Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions kubernetes/customresourcedefinitions.gen.yaml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

11 changes: 11 additions & 0 deletions releasenotes/notes/jwt-required-field.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
apiVersion: release-notes/v2
kind: feature
area: security
issue:
- https://github.com/istio/istio/issues/60823

releaseNotes:
- |
**Added** `required` field in `RequestAuthentication` under `spec.jwtRules`.
When set to `true`, the JWT token for that rule must be present and valid.
This allows multiple JWT rules to require all configured tokens simultaneously. Defaults to `false`.
22 changes: 18 additions & 4 deletions security/v1beta1/request_authentication.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

13 changes: 13 additions & 0 deletions security/v1beta1/request_authentication.pb.html

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

9 changes: 8 additions & 1 deletion security/v1beta1/request_authentication.proto
Original file line number Diff line number Diff line change
Expand Up @@ -487,8 +487,15 @@ message JWTRule {
// +kubebuilder:validation:MaxItems=64
repeated string space_delimited_claims = 14;

// If set to true, the JWT token must be present in the request. Requests
// without this token will be rejected with 401 even if other JWT rules are
// satisfied. When false (the default), a missing token is allowed as long as
// no invalid token is present. This is useful when multiple JWT rules are
// configured and all tokens must be present and valid simultaneously.
bool required = 15;

// $hide_from_docs
// Next available field number: 15
// Next available field number: 16
}

// This message specifies a header location to extract JWT token.
Expand Down