使用Istio JWT OriginAuthenticationMethod策略时,如何根据JWT中的声明做出授权决定?
答案 0 :(得分:2)
您是否已浏览过Istio->概念->安全性?
ServiceRoleBinding下有一个可能是您想要的示例。
apiVersion: "rbac.istio.io/v1alpha1"
kind: ServiceRoleBinding
metadata:
name: test-binding-products
namespace: default
spec:
subjects:
properties:
request.auth.claims[email]: "a@foo.com"
roleRef:
kind: ServiceRole
name: "products-viewer"