From e27a960a503f4b54edd9e5a3f3b791eede0e9821 Mon Sep 17 00:00:00 2001 From: Laura Fitzgerald Date: Fri, 10 Jan 2025 15:23:26 +0000 Subject: [PATCH] add version and fix broken link Signed-off-by: Laura Fitzgerald --- README.md | 4 ++-- docs/getting-started.md | 4 ++-- docs/user-guides/anonymous-access.md | 8 ++++---- docs/user-guides/api-key-authentication.md | 8 ++++---- ...enticated-rate-limiting-envoy-dynamic-metadata.md | 8 ++++---- docs/user-guides/authzed.md | 8 ++++---- docs/user-guides/caching.md | 8 ++++---- docs/user-guides/deny-with-redirect-to-login.md | 8 ++++---- ...uthentication-architecture-festival-wristbands.md | 12 ++++++------ docs/user-guides/envoy-jwt-authn-and-authorino.md | 8 ++++---- docs/user-guides/external-metadata.md | 8 ++++---- docs/user-guides/hello-world.md | 8 ++++---- docs/user-guides/http-basic-authentication.md | 8 ++++---- docs/user-guides/injecting-data.md | 8 ++++---- .../json-pattern-matching-authorization.md | 8 ++++---- docs/user-guides/keycloak-authorization-services.md | 8 ++++---- docs/user-guides/kubernetes-subjectaccessreview.md | 8 ++++---- docs/user-guides/kubernetes-tokenreview.md | 8 ++++---- docs/user-guides/mtls-authentication.md | 8 ++++---- docs/user-guides/oauth2-token-introspection.md | 8 ++++---- docs/user-guides/oidc-jwt-authentication.md | 8 ++++---- docs/user-guides/oidc-rbac.md | 8 ++++---- docs/user-guides/oidc-user-info.md | 8 ++++---- docs/user-guides/opa-authorization.md | 8 ++++---- docs/user-guides/passing-credentials.md | 8 ++++---- docs/user-guides/resource-level-authorization-uma.md | 8 ++++---- docs/user-guides/sharding.md | 4 ++-- docs/user-guides/token-normalization.md | 8 ++++---- docs/user-guides/validating-webhook.md | 8 ++++---- 29 files changed, 112 insertions(+), 112 deletions(-) diff --git a/README.md b/README.md index b75cdf31..0c66ecd6 100644 --- a/README.md +++ b/README.md @@ -230,7 +230,7 @@ For a detailed description of the features above, refer to the [Features](./docs The only attribute of the authorization request that is strictly required is the host name. (See [Host lookup](./docs/architecture.md#host-lookup) for more information.) The other attributes, such as method, path, headers, etc, might as well be required, depending on each `AuthConfig`. In the case of the gRPC [`CheckRequest`](https://pkg.go.dev/github.com/envoyproxy/go-control-plane/envoy/service/auth/v3?utm_source=gopls#CheckRequest) method, the host is supplied in `Attributes.Request.Http.Host` and alternatively in `Attributes.ContextExtensions["host"]`. For raw HTTP authorization requests, the host must be supplied in `Host` HTTP header. - Check out [Kuadrant](https://docs.kuadrant.io/kuadrant-operator) for easy-to-use Envoy and Authorino deployment & configuration for API management use-cases, using Kubernetes Custom Resources. + Check out [Kuadrant](https://docs.kuadrant.io/latest/kuadrant-operator) for easy-to-use Envoy and Authorino deployment & configuration for API management use-cases, using Kubernetes Custom Resources.
@@ -353,7 +353,7 @@ For a detailed description of the features above, refer to the [Features](./docs
Do I have to be admin of the cluster to install Authorino? - To install the Authorino Custom Resource Definition (CRD) and to define cluster roles required by the Authorino service, admin privilege to the Kubernetes cluster is required. This step happens only once per cluster and is usually equivalent to installing the [Authorino Operator](https://docs.kuadrant.io/authorino-operator). + To install the Authorino Custom Resource Definition (CRD) and to define cluster roles required by the Authorino service, admin privilege to the Kubernetes cluster is required. This step happens only once per cluster and is usually equivalent to installing the [Authorino Operator](https://docs.kuadrant.io/latest/authorino-operator). Thereafter, deploying instances of the Authorino service and applying `AuthConfig` custom resources to a namespace depend on the permissions set by the cluster administrator – either directly by editing the bindings in the cluster's RBAC, or via options of the operator. In most cases, developers will be granted permissions to create and manage `AuthConfig`s, and sometimes to deploy their own instances of Authorino.
diff --git a/docs/getting-started.md b/docs/getting-started.md index 7c1af613..ff812b9d 100644 --- a/docs/getting-started.md +++ b/docs/getting-started.md @@ -52,7 +52,7 @@ The above will install the latest build of the Authorino Operator and latest ver This step will also install [cert-manager](https://github.com/jetstack/cert-manager) in the cluster (required). -Alternatively, you can deploy the Authorino Operator using the Operator Lifecycle Manager bundles. For instructions, check out [Installing via OLM](https://docs.kuadrant.io/authorino-operator/#installing-via-olm). +Alternatively, you can deploy the Authorino Operator using the Operator Lifecycle Manager bundles. For instructions, check out [Installing via OLM](https://docs.kuadrant.io/latest/authorino-operator/#installing-via-olm). ### Step: Request an Authorino instance @@ -251,7 +251,7 @@ static_resources: filename: /etc/ssl/certs/authorino-ca-cert.crt ``` -For a complete Envoy `ConfigMap` containing an upstream API protected with Authorino, with TLS enabled and option for rate limiting with [Limitador](https://docs.kuadrant.io/limitador/), plus a webapp served with under the same domain of the protected API, check out this [example](https://github.com/Kuadrant/authorino-examples/blob/main/envoy/envoy-tls-deploy.yaml). +For a complete Envoy `ConfigMap` containing an upstream API protected with Authorino, with TLS enabled and option for rate limiting with [Limitador](https://docs.kuadrant.io/latest/limitador/), plus a webapp served with under the same domain of the protected API, check out this [example](https://github.com/Kuadrant/authorino-examples/blob/main/envoy/envoy-tls-deploy.yaml). After creating the `ConfigMap` with the Envoy configuration, create an Envoy `Deployment` and `Service`. E.g.: diff --git a/docs/user-guides/anonymous-access.md b/docs/user-guides/anonymous-access.md index 047586ae..a0667e6d 100644 --- a/docs/user-guides/anonymous-access.md +++ b/docs/user-guides/anonymous-access.md @@ -39,8 +39,8 @@ The next steps walk you through installing Authorino, deploying and configuring

If you are a user of Kuadrant and already have your workload cluster configured and sample service application deployed, as well as your Gateway API network resources applied to route traffic to your service, skip straight to step ❺.

-

At step ❺, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

-

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

+

At step ❺, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

+

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

@@ -113,8 +113,8 @@ Create an Authorino `AuthConfig` custom resource declaring the auth rules to be Kuadrant users – - Remember to create an AuthPolicy instead of an AuthConfig. - For more, see Kuadrant auth. + Remember to create an AuthPolicy instead of an AuthConfig. + For more, see Kuadrant auth. diff --git a/docs/user-guides/api-key-authentication.md b/docs/user-guides/api-key-authentication.md index 5943a15c..bf0e0014 100644 --- a/docs/user-guides/api-key-authentication.md +++ b/docs/user-guides/api-key-authentication.md @@ -43,8 +43,8 @@ The next steps walk you through installing Authorino, deploying and configuring

If you are a user of Kuadrant and already have your workload cluster configured and sample service application deployed, as well as your Gateway API network resources applied to route traffic to your service, skip straight to step ❺.

-

At step ❺, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

-

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

+

At step ❺, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

+

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

@@ -117,8 +117,8 @@ Create an Authorino `AuthConfig` custom resource declaring the auth rules to be Kuadrant users – - Remember to create an AuthPolicy instead of an AuthConfig. - For more, see Kuadrant auth. + Remember to create an AuthPolicy instead of an AuthConfig. + For more, see Kuadrant auth. diff --git a/docs/user-guides/authenticated-rate-limiting-envoy-dynamic-metadata.md b/docs/user-guides/authenticated-rate-limiting-envoy-dynamic-metadata.md index baaa687d..3bb3f3bc 100644 --- a/docs/user-guides/authenticated-rate-limiting-envoy-dynamic-metadata.md +++ b/docs/user-guides/authenticated-rate-limiting-envoy-dynamic-metadata.md @@ -45,8 +45,8 @@ The next steps walk you through installing Authorino, deploying and configuring

If you are a user of Kuadrant and already have your workload cluster configured and sample service application deployed, as well as your Gateway API network resources applied to route traffic to your service, skip straight to step ❻.

-

At step ❻, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

-

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

+

At step ❻, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

+

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

@@ -131,8 +131,8 @@ An annotation `auth-data/username` will be read from the Kubernetes API Key secr Kuadrant users – - Remember to create an AuthPolicy instead of an AuthConfig. - For more, see Kuadrant auth. + Remember to create an AuthPolicy instead of an AuthConfig. + For more, see Kuadrant auth. diff --git a/docs/user-guides/authzed.md b/docs/user-guides/authzed.md index 9565c67d..9fe59ec7 100644 --- a/docs/user-guides/authzed.md +++ b/docs/user-guides/authzed.md @@ -38,8 +38,8 @@ The next steps walk you through installing Authorino, deploying and configuring

If you are a user of Kuadrant and already have your workload cluster configured and sample service application deployed, as well as your Gateway API network resources applied to route traffic to your service, skip straight to step ❻.

-

At step ❻, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

-

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

+

At step ❻, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

+

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

@@ -237,8 +237,8 @@ Create an Authorino `AuthConfig` custom resource declaring the auth rules to be Kuadrant users – - Remember to create an AuthPolicy instead of an AuthConfig. - For more, see Kuadrant auth. + Remember to create an AuthPolicy instead of an AuthConfig. + For more, see Kuadrant auth. diff --git a/docs/user-guides/caching.md b/docs/user-guides/caching.md index 887eb5b5..a7f74900 100644 --- a/docs/user-guides/caching.md +++ b/docs/user-guides/caching.md @@ -57,8 +57,8 @@ The next steps walk you through installing Authorino, deploying and configuring

If you are a user of Kuadrant and already have your workload cluster configured and sample service application deployed, as well as your Gateway API network resources applied to route traffic to your service, skip straight to step ❺.

-

At step ❺, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

-

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

+

At step ❺, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

+

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

@@ -139,8 +139,8 @@ The cached values will be visible in the response returned by the Talker API in Kuadrant users – - Remember to create an AuthPolicy instead of an AuthConfig. - For more, see Kuadrant auth. + Remember to create an AuthPolicy instead of an AuthConfig. + For more, see Kuadrant auth. diff --git a/docs/user-guides/deny-with-redirect-to-login.md b/docs/user-guides/deny-with-redirect-to-login.md index b47729ee..c1382467 100644 --- a/docs/user-guides/deny-with-redirect-to-login.md +++ b/docs/user-guides/deny-with-redirect-to-login.md @@ -45,8 +45,8 @@ The next steps walk you through installing Authorino, deploying and configuring

If you are a user of Kuadrant and already have your workload cluster configured and sample service application deployed, as well as your Gateway API network resources applied to route traffic to your service, skip straight to step ❺.

-

At step ❺, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

-

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

+

At step ❺, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

+

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

@@ -119,8 +119,8 @@ Create an Authorino `AuthConfig` custom resource declaring the auth rules to be Kuadrant users – - Remember to create an AuthPolicy instead of an AuthConfig. - For more, see Kuadrant auth. + Remember to create an AuthPolicy instead of an AuthConfig. + For more, see Kuadrant auth. diff --git a/docs/user-guides/edge-authentication-architecture-festival-wristbands.md b/docs/user-guides/edge-authentication-architecture-festival-wristbands.md index 588d7af3..9fb5037d 100644 --- a/docs/user-guides/edge-authentication-architecture-festival-wristbands.md +++ b/docs/user-guides/edge-authentication-architecture-festival-wristbands.md @@ -66,8 +66,8 @@ The first environment is a facade for handling the first layer of authentication

If you are a user of Kuadrant and already have your workload cluster configured and sample service application deployed, as well as your Gateway API network resources applied to route traffic to your service, skip straight to step ❹.

-

At steps ❹ and ❺, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

-

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

+

At steps ❹ and ❺, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

+

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

@@ -164,8 +164,8 @@ Create the config: Kuadrant users – - Remember to create an AuthPolicy instead of an AuthConfig. - For more, see Kuadrant auth. + Remember to create an AuthPolicy instead of an AuthConfig. + For more, see Kuadrant auth. @@ -246,8 +246,8 @@ kubectl -n internal port-forward deployment/envoy 8000:8000 2>&1 >/dev/null & Kuadrant users – - Remember to create an AuthPolicy instead of an AuthConfig. - For more, see Kuadrant auth. + Remember to create an AuthPolicy instead of an AuthConfig. + For more, see Kuadrant auth. diff --git a/docs/user-guides/envoy-jwt-authn-and-authorino.md b/docs/user-guides/envoy-jwt-authn-and-authorino.md index 2af8f35e..741d8277 100644 --- a/docs/user-guides/envoy-jwt-authn-and-authorino.md +++ b/docs/user-guides/envoy-jwt-authn-and-authorino.md @@ -57,8 +57,8 @@ The next steps walk you through installing Authorino, deploying and configuring

If you are a user of Kuadrant and already have your workload cluster configured and sample service application deployed, as well as your Gateway API network resources applied to route traffic to your service, skip straight to step ❻.

-

At step ❻, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

-

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

+

At step ❻, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

+

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

@@ -332,8 +332,8 @@ Create an Authorino `AuthConfig` custom resource declaring the auth rules to be Kuadrant users – - Remember to create an AuthPolicy instead of an AuthConfig. - For more, see Kuadrant auth. + Remember to create an AuthPolicy instead of an AuthConfig. + For more, see Kuadrant auth. diff --git a/docs/user-guides/external-metadata.md b/docs/user-guides/external-metadata.md index 3504da67..89a4af76 100644 --- a/docs/user-guides/external-metadata.md +++ b/docs/user-guides/external-metadata.md @@ -47,8 +47,8 @@ The next steps walk you through installing Authorino, deploying and configuring

If you are a user of Kuadrant and already have your workload cluster configured and sample service application deployed, as well as your Gateway API network resources applied to route traffic to your service, skip straight to step ❺.

-

At step ❺, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

-

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

+

At step ❺, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

+

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

@@ -125,8 +125,8 @@ The implementation relies on the [`X-Forwarded-For`](https://datatracker.ietf.or Kuadrant users – - Remember to create an AuthPolicy instead of an AuthConfig. - For more, see Kuadrant auth. + Remember to create an AuthPolicy instead of an AuthConfig. + For more, see Kuadrant auth. diff --git a/docs/user-guides/hello-world.md b/docs/user-guides/hello-world.md index 5eeb46ea..0be0bd90 100644 --- a/docs/user-guides/hello-world.md +++ b/docs/user-guides/hello-world.md @@ -22,8 +22,8 @@ The next steps walk you through installing Authorino, deploying and configuring

If you are a user of Kuadrant, you can skip step ❸. You may already have Authorino installed and running as well. In this case, skip also step ❺. If you even have your workload cluster configured, with sample service application deployed, as well as your Gateway API network resources applied to route traffic to your service, go straight to step ❼.

-

At step ❼, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

-

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

+

At step ❼, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

+

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

@@ -113,8 +113,8 @@ Create an Authorino `AuthConfig` custom resource declaring the auth rules to be Kuadrant users – - Remember to create an AuthPolicy instead of an AuthConfig. - For more, see Kuadrant auth. + Remember to create an AuthPolicy instead of an AuthConfig. + For more, see Kuadrant auth. diff --git a/docs/user-guides/http-basic-authentication.md b/docs/user-guides/http-basic-authentication.md index a9cb8a79..1d312cf4 100644 --- a/docs/user-guides/http-basic-authentication.md +++ b/docs/user-guides/http-basic-authentication.md @@ -46,8 +46,8 @@ The next steps walk you through installing Authorino, deploying and configuring

If you are a user of Kuadrant and already have your workload cluster configured and sample service application deployed, as well as your Gateway API network resources applied to route traffic to your service, skip straight to step ❺.

-

At step ❺, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

-

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

+

At step ❺, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

+

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

@@ -122,8 +122,8 @@ The config uses API Key secrets to store base64-encoded `username:password` HTTP Kuadrant users – - Remember to create an AuthPolicy instead of an AuthConfig. - For more, see Kuadrant auth. + Remember to create an AuthPolicy instead of an AuthConfig. + For more, see Kuadrant auth. diff --git a/docs/user-guides/injecting-data.md b/docs/user-guides/injecting-data.md index 92205c30..58b61e6d 100644 --- a/docs/user-guides/injecting-data.md +++ b/docs/user-guides/injecting-data.md @@ -44,8 +44,8 @@ The next steps walk you through installing Authorino, deploying and configuring

If you are a user of Kuadrant and already have your workload cluster configured and sample service application deployed, as well as your Gateway API network resources applied to route traffic to your service, skip straight to step ❺.

-

At step ❺, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

-

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

+

At step ❺, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

+

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

@@ -123,8 +123,8 @@ The following defines a JSON object to be injected as an added HTTP header into Kuadrant users – - Remember to create an AuthPolicy instead of an AuthConfig. - For more, see Kuadrant auth. + Remember to create an AuthPolicy instead of an AuthConfig. + For more, see Kuadrant auth. diff --git a/docs/user-guides/json-pattern-matching-authorization.md b/docs/user-guides/json-pattern-matching-authorization.md index e99ac1eb..6fcaffc4 100644 --- a/docs/user-guides/json-pattern-matching-authorization.md +++ b/docs/user-guides/json-pattern-matching-authorization.md @@ -53,8 +53,8 @@ The next steps walk you through installing Authorino, deploying and configuring

If you are a user of Kuadrant and already have your workload cluster configured and sample service application deployed, as well as your Gateway API network resources applied to route traffic to your service, skip straight to step ❺.

-

At step ❺, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

-

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

+

At step ❺, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

+

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

@@ -133,8 +133,8 @@ The implementation relies on the [`X-Forwarded-For`](https://datatracker.ietf.or Kuadrant users – - Remember to create an AuthPolicy instead of an AuthConfig. - For more, see Kuadrant auth. + Remember to create an AuthPolicy instead of an AuthConfig. + For more, see Kuadrant auth. diff --git a/docs/user-guides/keycloak-authorization-services.md b/docs/user-guides/keycloak-authorization-services.md index 7c27d1eb..78457cad 100644 --- a/docs/user-guides/keycloak-authorization-services.md +++ b/docs/user-guides/keycloak-authorization-services.md @@ -57,8 +57,8 @@ The next steps walk you through installing Authorino, deploying and configuring

If you are a user of Kuadrant and already have your workload cluster configured and sample service application deployed, as well as your Gateway API network resources applied to route traffic to your service, skip straight to step ❺.

-

At step ❺, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

-

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

+

At step ❺, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

+

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

@@ -141,8 +141,8 @@ Whenever an RPT with proper permissions is obtained by Authorino, the RPT is sup Kuadrant users – - Remember to create an AuthPolicy instead of an AuthConfig. - For more, see Kuadrant auth. + Remember to create an AuthPolicy instead of an AuthConfig. + For more, see Kuadrant auth. diff --git a/docs/user-guides/kubernetes-subjectaccessreview.md b/docs/user-guides/kubernetes-subjectaccessreview.md index abcd4ca1..e3a2df78 100644 --- a/docs/user-guides/kubernetes-subjectaccessreview.md +++ b/docs/user-guides/kubernetes-subjectaccessreview.md @@ -45,8 +45,8 @@ The next steps walk you through installing Authorino, deploying and configuring

If you are a user of Kuadrant and already have your workload cluster configured and sample service application deployed, as well as your Gateway API network resources applied to route traffic to your service, skip straight to step ❺.

-

At step ❺, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

-

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

+

At step ❺, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

+

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

@@ -121,8 +121,8 @@ The `AuthConfig` below sets all Kubernetes service accounts as trusted users of Kuadrant users – - Remember to create an AuthPolicy instead of an AuthConfig. - For more, see Kuadrant auth. + Remember to create an AuthPolicy instead of an AuthConfig. + For more, see Kuadrant auth. diff --git a/docs/user-guides/kubernetes-tokenreview.md b/docs/user-guides/kubernetes-tokenreview.md index b2ca36d8..97c86551 100644 --- a/docs/user-guides/kubernetes-tokenreview.md +++ b/docs/user-guides/kubernetes-tokenreview.md @@ -46,8 +46,8 @@ The next steps walk you through installing Authorino, deploying and configuring

If you are a user of Kuadrant and already have your workload cluster configured and sample service application deployed, as well as your Gateway API network resources applied to route traffic to your service, skip straight to step ❺.

-

At step ❺, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

-

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

+

At step ❺, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

+

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

@@ -120,8 +120,8 @@ Create an Authorino `AuthConfig` custom resource declaring the auth rules to be Kuadrant users – - Remember to create an AuthPolicy instead of an AuthConfig. - For more, see Kuadrant auth. + Remember to create an AuthPolicy instead of an AuthConfig. + For more, see Kuadrant auth. diff --git a/docs/user-guides/mtls-authentication.md b/docs/user-guides/mtls-authentication.md index 764b44e1..4fc5f0c9 100644 --- a/docs/user-guides/mtls-authentication.md +++ b/docs/user-guides/mtls-authentication.md @@ -44,8 +44,8 @@ The next steps walk you through installing Authorino, deploying and configuring

If you are a user of Kuadrant and already have your workload cluster configured and sample service application deployed, as well as your Gateway API network resources applied to route traffic to your service, skip straight to step ❻.

-

At step ❻, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

-

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

+

At step ❻, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

+

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

@@ -341,8 +341,8 @@ Create an Authorino `AuthConfig` custom resource declaring the auth rules to be Kuadrant users – - Remember to create an AuthPolicy instead of an AuthConfig. - For more, see Kuadrant auth. + Remember to create an AuthPolicy instead of an AuthConfig. + For more, see Kuadrant auth. diff --git a/docs/user-guides/oauth2-token-introspection.md b/docs/user-guides/oauth2-token-introspection.md index 6fdcf7c1..ea575b31 100644 --- a/docs/user-guides/oauth2-token-introspection.md +++ b/docs/user-guides/oauth2-token-introspection.md @@ -62,8 +62,8 @@ The next steps walk you through installing Authorino, deploying and configuring

If you are a user of Kuadrant and already have your workload cluster configured and sample service application deployed, as well as your Gateway API network resources applied to route traffic to your service, skip straight to step ❺.

-

At step ❺, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

-

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

+

At step ❺, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

+

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

@@ -160,8 +160,8 @@ Create the Authorino `AuthConfig` custom resource declaring the auth rules to be Kuadrant users – - Remember to create an AuthPolicy instead of an AuthConfig. - For more, see Kuadrant auth. + Remember to create an AuthPolicy instead of an AuthConfig. + For more, see Kuadrant auth. diff --git a/docs/user-guides/oidc-jwt-authentication.md b/docs/user-guides/oidc-jwt-authentication.md index 1b19cbd7..7fd48e2e 100644 --- a/docs/user-guides/oidc-jwt-authentication.md +++ b/docs/user-guides/oidc-jwt-authentication.md @@ -52,8 +52,8 @@ The next steps walk you through installing Authorino, deploying and configuring

If you are a user of Kuadrant and already have your workload cluster configured and sample service application deployed, as well as your Gateway API network resources applied to route traffic to your service, skip straight to step ❺.

-

At step ❺, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

-

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

+

At step ❺, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

+

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

@@ -126,8 +126,8 @@ Create an Authorino `AuthConfig` custom resource declaring the auth rules to be Kuadrant users – - Remember to create an AuthPolicy instead of an AuthConfig. - For more, see Kuadrant auth. + Remember to create an AuthPolicy instead of an AuthConfig. + For more, see Kuadrant auth. diff --git a/docs/user-guides/oidc-rbac.md b/docs/user-guides/oidc-rbac.md index 74f7c2eb..f3d3a377 100644 --- a/docs/user-guides/oidc-rbac.md +++ b/docs/user-guides/oidc-rbac.md @@ -53,8 +53,8 @@ The next steps walk you through installing Authorino, deploying and configuring

If you are a user of Kuadrant and already have your workload cluster configured and sample service application deployed, as well as your Gateway API network resources applied to route traffic to your service, skip straight to step ❺.

-

At step ❺, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

-

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

+

At step ❺, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

+

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

@@ -135,8 +135,8 @@ In this example, the Keycloak realm defines a few users and 2 realm roles: 'memb Kuadrant users – - Remember to create an AuthPolicy instead of an AuthConfig. - For more, see Kuadrant auth. + Remember to create an AuthPolicy instead of an AuthConfig. + For more, see Kuadrant auth. diff --git a/docs/user-guides/oidc-user-info.md b/docs/user-guides/oidc-user-info.md index ef87b8e5..475fcf52 100644 --- a/docs/user-guides/oidc-user-info.md +++ b/docs/user-guides/oidc-user-info.md @@ -54,8 +54,8 @@ The next steps walk you through installing Authorino, deploying and configuring

If you are a user of Kuadrant and already have your workload cluster configured and sample service application deployed, as well as your Gateway API network resources applied to route traffic to your service, skip straight to step ❺.

-

At step ❺, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

-

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

+

At step ❺, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

+

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

@@ -128,8 +128,8 @@ Create an Authorino `AuthConfig` custom resource declaring the auth rules to be Kuadrant users – - Remember to create an AuthPolicy instead of an AuthConfig. - For more, see Kuadrant auth. + Remember to create an AuthPolicy instead of an AuthConfig. + For more, see Kuadrant auth. diff --git a/docs/user-guides/opa-authorization.md b/docs/user-guides/opa-authorization.md index dd522f20..e5d24a8a 100644 --- a/docs/user-guides/opa-authorization.md +++ b/docs/user-guides/opa-authorization.md @@ -46,8 +46,8 @@ The next steps walk you through installing Authorino, deploying and configuring

If you are a user of Kuadrant and already have your workload cluster configured and sample service application deployed, as well as your Gateway API network resources applied to route traffic to your service, skip straight to step ❺.

-

At step ❺, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

-

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

+

At step ❺, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

+

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

@@ -126,8 +126,8 @@ The implementation relies on the [`X-Forwarded-For`](https://datatracker.ietf.or Kuadrant users – - Remember to create an AuthPolicy instead of an AuthConfig. - For more, see Kuadrant auth. + Remember to create an AuthPolicy instead of an AuthConfig. + For more, see Kuadrant auth. diff --git a/docs/user-guides/passing-credentials.md b/docs/user-guides/passing-credentials.md index 19d06e83..cd78b85f 100644 --- a/docs/user-guides/passing-credentials.md +++ b/docs/user-guides/passing-credentials.md @@ -44,8 +44,8 @@ The next steps walk you through installing Authorino, deploying and configuring

If you are a user of Kuadrant and already have your workload cluster configured and sample service application deployed, as well as your Gateway API network resources applied to route traffic to your service, skip straight to step ❺.

-

At step ❺, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

-

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

+

At step ❺, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

+

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

@@ -126,8 +126,8 @@ In this example, `member` users can authenticate supplying the API key in any of Kuadrant users – - Remember to create an AuthPolicy instead of an AuthConfig. - For more, see Kuadrant auth. + Remember to create an AuthPolicy instead of an AuthConfig. + For more, see Kuadrant auth. diff --git a/docs/user-guides/resource-level-authorization-uma.md b/docs/user-guides/resource-level-authorization-uma.md index c2dd6fa6..ea50f626 100644 --- a/docs/user-guides/resource-level-authorization-uma.md +++ b/docs/user-guides/resource-level-authorization-uma.md @@ -52,8 +52,8 @@ The next steps walk you through installing Authorino, deploying and configuring

If you are a user of Kuadrant and already have your workload cluster configured and sample service application deployed, as well as your Gateway API network resources applied to route traffic to your service, skip straight to step ❺.

-

At step ❺, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

-

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

+

At step ❺, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

+

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

@@ -130,8 +130,8 @@ The Keycloak server also provides the identities. The `sub` claim of the Keycloa Kuadrant users – - Remember to create an AuthPolicy instead of an AuthConfig. - For more, see Kuadrant auth. + Remember to create an AuthPolicy instead of an AuthConfig. + For more, see Kuadrant auth. diff --git a/docs/user-guides/sharding.md b/docs/user-guides/sharding.md index 79cbe274..7b30e1ae 100644 --- a/docs/user-guides/sharding.md +++ b/docs/user-guides/sharding.md @@ -22,8 +22,8 @@ By default, Authorino will watch events related to all `AuthConfig` custom resou Authorino capabilities featured in this guide: Check out as well the user guide about [Authentication with API keys](api-key-authentication.md). diff --git a/docs/user-guides/token-normalization.md b/docs/user-guides/token-normalization.md index f816464a..b79ea9ef 100644 --- a/docs/user-guides/token-normalization.md +++ b/docs/user-guides/token-normalization.md @@ -59,8 +59,8 @@ The next steps walk you through installing Authorino, deploying and configuring

If you are a user of Kuadrant and already have your workload cluster configured and sample service application deployed, as well as your Gateway API network resources applied to route traffic to your service, skip straight to step ❺.

-

At step ❺, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

-

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

+

At step ❺, instead of creating an AuthConfig custom resource, create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

+

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

@@ -139,8 +139,8 @@ Without normalizing identity claims from these two different sources, the policy Kuadrant users – - Remember to create an AuthPolicy instead of an AuthConfig. - For more, see Kuadrant auth. + Remember to create an AuthPolicy instead of an AuthConfig. + For more, see Kuadrant auth. diff --git a/docs/user-guides/validating-webhook.md b/docs/user-guides/validating-webhook.md index 99067ea5..4fb7198b 100644 --- a/docs/user-guides/validating-webhook.md +++ b/docs/user-guides/validating-webhook.md @@ -61,8 +61,8 @@ The next steps walk you through installing Authorino, deploying and configuring

If you are a user of Kuadrant you may already have Authorino installed and running. In this case, skip straight to step ❸.

-

At step ❺, alternatively to creating an AuthConfig custom resource, you may create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

-

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

+

At step ❺, alternatively to creating an AuthConfig custom resource, you may create a Kuadrant AuthPolicy one. The schema of the AuthConfig's spec matches the one of the AuthPolicy's, except spec.host, which is not available in the Kuadrant AuthPolicy. Host names in a Kuadrant AuthPolicy are inferred automatically from the Kubernetes network object referred in spec.targetRef and route selectors declared in the policy.

+

For more about using Kuadrant to enforce authorization, check out Kuadrant auth.

@@ -264,8 +264,8 @@ kubectl create namespace myapp Kuadrant users – - For this and other example AuthConfigs below, if you create a Kuadrant AuthPolicy instead, the output of the commands shall differ. The requested AuthPolicy may be initially accepted, but its state will turn ready or not ready depending on whether the corresponding AuthConfig requested by Kuadrant is accepted or rejected, according to the validating webhook rules. Check the state of the resources to confirm. - For more, see Kuadrant auth. + For this and other example AuthConfigs below, if you create a Kuadrant AuthPolicy instead, the output of the commands shall differ. The requested AuthPolicy may be initially accepted, but its state will turn ready or not ready depending on whether the corresponding AuthConfig requested by Kuadrant is accepted or rejected, according to the validating webhook rules. Check the state of the resources to confirm. + For more, see Kuadrant auth.