Hello,
I am trying to achieve an AuthorizationPolicy with JWT per path. I tried the example of the official documentation without success. I need that /api/test/docs is accessible without token.
apiVersion: security.istio.io/v1
kind: AuthorizationPolicy
metadata:
name: testapiauthz
spec:
selector:
matchLabels:
app: test-api
action: ALLOW
rules:
- to:
- operation:
paths: ["/api/test/docs"]
- from:
- source:
requestPrincipals: ["*"]
to:
- operation:
paths: ["/api/test/v1/*"]
---
apiVersion: security.istio.io/v1
kind: RequestAuthentication
metadata:
name: testapiauthn
namespace: testapinamespace
spec:
selector:
matchLabels:
app: test-api
jwtRules:
- issuer: "https://example-idp.com/XXXXXXXX"
jwksUri: "https://example-idp.com/XXXXXXXX/.well-known/jwks.json"
The issue is that both of the endpoints are having auth or not having auth. I can’t find a way to enable the auth only on required endpoints.