status-im
/
consul
mirror of https://github.com/status-im/consul.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fixes (#17765)

This commit is contained in:
Jeff Boruszak 2023-06-15 11:24:40 -07:00 committed by GitHub
parent f9aa7aebb3
commit 414a61da28
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 132 additions and 132 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
website/content/docs/connect/config-entries/jwt-provider.mdx
View File

@ -108,53 +108,53 @@ Kind = "jwt-provider" # required
Name = "<name-of-provider-configuration-entry>" # required Name = "<name-of-provider-configuration-entry>" # required
Issuer = "<jwt-issuer>" # required Issuer = "<jwt-issuer>" # required
JSONWebKeySet = { # required JSONWebKeySet = { # required
Local = { # cannot specify with JWKS{}.Remote Local = { # cannot specify with JWKS{}.Remote
JWKS = "<JWKS-as-base64-string>" # cannot specify with JWKS{}.Local{}.Filename JWKS = "<JWKS-as-base64-string>" # cannot specify with JWKS{}.Local{}.Filename
Filename = "<path/to/JWKS/file>" # cannot specify with JWKS{}.Local{}.String Filename = "<path/to/JWKS/file>" # cannot specify with JWKS{}.Local{}.String
} }
} }
JSONWebKeySet = { JSONWebKeySet = {
Remote = { # cannot specify with JWKS{}.Local Remote = { # cannot specify with JWKS{}.Local
URI = "<uniform-resource-identifier>" URI = "<uniform-resource-identifier>"
RequestTimeoutMs = 1500 RequestTimeoutMs = 1500
CacheDuration = "5m" CacheDuration = "5m"
FetchAsynchronously = false FetchAsynchronously = false
RetryPolicy = { RetryPolicy = {
NumRetries = 0 NumRetries = 0
RetryPolicyBackoff = { RetryPolicyBackoff = {
BaseInterval = "1s" BaseInterval = "1s"
MaxInterval = "10s" MaxInterval = "10s"
}
}
}
} }
}
}
}
Audiences = ["<aud-claims>"] Audiences = ["<aud-claims>"]
Locations = [ Locations = [
{ {
Header = { Header = {
Name = "<name-of-header-with-token>" Name = "<name-of-header-with-token>"
ValuePrefix = "<prefix-in-header-before-token>" ValuePrefix = "<prefix-in-header-before-token>"
Forward = false Forward = false
}
},
{
QueryParam = {
Name = "<name-of-query-parameter-with-token>"
}
},
{
Cookie = {
Name = "<name-of-cookie-with-token>"
}
} }
},
{
QueryParam = {
Name = "<name-of-query-parameter-with-token>"
}
},
{
Cookie = {
Name = "<name-of-cookie-with-token>"
}
}
] ]
Forwarding = { Forwarding = {
HeaderName = "<name-appended-to-forwarding-header>" HeaderName = "<name-appended-to-forwarding-header>"
PadForwardPayloadHeader = false PadForwardPayloadHeader = false
} }
ClockSkewSeconds = 30 ClockSkewSeconds = 30
CacheConfig = { CacheConfig = {
Size = 0 Size = 0
} }
``` ```
@ -164,58 +164,58 @@ CacheConfig = {
```json ```json
{ {
"Kind": "jwt-provider", // required "Kind": "jwt-provider", // required
"Name": "<name-of-provider-configuration-entry>", // required "Name": "<name-of-provider-configuration-entry>", // required
"Issuer": "<jwt-issuer>", // required "Issuer": "<jwt-issuer>", // required
"JSONWebKeySet": { // required "JSONWebKeySet": { // required
"Local": { // cannot specify with JWKS.Remote "Local": { // cannot specify with JWKS.Remote
"JWKS": "<JWKS-as-base64-string>", // cannot specify with JWKS.Local.Filename "JWKS": "<JWKS-as-base64-string>", // cannot specify with JWKS.Local.Filename
"Filename": "<path/to/JWKS/file>" // cannot specify with JWKS.Local.String "Filename": "<path/to/JWKS/file>" // cannot specify with JWKS.Local.String
} }
}, },
"JSONWebKeySet": { "JSONWebKeySet": {
"Remote": { // cannot specify with JWKS.Local "Remote": { // cannot specify with JWKS.Local
"URI": "<uniform-resource-identifier>", "URI": "<uniform-resource-identifier>",
"RequestTimeoutMs": "1500", "RequestTimeoutMs": "1500",
"CacheDuration": "5m", "CacheDuration": "5m",
"FetchAsynchronously": "false", "FetchAsynchronously": "false",
"RetryPolicy": { "RetryPolicy": {
"NumRetries": "0", "NumRetries": "0",
"RetryPolicyBackOff": { "RetryPolicyBackOff": {
"BaseInterval": "1s", "BaseInterval": "1s",
"MaxInterval": "10s" "MaxInterval": "10s"
}
}
} }
} },
} "Audiences": ["<aud-claims>"],
}, "Locations": [
"Audiences": ["<aud-claims>"],
"Locations": [
{ {
"Header": { "Header": {
"Name": "<name-of-header-with-token>", "Name": "<name-of-header-with-token>",
"ValuePrefix": "<prefix-in-header-before-token>", "ValuePrefix": "<prefix-in-header-before-token>",
"Forward": "false" "Forward": "false"
} }
}, },
{ {
"QueryParam": { "QueryParam": {
"Name":"<name-of-query-parameter-with-token>", "Name":"<name-of-query-parameter-with-token>",
} }
}, },
{ {
"Cookie": { "Cookie": {
"Name": "<name-of-cookie-with-token>" "Name": "<name-of-cookie-with-token>"
} }
} }
], ],
"Forwarding": { "Forwarding": {
"HeaderName": "<name-appended-to-forwarding-header>", "HeaderName": "<name-appended-to-forwarding-header>",
"PadForwardPayloadHeader": "false" "PadForwardPayloadHeader": "false"
}, },
"ClockSkewSeconds": "30", "ClockSkewSeconds": "30",
"CacheConfig": { "CacheConfig": {
"Size": "0" "Size": "0"
} }
} }
``` ```
@ -1014,7 +1014,7 @@ metadata:
name: okta name: okta
spec: spec:
issuer: okta issuer: okta
jsonWebKeySet: jsonwebkeyset:
remote: remote:
uri: https://<org>.okta.com/oauth2/default/v1/keys uri: https://<org>.okta.com/oauth2/default/v1/keys
cacheDuration: 30m cacheDuration: 30m

102
website/content/docs/connect/config-entries/service-intentions.mdx
View File

@ -1506,64 +1506,64 @@ Sources = [
``` ```
```yaml ```yaml
apiVersion: consul.hashicorp.com/v1alpha1 apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceIntentions kind: ServiceIntentions
metadata: metadata:
name: backend name: backend
spec: spec:
sources: sources:
name: frontend name: frontend
permissions: permissions:
http:
pathExact: /admin
jwt:
providers:
name: okta
verifyClaims:
path:
- perms
- role
value: admin
action: allow
http: http:
pathExact: /admin pathPrefix: /
jwt:
providers:
name: okta
verifyClaims:
path:
- perms
- role
value: admin
action: allow
http:
pathPrefix: /
``` ```
```json ```json
{ {
"Kind": "service-intentions", "Kind": "service-intentions",
"Name": "backend", "Name": "backend",
"Sources": [ "Sources": [
{ {
"Name": "frontend", "Name": "frontend",
"Permissions": [ "Permissions": [
{ {
"HTTP": { "HTTP": {
"PathExact": "/admin" "PathExact": "/admin"
},
"JWT": {
"Providers": [
{
"Name": "okta",
"VerifyClaims": [
{
"Path": ["perms", "role"],
"Value": "admin"
}
]
}
]
}
}, },
{ "JWT": {
"Action": "allow", "Providers": [
"HTTP": { {
"PathPrefix": "/" "Name": "okta",
} "VerifyClaims": [
{
"Path": ["perms", "role"],
"Value": "admin"
}
]
}
]
} }
] },
} {
] "Action": "allow",
"HTTP": {
"PathPrefix": "/"
}
}
]
}
]
} }
``` ```

2
website/content/docs/connect/intentions/jwt-authorization.mdx
View File

@ -98,4 +98,4 @@ After you update the service intention, write the configuration to Consul so tha
```shell-session ```shell-session
$ consul config write web-intention.hcl $ consul config write web-intention.hcl
``` ```