deploy-templates/templates/authpolicy-ussa.yaml (40 lines of code) (raw):
{{- if or (not .Values.global.excludePortals) (not (has "citizen" .Values.global.excludePortals)) (not (has "officer" .Values.global.excludePortals)) }}
kind: RequestAuthentication
apiVersion: security.istio.io/v1beta1
metadata:
name: request-auth-{{ .Values.name }}
namespace: {{ .Release.Namespace }}
spec:
selector:
matchLabels:
app: {{ .Values.name }}
jwtRules:
{{- if not (has "citizen" .Values.global.excludePortals) }}
- forwardOriginalToken: true
fromHeaders:
- name: X-Access-Token
issuer: {{ template "issuer.citizen" . }}
jwksUri: {{ template "jwksUri.citizen" . }}
{{- if .Values.keycloak.customHost }}
- forwardOriginalToken: true
fromHeaders:
- name: X-Access-Token
issuer: {{ template "custom-issuer.citizen" . }}
jwksUri: {{ template "jwksUri.citizen" . }}
{{- end }}
{{- end }}
{{- if not (has "officer" .Values.global.excludePortals) }}
- forwardOriginalToken: true
fromHeaders:
- name: X-Access-Token
issuer: {{ template "issuer.officer" . }}
jwksUri: {{ template "jwksUri.officer" . }}
{{- if .Values.keycloak.customHost }}
- forwardOriginalToken: true
fromHeaders:
- name: X-Access-Token
issuer: {{ template "custom-issuer.officer" . }}
jwksUri: {{ template "jwksUri.officer" . }}
{{- end }}
{{- end }}
{{- end }}