gateway icon indicating copy to clipboard operation
gateway copied to clipboard
verified publisher icon envoyproxy

FEAT: jwt support custom CA

Open phantooom opened this issue 1 year ago • 5 comments

What type of PR is this?

  • "FEAT: jwt support custom CA"

Fixes https://github.com/envoyproxy/gateway/issues/3536

phantooom avatar Jun 24 '24 15:06 phantooom

Codecov Report

Attention: Patch coverage is 29.34783% with 65 lines in your changes missing coverage. Please review.

Project coverage is 68.10%. Comparing base (9830c4d) to head (c5cbeb9). Report is 267 commits behind head on main.

Files with missing lines Patch % Lines
internal/gatewayapi/securitypolicy.go 39.53% 21 Missing and 5 partials :warning:
internal/provider/kubernetes/controller.go 0.00% 22 Missing :warning:
internal/xds/translator/jwt.go 40.00% 9 Missing and 3 partials :warning:
internal/provider/kubernetes/indexers.go 0.00% 2 Missing and 1 partial :warning:
internal/xds/translator/utils.go 50.00% 0 Missing and 1 partial :warning:
internal/xds/translator/wasm.go 0.00% 0 Missing and 1 partial :warning:
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #3664      +/-   ##
==========================================
- Coverage   68.29%   68.10%   -0.20%     
==========================================
  Files         170      170              
  Lines       20760    20835      +75     
==========================================
+ Hits        14179    14190      +11     
- Misses       5563     5618      +55     
- Partials     1018     1027       +9

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

codecov[bot] avatar Jun 24 '24 16:06 codecov[bot]

Should we maybe turn RemoteJWKS to a proper backend reference and then use BackendTLSPolicy here?

guydc avatar Jun 24 '24 18:06 guydc

@guydc we've followed the approach of directly defining the certificateRef for the ratelimit redis backend https://gateway.envoyproxy.io/v1.0.2/api/extension_types/#redistlssettings because its unlikely a k8s service and authoring 2 extra resources may be cumbersome for the user

arkodg avatar Jun 24 '24 20:06 arkodg

This pull request has been automatically marked as stale because it has not had activity in the last 30 days. Please feel free to give a status update now, ping for review, when it's ready. Thank you for your contributions!

github-actions[bot] avatar Jul 25 '24 00:07 github-actions[bot]

This pull request has been automatically marked as stale because it has not had activity in the last 30 days. Please feel free to give a status update now, ping for review, when it's ready. Thank you for your contributions!

github-actions[bot] avatar Aug 24 '24 04:08 github-actions[bot]