Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
unhide jwt claim authz
Browse files Browse the repository at this point in the history
Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
zhaohuabing committed Nov 8, 2024
1 parent 0017043 commit bae5d02
Showing 5 changed files with 12 additions and 3 deletions.
1 change: 0 additions & 1 deletion api/v1alpha1/authorization_types.go
Original file line number Diff line number Diff line change
@@ -71,7 +71,6 @@ type Principal struct {
// Note: in order to use JWT claims for authorization, you must configure the
// JWT authentication in the same `SecurityPolicy`.
// +optional
// +notImplementedHide
JWT *JWTPrincipal `json:"jwt,omitempty"`
}

6 changes: 5 additions & 1 deletion site/content/en/docs/api/extension_types.md
Original file line number Diff line number Diff line change
@@ -484,6 +484,7 @@ A CIDR can be an IPv4 address range such as "192.168.1.0/24" or an IPv6 address

_Appears in:_
- [Principal](#principal)
- [XForwardedForSettings](#xforwardedforsettings)



@@ -2836,6 +2837,7 @@ _Appears in:_
| Field | Type | Required | Description |
| --- | --- | --- | --- |
| `clientCIDRs` | _[CIDR](#cidr) array_ | false | ClientCIDRs are the IP CIDR ranges of the client.<br />Valid examples are "192.168.1.0/24" or "2001:db8::/64"<br /><br />If multiple CIDR ranges are specified, one of the CIDR ranges must match<br />the client IP for the rule to match.<br /><br />The client IP is inferred from the X-Forwarded-For header, a custom header,<br />or the proxy protocol.<br />You can use the `ClientIPDetection` or the `EnableProxyProtocol` field in<br />the `ClientTrafficPolicy` to configure how the client IP is detected. |
| `jwt` | _[JWTPrincipal](#jwtprincipal)_ | false | JWT authorize the request based on the JWT claims and scopes.<br />Note: in order to use JWT claims for authorization, you must configure the<br />JWT authentication in the same `SecurityPolicy`. |


#### ProcessingModeOptions
@@ -4142,13 +4144,15 @@ _Appears in:_


XForwardedForSettings provides configuration for using X-Forwarded-For headers for determining the client IP address.
Refer to https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-forwarded-for
for more details.

_Appears in:_
- [ClientIPDetectionSettings](#clientipdetectionsettings)

| Field | Type | Required | Description |
| --- | --- | --- | --- |
| `numTrustedHops` | _integer_ | false | NumTrustedHops controls the number of additional ingress proxy hops from the right side of XFF HTTP<br />headers to trust when determining the origin client's IP address.<br />Refer to https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-forwarded-for<br />for more details. |
| `numTrustedHops` | _integer_ | false | NumTrustedHops controls the number of additional ingress proxy hops from the right side of XFF HTTP<br />headers to trust when determining the origin client's IP address.<br />Only one of NumTrustedHops and TrustedCIDRs must be set. |


#### ZipkinTracingProvider
1 change: 1 addition & 0 deletions site/content/en/latest/api/extension_types.md
Original file line number Diff line number Diff line change
@@ -2837,6 +2837,7 @@ _Appears in:_
| Field | Type | Required | Description |
| --- | --- | --- | --- |
| `clientCIDRs` | _[CIDR](#cidr) array_ | false | ClientCIDRs are the IP CIDR ranges of the client.<br />Valid examples are "192.168.1.0/24" or "2001:db8::/64"<br /><br />If multiple CIDR ranges are specified, one of the CIDR ranges must match<br />the client IP for the rule to match.<br /><br />The client IP is inferred from the X-Forwarded-For header, a custom header,<br />or the proxy protocol.<br />You can use the `ClientIPDetection` or the `EnableProxyProtocol` field in<br />the `ClientTrafficPolicy` to configure how the client IP is detected. |
| `jwt` | _[JWTPrincipal](#jwtprincipal)_ | false | JWT authorize the request based on the JWT claims and scopes.<br />Note: in order to use JWT claims for authorization, you must configure the<br />JWT authentication in the same `SecurityPolicy`. |


#### ProcessingModeOptions
6 changes: 5 additions & 1 deletion site/content/en/v1.2/api/extension_types.md
Original file line number Diff line number Diff line change
@@ -484,6 +484,7 @@ A CIDR can be an IPv4 address range such as "192.168.1.0/24" or an IPv6 address

_Appears in:_
- [Principal](#principal)
- [XForwardedForSettings](#xforwardedforsettings)



@@ -2836,6 +2837,7 @@ _Appears in:_
| Field | Type | Required | Description |
| --- | --- | --- | --- |
| `clientCIDRs` | _[CIDR](#cidr) array_ | false | ClientCIDRs are the IP CIDR ranges of the client.<br />Valid examples are "192.168.1.0/24" or "2001:db8::/64"<br /><br />If multiple CIDR ranges are specified, one of the CIDR ranges must match<br />the client IP for the rule to match.<br /><br />The client IP is inferred from the X-Forwarded-For header, a custom header,<br />or the proxy protocol.<br />You can use the `ClientIPDetection` or the `EnableProxyProtocol` field in<br />the `ClientTrafficPolicy` to configure how the client IP is detected. |
| `jwt` | _[JWTPrincipal](#jwtprincipal)_ | false | JWT authorize the request based on the JWT claims and scopes.<br />Note: in order to use JWT claims for authorization, you must configure the<br />JWT authentication in the same `SecurityPolicy`. |


#### ProcessingModeOptions
@@ -4142,13 +4144,15 @@ _Appears in:_


XForwardedForSettings provides configuration for using X-Forwarded-For headers for determining the client IP address.
Refer to https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-forwarded-for
for more details.

_Appears in:_
- [ClientIPDetectionSettings](#clientipdetectionsettings)

| Field | Type | Required | Description |
| --- | --- | --- | --- |
| `numTrustedHops` | _integer_ | false | NumTrustedHops controls the number of additional ingress proxy hops from the right side of XFF HTTP<br />headers to trust when determining the origin client's IP address.<br />Refer to https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-forwarded-for<br />for more details. |
| `numTrustedHops` | _integer_ | false | NumTrustedHops controls the number of additional ingress proxy hops from the right side of XFF HTTP<br />headers to trust when determining the origin client's IP address.<br />Only one of NumTrustedHops and TrustedCIDRs must be set. |


#### ZipkinTracingProvider
1 change: 1 addition & 0 deletions site/content/zh/latest/api/extension_types.md
Original file line number Diff line number Diff line change
@@ -2837,6 +2837,7 @@ _Appears in:_
| Field | Type | Required | Description |
| --- | --- | --- | --- |
| `clientCIDRs` | _[CIDR](#cidr) array_ | false | ClientCIDRs are the IP CIDR ranges of the client.<br />Valid examples are "192.168.1.0/24" or "2001:db8::/64"<br /><br />If multiple CIDR ranges are specified, one of the CIDR ranges must match<br />the client IP for the rule to match.<br /><br />The client IP is inferred from the X-Forwarded-For header, a custom header,<br />or the proxy protocol.<br />You can use the `ClientIPDetection` or the `EnableProxyProtocol` field in<br />the `ClientTrafficPolicy` to configure how the client IP is detected. |
| `jwt` | _[JWTPrincipal](#jwtprincipal)_ | false | JWT authorize the request based on the JWT claims and scopes.<br />Note: in order to use JWT claims for authorization, you must configure the<br />JWT authentication in the same `SecurityPolicy`. |


#### ProcessingModeOptions

0 comments on commit bae5d02

Please sign in to comment.