diff --git a/src/envoy/http/jwt_auth/README.md b/src/envoy/http/jwt_auth/README.md index 899e15996cc..50fa0cbfe10 100644 --- a/src/envoy/http/jwt_auth/README.md +++ b/src/envoy/http/jwt_auth/README.md @@ -50,12 +50,6 @@ bazel-bin/src/envoy/envoy -c src/envoy/http/jwt_auth/sample/envoy.conf go run test/backend/echo/echo.go ``` -* Start (fake) issuer server. - -``` -go run src/envoy/http/jwt_auth/sample/fake_issuer.go src/envoy/http/jwt_auth/sample/pubkey.jwk -``` - * Then issue HTTP request to proxy. With valid JWT: diff --git a/src/envoy/http/jwt_auth/sample/envoy.conf b/src/envoy/http/jwt_auth/sample/envoy.conf index 2b6bf28381b..5322a2fa81a 100644 --- a/src/envoy/http/jwt_auth/sample/envoy.conf +++ b/src/envoy/http/jwt_auth/sample/envoy.conf @@ -1,97 +1,101 @@ { - "listeners": [ - { - "address": "tcp://0.0.0.0:9090", - "bind_to_port": true, - "filters": [ - { - "type": "read", - "name": "http_connection_manager", - "config": { - "codec_type": "auto", - "stat_prefix": "ingress_http", - "route_config": { - "virtual_hosts": [ - { - "name": "backend", - "domains": ["*"], - "routes": [ - { - "prefix": "/", - "cluster": "service1" - } - ] - } - ] - }, - "access_log": [ - { - "path": "/dev/stdout" - } - ], - "filters": [ - { - "type": "decoder", - "name": "jwt-auth", - "config": { - "rules": [ - { - "issuer": "628645741881-noabiu23f5a8m8ovd8ucv698lj78vv0l@developer.gserviceaccount.com", - "remote_jwks": { - "http_uri":{ - "uri": "http://localhost:8081/", - "cluster": "example_issuer" - } - } - } - ] - } - }, - { - "type": "decoder", - "name": "router", - "config": {} - } - ] - } - } - ] - } - ], "admin": { "access_log_path": "/dev/stdout", - "address": "tcp://0.0.0.0:9001" + "address": { + "socket_address": { + "address": "0.0.0.0", + "port_value": 9001 + } + } }, - "cluster_manager": { + "static_resources": { "clusters": [ { "name": "service1", - "connect_timeout_ms": 5000, - "type": "strict_dns", - "lb_type": "round_robin", + "connect_timeout": "5s", + "type": "STATIC", "hosts": [ { - "url": "tcp://0.0.0.0:8080" + "socket_address": { + "address": "0.0.0.0", + "port_value": 8080 + } } ] - }, + } + ], + "listeners": [ { - "name": "example_issuer", - "connect_timeout_ms": 5000, - "type": "strict_dns", - "circuit_breakers": { - "default": { - "max_pending_requests": 10000, - "max_requests": 10000 - } - }, - "lb_type": "round_robin", - "hosts": [ + "name": "server", + "address": { + "socket_address": { + "address": "0.0.0.0", + "port_value": 9090 + } + }, + "filter_chains": [ { - "url": "tcp://localhost:8081" + "filters": [ + { + "name": "envoy.http_connection_manager", + "config": { + "codec_type": "AUTO", + "stat_prefix": "inbound_http", + "access_log": [ + { + "name": "envoy.file_access_log", + "config": { + "path": "/tmp/envoy-access.log" + } + } + ], + "http_filters": [ + { + "name": "jwt-auth", + "config": { + "rules": [ + { + "issuer": "628645741881-noabiu23f5a8m8ovd8ucv698lj78vv0l@developer.gserviceaccount.com", + "local_jwks": { + "inline_string": "{ \"keys\" : [ {\"e\": \"AQAB\", \"kid\": \"b3319a147514df7ee5e4bcdee51350cc890cc89e\", \"kty\": \"RSA\",\"n\": \"qDi7Tx4DhNvPQsl1ofxxc2ePQFcs-L0mXYo6TGS64CY_2WmOtvYlcLNZjhuddZVV2X88m0MfwaSA16wE-RiKM9hqo5EY8BPXj57CMiYAyiHuQPp1yayjMgoE1P2jvp4eqF-BTillGJt5W5RuXti9uqfMtCQdagB8EC3MNRuU_KdeLgBy3lS3oo4LOYd-74kRBVZbk2wnmmb7IhP9OoLc1-7-9qU1uhpDxmE6JwBau0mDSwMnYDS4G_ML17dC-ZDtLd1i24STUw39KH0pcSdfFbL2NtEZdNeam1DDdk0iUtJSPZliUHJBI_pj8M-2Mn_oA8jBuI8YKwBqYkZCN1I95Q\"}]}" + }, + "forward_payload_header": "test-jwt-payload-output" + } + ] + } + }, + { + "name": "envoy.router" + } + ], + "route_config": { + "name": "backend", + "virtual_hosts": [ + { + "name": "backend", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "prefix": "/" + }, + "route": { + "cluster": "service1", + "timeout": "0s" + } + } + ] + } + ] + } + } + } + ] } ] } ] } -} +} \ No newline at end of file