1

現在、Istio の認証マニフェストを以下に記述しています。

kind: RequestAuthentication
metadata:
 name: "jwt-validation"
 namespace: some-namespace
spec:
 selector:
    matchLabels:
        auth: required
 jwtRules:
 - issuer: "https://you.auth0.com/"
   jwksUri: "https://you.auth0.com/.well-known/jwks.json"
---
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
 name: jwt-auth-policy
 namespace: some-namespace
spec:
  selector:
    matchLabels:
      auth: required
  action: DENY
  rules:
  - from:
    - source:
        notRequestPrincipals: ["*"]

私はブラウザから以下の応答を得ています

RBAC: access denied

しかし、これの代わりに、Json 応答を取得したい

言って

{
    "status": "failure",
    "message": "Not Authorised"
}

ステータスコード付き403 今、私は以下のLuaフィルターを試しました

apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
  name: custom-filter-response-code
  namespace: istio-system
spec:
  workloadSelector:
    labels:
      istio: ingressgateway
  configPatches:
  - applyTo: HTTP_FILTER
    match:
      context: GATEWAY
      listener:
        filterChain:
          filter:
            name: "envoy.filters.network.http_connection_manager"
            subFilter:
              name: "envoy.extAuthz" 
    patch:
      operation: INSERT_AFTER
      value: 
       name: envoy.custom-resp
       typed_config:
          "@type": "type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua"
          inlineCode: |
            function envoy_on_response(response_handle) 
              if response_handle:headers():get(":status") == "401" then
                response_handle:headers():replace(":status", "403")
              else 
                local body = response_handle:body()
                local jsonString = tostring(body:getBytes(0, body:length()))
                jsonString = jsonString:gsub("(status|failur)", "(message|Not Authorised)")
                response_handle:body():set(jsonString)
              end

正しいスニペットを教えてください

4

0 に答える 0