AuthorizationPolicy with JWT per path

Nipe · May 22, 2023, 9:23am

Hello,
I am trying to achieve an AuthorizationPolicy with JWT per path. I tried the example of the official documentation without success. I need that /api/test/docs is accessible without token.

apiVersion: security.istio.io/v1
kind: AuthorizationPolicy
metadata:
  name: testapiauthz
spec:
  selector:
    matchLabels:
      app: test-api
  action: ALLOW
  rules:
  - to:
    - operation:
        paths: ["/api/test/docs"]
  - from:
    - source:
        requestPrincipals: ["*"]
    to:
    - operation:
        paths: ["/api/test/v1/*"]
---
apiVersion: security.istio.io/v1
kind: RequestAuthentication
metadata:
  name: testapiauthn
  namespace: testapinamespace
spec:
  selector:
    matchLabels:
      app: test-api
  jwtRules:
  - issuer: "https://example-idp.com/XXXXXXXX"
    jwksUri: "https://example-idp.com/XXXXXXXX/.well-known/jwks.json"

The issue is that both of the endpoints are having auth or not having auth. I can’t find a way to enable the auth only on required endpoints.

Topic		Replies	Views
AuthorizationPolicy with wildcards	4	2494	January 18, 2021
AuthorizationPolicy not Enforced Security security	2	949	October 8, 2020
Exclude RequestAuthentication JWT rules for specific paths Security	3	1177	June 24, 2022
Istio 1.5.4 Having a general AuthorizationPolicy and one specific by service Policies and Telemetry	4	1263	October 12, 2020
Authorization policy challenge Security	6	1184	April 4, 2020

AuthorizationPolicy with JWT per path

Related topics