Deprecate token issuer validation (#127) (#129)

- default disable_iss_validation to true - deprecate disable_iss_validation, and issuer fields.
hashicorp · Oct 28, 2021 · 6d0896d · 6d0896d
1 parent aded896
commit 6d0896d
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 12 deletions.
diff --git a/path_config.go b/path_config.go
@@ -57,16 +57,20 @@ extracted. Not every installation of Kubernetes exposes these keys.`,
 				},
 			},
 			"issuer": {
-				Type:        framework.TypeString,
-				Description: "Optional JWT issuer. If no issuer is specified, then this plugin will use kubernetes.io/serviceaccount as the default issuer.",
+				Type:       framework.TypeString,
+				Deprecated: true,
+				Description: `Optional JWT issuer. If no issuer is specified,
+then this plugin will use kubernetes.io/serviceaccount as the default issuer.
+(Deprecated, will be removed in a future release)`,
 				DisplayAttrs: &framework.DisplayAttributes{
 					Name: "JWT Issuer",
 				},
 			},
 			"disable_iss_validation": {
 				Type:        framework.TypeBool,
-				Description: "Disable JWT issuer validation. Allows to skip ISS validation.",
-				Default:     false,
+				Deprecated:  true,
+				Description: `Disable JWT issuer validation (Deprecated, will be removed in a future release)`,
+				Default:     true,
 				DisplayAttrs: &framework.DisplayAttributes{
 					Name: "Disable JWT Issuer Validation",
 				},

diff --git a/path_config_test.go b/path_config_test.go
@@ -143,7 +143,7 @@ func TestConfig(t *testing.T) {
 		PEMKeys:              []string{},
 		Host:                 "host",
 		CACert:               testCACert,
-		DisableISSValidation: false,
+		DisableISSValidation: true,
 	}
 
 	conf, err := b.(*kubeAuthBackend).config(context.Background(), storage)
@@ -185,7 +185,7 @@ func TestConfig(t *testing.T) {
 		Host:                 "host",
 		CACert:               testCACert,
 		TokenReviewerJWT:     jwtData,
-		DisableISSValidation: false,
+		DisableISSValidation: true,
 		DisableLocalCAJwt:    false,
 	}
 
@@ -227,7 +227,7 @@ func TestConfig(t *testing.T) {
 		PEMKeys:              []string{testRSACert},
 		Host:                 "host",
 		CACert:               testCACert,
-		DisableISSValidation: false,
+		DisableISSValidation: true,
 		DisableLocalCAJwt:    false,
 	}
 
@@ -274,7 +274,7 @@ func TestConfig(t *testing.T) {
 		PEMKeys:              []string{testRSACert, testECCert},
 		Host:                 "host",
 		CACert:               testCACert,
-		DisableISSValidation: false,
+		DisableISSValidation: true,
 		DisableLocalCAJwt:    false,
 	}
 
@@ -355,7 +355,7 @@ func TestConfig_LocalCaJWT(t *testing.T) {
 				Host:                 "host",
 				CACert:               testLocalCACert,
 				TokenReviewerJWT:     testLocalJWT,
-				DisableISSValidation: false,
+				DisableISSValidation: true,
 				DisableLocalCAJwt:    false,
 			},
 		},
@@ -370,7 +370,7 @@ func TestConfig_LocalCaJWT(t *testing.T) {
 				Host:                 "host",
 				CACert:               testCACert,
 				TokenReviewerJWT:     testLocalJWT,
-				DisableISSValidation: false,
+				DisableISSValidation: true,
 				DisableLocalCAJwt:    false,
 			},
 		},
@@ -385,7 +385,7 @@ func TestConfig_LocalCaJWT(t *testing.T) {
 				Host:                 "host",
 				CACert:               testLocalCACert,
 				TokenReviewerJWT:     jwtData,
-				DisableISSValidation: false,
+				DisableISSValidation: true,
 				DisableLocalCAJwt:    false,
 			},
 		},
@@ -401,7 +401,7 @@ func TestConfig_LocalCaJWT(t *testing.T) {
 				Host:                 "host",
 				CACert:               testCACert,
 				TokenReviewerJWT:     "",
-				DisableISSValidation: false,
+				DisableISSValidation: true,
 				DisableLocalCAJwt:    true,
 			},
 		},