status-im
/
consul
mirror of https://github.com/status-im/consul.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

docs: minor fixes to JWT auth docs (#17680) 

* Fixes

* service intentions fixes
This commit is contained in:
Jeff Boruszak 2023-06-12 15:46:25 -07:00 committed by GitHub
parent 66704e5cb9
commit 37a13dcf82
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 132 additions and 132 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

162
website/content/docs/connect/config-entries/jwt-provider.mdx
View File

@ -108,53 +108,53 @@ Kind = "jwt-provider" # required
Name = "<name-of-provider-configuration-entry>" # required Name = "<name-of-provider-configuration-entry>" # required
Issuer = "<jwt-issuer>" # required Issuer = "<jwt-issuer>" # required
JSONWebKeySet = { # required JSONWebKeySet = { # required
Local = { # cannot specify with JWKS{}.Remote Local = { # cannot specify with JWKS{}.Remote
JWKS = "<JWKS-formatted-as-string>" # cannot specify with JWKS{}.Local{}.Filename JWKS = "<JWKS-as-base64-string>" # cannot specify with JWKS{}.Local{}.Filename
Filename = "<path/to/JWKS/file>" # cannot specify with JWKS{}.Local{}.String Filename = "<path/to/JWKS/file>" # cannot specify with JWKS{}.Local{}.String
} }
} }
JSONWebKeySet = { JSONWebKeySet = {
Remote = { # cannot specify with JWKS{}.Local Remote = { # cannot specify with JWKS{}.Local
URI = "<uniform-resource-identifier>" URI = "<uniform-resource-identifier>"
RequestTimeoutMs = 1500 RequestTimeoutMs = 1500
CacheDuration = "5m" CacheDuration = "5m"
FetchAsynchronously = false FetchAsynchronously = false
RetryPolicy = { RetryPolicy = {
NumRetries = 0 NumRetries = 0
RetryPolicyBackoff = { RetryPolicyBackoff = {
BaseInterval = "1s" BaseInterval = "1s"
MaxInterval = "10s" MaxInterval = "10s"
}
}
}
} }
}
}
}
Audiences = ["<aud-claims>"] Audiences = ["<aud-claims>"]
Locations = [ Locations = [
{ {
Header = { Header = {
Name = "<name-of-header-with-token>" Name = "<name-of-header-with-token>"
ValuePrefix = "<prefix-in-header-before-token>" ValuePrefix = "<prefix-in-header-before-token>"
Forward = false Forward = false
}
},
{
QueryParam = {
Name = "<name-of-query-parameter-with-token>"
}
},
{
Cookie = {
Name = "<name-of-cookie-with-token>"
}
} }
},
{
QueryParam = {
Name = "<name-of-query-parameter-with-token>"
}
},
{
Cookie = {
Name = "<name-of-cookie-with-token>"
}
}
] ]
Forwarding = { Forwarding = {
HeaderName = "<name-appended-to-forwarding-header>" HeaderName = "<name-appended-to-forwarding-header>"
PadForwardPayloadHeader = false PadForwardPayloadHeader = false
} }
ClockSkewSeconds = 30 ClockSkewSeconds = 30
CacheConfig = { CacheConfig = {
Size = 0 Size = 0
} }
``` ```
@ -164,58 +164,58 @@ CacheConfig = {
```json ```json
{ {
"Kind": "jwt-provider", // required "Kind": "jwt-provider", // required
"Name": "<name-of-provider-configuration-entry>", // required "Name": "<name-of-provider-configuration-entry>", // required
"Issuer": "<jwt-issuer>", // required "Issuer": "<jwt-issuer>", // required
"JSONWebKeySet": { // required "JSONWebKeySet": { // required
"Local": { // cannot specify with JWKS.Remote "Local": { // cannot specify with JWKS.Remote
"JWKS": "<JWKS-formatted-as-string>", // cannot specify with JWKS.Local.Filename "JWKS": "<JWKS-as-base64-string>", // cannot specify with JWKS.Local.Filename
"Filename": "<path/to/JWKS/file>" // cannot specify with JWKS.Local.String "Filename": "<path/to/JWKS/file>" // cannot specify with JWKS.Local.String
} }
}, },
"JSONWebKeySet": { "JSONWebKeySet": {
"Remote": { // cannot specify with JWKS.Local "Remote": { // cannot specify with JWKS.Local
"URI": "<uniform-resource-identifier>", "URI": "<uniform-resource-identifier>",
"RequestTimeoutMs": "1500", "RequestTimeoutMs": "1500",
"CacheDuration": "5m", "CacheDuration": "5m",
"FetchAsynchronously": "false", "FetchAsynchronously": "false",
"RetryPolicy": { "RetryPolicy": {
"NumRetries": "0", "NumRetries": "0",
"RetryPolicyBackOff": { "RetryPolicyBackOff": {
"BaseInterval": "1s", "BaseInterval": "1s",
"MaxInterval": "10s" "MaxInterval": "10s"
}
}
} }
}, }
"Audiences": ["<aud-claims>"], }
"Locations": [ },
"Audiences": ["<aud-claims>"],
"Locations": [
{ {
"Header": { "Header": {
"Name": "<name-of-header-with-token>", "Name": "<name-of-header-with-token>",
"ValuePrefix": "<prefix-in-header-before-token>", "ValuePrefix": "<prefix-in-header-before-token>",
"Forward": "false" "Forward": "false"
} }
}, },
{ {
"QueryParam": { "QueryParam": {
"Name":"<name-of-query-parameter-with-token>", "Name":"<name-of-query-parameter-with-token>",
} }
}, },
{ {
"Cookie": { "Cookie": {
"Name": "<name-of-cookie-with-token>" "Name": "<name-of-cookie-with-token>"
} }
} }
], ],
"Forwarding": { "Forwarding": {
"HeaderName": "<name-appended-to-forwarding-header>", "HeaderName": "<name-appended-to-forwarding-header>",
"PadForwardPayloadHeader": "false" "PadForwardPayloadHeader": "false"
}, },
"ClockSkewSeconds": "30", "ClockSkewSeconds": "30",
"CacheConfig": { "CacheConfig": {
"Size": "0" "Size": "0"
} }
} }
``` ```
@ -233,7 +233,7 @@ spec: # required
issuer: <jwt-issuer> issuer: <jwt-issuer>
jsonWebKeySet: jsonWebKeySet:
local: # cannot specify with spec.jsonWebKeySet.remote local: # cannot specify with spec.jsonWebKeySet.remote
jwks: <jwks-formatted-as-string> # cannot specify with spec.jsonWebKeySet.local.filename jwks: <jwks-as-base64-string> # cannot specify with spec.jsonWebKeySet.local.filename
filename: <path/to/jwks/file> # cannot specify with spec.jsonWebKeySet.local.string filename: <path/to/jwks/file> # cannot specify with spec.jsonWebKeySet.local.string
jsonWebKeySet: jsonWebKeySet:
remote: # cannot specify with spec.jsonWebKeySet.local remote: # cannot specify with spec.jsonWebKeySet.local
@ -1014,7 +1014,7 @@ metadata:
name: okta name: okta
spec: spec:
issuer: okta issuer: okta
jsonwebkeyset: jsonWebKeySet:
remote: remote:
uri: https://<org>.okta.com/oauth2/default/v1/keys uri: https://<org>.okta.com/oauth2/default/v1/keys
cacheDuration: 30m cacheDuration: 30m

102
website/content/docs/connect/config-entries/service-intentions.mdx
View File

@ -1506,64 +1506,64 @@ Sources = [
``` ```
```yaml ```yaml
apiVersion: consul.hashicorp.com/v1alpha1 apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceIntentions kind: ServiceIntentions
metadata: metadata:
name: backend name: backend
spec: spec:
sources: sources:
name: frontend name: frontend
permissions: permissions:
http:
pathExact: /admin
jwt:
providers:
name: okta
verifyClaims:
path:
- perms
- role
value: admin
action: allow
http: http:
pathPrefix: / pathExact: /admin
jwt:
providers:
name: okta
verifyClaims:
path:
- perms
- role
value: admin
action: allow
http:
pathPrefix: /
``` ```
```json ```json
{ {
"Kind": "service-intentions", "Kind": "service-intentions",
"Name": "backend", "Name": "backend",
"Sources": [ "Sources": [
{ {
"Name": "frontend", "Name": "frontend",
"Permissions": [ "Permissions": [
{ {
"HTTP": { "HTTP": {
"PathExact": "/admin" "PathExact": "/admin"
},
"JWT": {
"Providers": [
{
"Name": "okta",
"VerifyClaims": [
{
"Path": ["perms", "role"],
"Value": "admin"
}
]
}
]
}
}, },
"JWT": { {
"Providers": [ "Action": "allow",
{ "HTTP": {
"Name": "okta", "PathPrefix": "/"
"VerifyClaims": [ }
{
"Path": ["perms", "role"],
"Value": "admin"
}
]
}
]
} }
}, ]
{ }
"Action": "allow", ]
"HTTP": {
"PathPrefix": "/"
}
}
]
}
]
} }
``` ```