mirror of https://github.com/status-im/consul.git
docs: minor fixes to JWT auth docs (#17680)
* Fixes * service intentions fixes
This commit is contained in:
Jeff Boruszak
GitHub
parent
66704e5cb9
commit
37a13dcf82
|
|
@ -109,7 +109,7 @@ Name = "<name-of-provider-configuration-entry>" # required
|
||||||
Issuer = "<jwt-issuer>" # required
|
Issuer = "<jwt-issuer>" # required
|
||||||
JSONWebKeySet = { # required
|
JSONWebKeySet = { # required
|
||||||
Local = { # cannot specify with JWKS{}.Remote
|
Local = { # cannot specify with JWKS{}.Remote
|
||||||
JWKS = "<JWKS-formatted-as-string>" # cannot specify with JWKS{}.Local{}.Filename
|
JWKS = "<JWKS-as-base64-string>" # cannot specify with JWKS{}.Local{}.Filename
|
||||||
Filename = "<path/to/JWKS/file>" # cannot specify with JWKS{}.Local{}.String
|
Filename = "<path/to/JWKS/file>" # cannot specify with JWKS{}.Local{}.String
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -127,7 +127,7 @@ JSONWebKeySet = {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
Audiences = ["<aud-claims>"]
|
Audiences = ["<aud-claims>"]
|
||||||
Locations = [
|
Locations = [
|
||||||
{
|
{
|
||||||
|
|
@ -164,16 +164,16 @@ CacheConfig = {
|
||||||
|
|
||||||
```json
|
```json
|
||||||
{
|
{
|
||||||
"Kind": "jwt-provider", // required
|
"Kind": "jwt-provider", // required
|
||||||
"Name": "<name-of-provider-configuration-entry>", // required
|
"Name": "<name-of-provider-configuration-entry>", // required
|
||||||
"Issuer": "<jwt-issuer>", // required
|
"Issuer": "<jwt-issuer>", // required
|
||||||
"JSONWebKeySet": { // required
|
"JSONWebKeySet": { // required
|
||||||
"Local": { // cannot specify with JWKS.Remote
|
"Local": { // cannot specify with JWKS.Remote
|
||||||
"JWKS": "<JWKS-formatted-as-string>", // cannot specify with JWKS.Local.Filename
|
"JWKS": "<JWKS-as-base64-string>", // cannot specify with JWKS.Local.Filename
|
||||||
"Filename": "<path/to/JWKS/file>" // cannot specify with JWKS.Local.String
|
"Filename": "<path/to/JWKS/file>" // cannot specify with JWKS.Local.String
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"JSONWebKeySet": {
|
"JSONWebKeySet": {
|
||||||
"Remote": { // cannot specify with JWKS.Local
|
"Remote": { // cannot specify with JWKS.Local
|
||||||
"URI": "<uniform-resource-identifier>",
|
"URI": "<uniform-resource-identifier>",
|
||||||
"RequestTimeoutMs": "1500",
|
"RequestTimeoutMs": "1500",
|
||||||
|
|
@ -187,9 +187,9 @@ CacheConfig = {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"Audiences": ["<aud-claims>"],
|
"Audiences": ["<aud-claims>"],
|
||||||
"Locations": [
|
"Locations": [
|
||||||
{
|
{
|
||||||
"Header": {
|
"Header": {
|
||||||
"Name": "<name-of-header-with-token>",
|
"Name": "<name-of-header-with-token>",
|
||||||
|
|
@ -207,15 +207,15 @@ CacheConfig = {
|
||||||
"Name": "<name-of-cookie-with-token>"
|
"Name": "<name-of-cookie-with-token>"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"Forwarding": {
|
"Forwarding": {
|
||||||
"HeaderName": "<name-appended-to-forwarding-header>",
|
"HeaderName": "<name-appended-to-forwarding-header>",
|
||||||
"PadForwardPayloadHeader": "false"
|
"PadForwardPayloadHeader": "false"
|
||||||
},
|
},
|
||||||
"ClockSkewSeconds": "30",
|
"ClockSkewSeconds": "30",
|
||||||
"CacheConfig": {
|
"CacheConfig": {
|
||||||
"Size": "0"
|
"Size": "0"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
@ -233,7 +233,7 @@ spec: # required
|
||||||
issuer: <jwt-issuer>
|
issuer: <jwt-issuer>
|
||||||
jsonWebKeySet:
|
jsonWebKeySet:
|
||||||
local: # cannot specify with spec.jsonWebKeySet.remote
|
local: # cannot specify with spec.jsonWebKeySet.remote
|
||||||
jwks: <jwks-formatted-as-string> # cannot specify with spec.jsonWebKeySet.local.filename
|
jwks: <jwks-as-base64-string> # cannot specify with spec.jsonWebKeySet.local.filename
|
||||||
filename: <path/to/jwks/file> # cannot specify with spec.jsonWebKeySet.local.string
|
filename: <path/to/jwks/file> # cannot specify with spec.jsonWebKeySet.local.string
|
||||||
jsonWebKeySet:
|
jsonWebKeySet:
|
||||||
remote: # cannot specify with spec.jsonWebKeySet.local
|
remote: # cannot specify with spec.jsonWebKeySet.local
|
||||||
|
|
@ -1014,7 +1014,7 @@ metadata:
|
||||||
name: okta
|
name: okta
|
||||||
spec:
|
spec:
|
||||||
issuer: okta
|
issuer: okta
|
||||||
jsonwebkeyset:
|
jsonWebKeySet:
|
||||||
remote:
|
remote:
|
||||||
uri: https://<org>.okta.com/oauth2/default/v1/keys
|
uri: https://<org>.okta.com/oauth2/default/v1/keys
|
||||||
cacheDuration: 30m
|
cacheDuration: 30m
|
||||||
|
|
|
||||||
|
|
@ -1506,11 +1506,11 @@ Sources = [
|
||||||
```
|
```
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
apiVersion: consul.hashicorp.com/v1alpha1
|
apiVersion: consul.hashicorp.com/v1alpha1
|
||||||
kind: ServiceIntentions
|
kind: ServiceIntentions
|
||||||
metadata:
|
metadata:
|
||||||
name: backend
|
name: backend
|
||||||
spec:
|
spec:
|
||||||
sources:
|
sources:
|
||||||
name: frontend
|
name: frontend
|
||||||
permissions:
|
permissions:
|
||||||
|
|
@ -1531,9 +1531,9 @@ Sources = [
|
||||||
|
|
||||||
```json
|
```json
|
||||||
{
|
{
|
||||||
"Kind": "service-intentions",
|
"Kind": "service-intentions",
|
||||||
"Name": "backend",
|
"Name": "backend",
|
||||||
"Sources": [
|
"Sources": [
|
||||||
{
|
{
|
||||||
"Name": "frontend",
|
"Name": "frontend",
|
||||||
"Permissions": [
|
"Permissions": [
|
||||||
|
|
@ -1563,7 +1563,7 @@ Sources = [
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue