You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The current chain element looks only at the last token in the path chain. This is insufficient for the full spectrum of policy we are likely to want to enforce.
Expand on the authorize chain element by providing as its 'input' object:
The Connection
The TLSInfo (as retrieved by peer.FromContext for Server or grpc.Peer for the client)
Operation - One of Request/Close
Role - One of Client/Endpoint
The text was updated successfully, but these errors were encountered:
How do you think, do we need to add all of the TLSInfo.State content into the OPA input? Or we need to add only a X509SVID certificate from TLSInfo.State. I think that in our cases we only need a pem-encoded X509SVID certificate to verify the signature of the jwt token using the built-in OPA functions. Of course we also need to add the spiffeID from this certificate to OPA input
The current chain element looks only at the last token in the path chain. This is insufficient for the full spectrum of policy we are likely to want to enforce.
Expand on the authorize chain element by providing as its 'input' object:
The text was updated successfully, but these errors were encountered: