go Outdated
Comment thread agent/xds/jwt_authn.go Outdated
Comment thread agent/xds/jwt_authn.go Outdated
Comment thread agent/xds/rbac.go Outdated
Comment thread agent/xds/jwt_authn.go Outdated
Comment thread agent/xds/jwt_authn.go Outdated
pglass
pglass reviewed May 26, 2023
View reviewed changes
Comment thread agent/xds/jwt_authn.go Outdated
pglass
pglass reviewed May 26, 2023
View reviewed changes
Comment thread agent/xds/jwt_authn.go Outdated
pglass
pglass reviewed May 30, 2023
View reviewed changes
Comment thread agent/xds/jwt_authn.go Outdated
Comment thread agent/xds/rbac.go Outdated
Comment thread agent/xds/rbac.go Outdated
Comment thread agent/xds/rbac.go Outdated
Comment thread agent/xds/rbac_test.go Outdated
Comment thread agent/xds/rbac.go Outdated
Comment thread agent/xds/rbac.go Outdated
pglass
pglass reviewed May 30, 2023
View reviewed changes
Comment thread agent/xds/testdata/rbac/empty-top-level-jwt-with-one-permission--httpfilter.golden Outdated
pglass
pglass suggested changes May 30, 2023
View reviewed changes
Comment thread agent/xds/testdata/rbac/empty-top-level-jwt-with-one-permission--httpfilter.golden Outdated
@roncodingenthusiast roncodingenthusiast removed the pr/no-changelog PR does not need a corresponding .changelog entry label May 30, 2023
@roncodingenthusiast roncodingenthusiast merged commit 55e283d into main May 30, 2023
@roncodingenthusiast roncodingenthusiast deleted the NET-3092-verify-claims branch May 30, 2023 17:38
@p-linnane p-linnane mentioned this pull request Jun 27, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@eikenb eikenb Awaiting requested review from eikenb

1 more reviewer

@pglass pglass pglass approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

pr/no-backport pr/no-docs PR does not include docs and should not trigger reminder for cherrypicking them. theme/envoy/xds Related to Envoy support

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@roncodingenthusiast @pglass