Hi,
I am trying to check the presence of an claim with type integer. In case I apply the authz policy as described below envoy does not find a matching policy. Without the wildcard “*” it is working. From what I understand from the Istio docs (Istio / Authorization Policy) any string field in the rule supports Exact, Prefix, Suffix and Presence match and configuring the when condition is a string field. So I would expect a working authz policy.
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: jwt
namespace: foo
spec:
selector:
matchLabels:
app: httpbin
action: ALLOW
rules:
- from:
- source:
requestPrincipals: ["someIssuer/dsfjfdf948487dkjsf"]
when:
- key: request.auth.claims[iat]
values: ["*"]
Any ideas?