i need to implement istio jwt validation for a SINGLE microservice that expose different paths, i would like to have a one generic authorization policy to enable jwt for all endpoint :
and i have the need to exclude a single path from jwt and check with another AuthorizationPolicy the authorization basic header :
so i tested different way to have the authorizationpolicy where in one i enable jwt validation for all paths ["*"] and then exclude with notPaths["/ciao/italia]"] from jwt but it’s not working, one of the way is:
- key: request.auth.claims[realm_access][group]
i gave a look to all these resource but nothing helped me :
What i found suspicios is that istio if there is wildcard entry in paths["*"] it’s not able to exclude the path that is contained in notPaths.
In this example, istio can exclude the path but if only we specify the paths not the wildcard in any path statement - Disable RequestAuthentication JWT rules for specific paths · Issue #27432 · istio/istio · GitHub.