Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Back-port policy with jwt analzyer for release 1.4 #20884

Conversation

@jacob-delgado
Copy link
Contributor

jacob-delgado commented Feb 5, 2020

Cherry-picked and fixed c42f2ab to the release 1.4 branch based on the discussion had at #20672 (comment).

This PR was reviewed at #20672.

Some changes had to be made (see the second commit) as the release 1.4 and release 1.5 analyzers had diverged.

Fixes issue #17535

* Add analyzer for v1alpha1/Policy using JWT

It is possible that JWT authentication when used with the
v1alpha1/Policy API is misconfigured leading users to believe that their
cluster is secure when it is not. Warn the users of a misconfiguration;
the associated K8s service's port name should be prefixed with
http|http2|https.

* lint_istio job was failing due to v1alpha1/Policy use
@jacob-delgado jacob-delgado requested a review from istio/release-managers-1-4 as a code owner Feb 5, 2020
@googlebot googlebot added the cla: yes label Feb 5, 2020
@istio-testing

This comment has been minimized.

Copy link
Collaborator

istio-testing commented Feb 6, 2020

Hi @jacob-delgado. Thanks for your PR.

I'm waiting for a istio member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@jacob-delgado

This comment has been minimized.

Copy link
Contributor Author

jacob-delgado commented Feb 6, 2020

@ayj Implementation of analyzer for release 1.4 using the code already merged in at #20767

@ericvn

This comment has been minimized.

Copy link
Contributor

ericvn commented Feb 6, 2020

/ok-to-test

@jacob-delgado jacob-delgado force-pushed the jacob-delgado:cherry-pick-policy-with-jwt-analzyer-rel-14 branch from 6ed94ce to 32e49d3 Feb 6, 2020
@ayj
ayj approved these changes Feb 6, 2020
@jacob-delgado

This comment has been minimized.

Copy link
Contributor Author

jacob-delgado commented Feb 6, 2020

/retest

@jacob-delgado

This comment has been minimized.

Copy link
Contributor Author

jacob-delgado commented Feb 8, 2020

@howardjohn All of the steps talked about here #20672 (comment) are now in. I even put up docs for istio 1.5 that I'll cherry pick as well into 1.4 when this is merged.

@istio-testing istio-testing merged commit 0c32d73 into istio:release-1.4 Feb 8, 2020
29 checks passed
29 checks passed
cla/google All necessary CLAs are signed
e2e-bookInfoTests-envoyv2-v1alpha3_istio_release-1.4 Job succeeded.
Details
e2e-dashboard_istio_release-1.4 Job succeeded.
Details
e2e-mixer-no_auth_istio_release-1.4 Job succeeded.
Details
e2e-simpleTests-cni_istio_release-1.4 Job succeeded.
Details
e2e-simpleTests-distroless_istio_release-1.4 Job succeeded.
Details
e2e-simpleTestsMinProfile_istio_release-1.4 Job succeeded.
Details
e2e-simpleTests_istio_release-1.4 Job succeeded.
Details
gencheck_istio_release-1.4 Job succeeded.
Details
integ-framework-k8s-tests_istio_release-1.4 Job succeeded.
Details
integ-framework-local-tests_istio_release-1.4 Job succeeded.
Details
integ-galley-k8s-tests_istio_release-1.4 Job succeeded.
Details
integ-galley-local-tests_istio_release-1.4 Job succeeded.
Details
integ-istioctl-k8s-tests_istio_release-1.4 Job succeeded.
Details
integ-istioio-k8s-tests_istio_release-1.4 Job succeeded.
Details
integ-mixer-k8s-tests_istio_release-1.4 Job succeeded.
Details
integ-new-install-k8s-tests_istio_release-1.4 Job succeeded.
Details
integ-pilot-k8s-tests_istio_release-1.4 Job succeeded.
Details
integ-pilot-local-tests_istio_release-1.4 Job succeeded.
Details
integ-security-k8s-tests_istio_release-1.4 Job succeeded.
Details
integ-security-local-tests_istio_release-1.4 Job succeeded.
Details
integ-telemetry-k8s-tests_istio_release-1.4 Job succeeded.
Details
istio_e2e_cloudfoundry_istio_release-1.4 Job succeeded.
Details
lint_istio_release-1.4 Job succeeded.
Details
pilot-e2e-envoyv2-v1alpha3_istio_release-1.4 Job succeeded.
Details
pilot-multicluster-e2e_istio_release-1.4 Job succeeded.
Details
release-test_istio_release-1.4 Job succeeded.
Details
tide In merge pool.
Details
unit-tests_istio_release-1.4 Job succeeded.
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Linked issues

Successfully merging this pull request may close these issues.

None yet

6 participants
You can’t perform that action at this time.