问题描述
我目前在 Istio 的身份验证清单下面写了。
kind: RequestAuthentication
Metadata:
name: "jwt-validation"
namespace: some-namespace
spec:
selector:
matchLabels:
auth: required
jwtRules:
- issuer: "https://you.auth0.com/"
jwksUri: "https://you.auth0.com/.well-kNown/jwks.json"
---
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
Metadata:
name: jwt-auth-policy
namespace: some-namespace
spec:
selector:
matchLabels:
auth: required
action: DENY
rules:
- from:
- source:
notRequestPrincipals: ["*"]
我从浏览器收到以下响应
RBAC: access denied
但不是这个,我想得到一个 Json 响应
说
{
"status": "failure","message": "Not Authorised"
}
状态码为 403
现在我已经尝试了下面的 Lua 过滤器
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
Metadata:
name: custom-filter-response-code
namespace: istio-system
spec:
workloadSelector:
labels:
istio: ingressgateway
configPatches:
- applyTo: HTTP_FILTER
match:
context: GATEWAY
listener:
filterChain:
filter:
name: "envoy.filters.network.http_connection_manager"
subFilter:
name: "envoy.extAuthz"
patch:
operation: INSERT_AFTER
value:
name: envoy.custom-resp
typed_config:
"@type": "type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua"
inlineCode: |
function envoy_on_response(response_handle)
if response_handle:headers():get(":status") == "401" then
response_handle:headers():replace(":status","403")
else
local body = response_handle:body()
local jsonString = tostring(body:getBytes(0,body:length()))
jsonString = jsonString:gsub("(status|failur)","(message|Not Authorised)")
response_handle:body():set(jsonString)
end
请指导我正确的代码片段
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)