benashz
commented
2 years ago @RemcoBuddelmeijer, Thank you for your feedback. Along with changing the default value, we also opted to deprecate the feature for the vault-1.9 release, it will be removed in a future release. We prefer to provide deprecation warnings before renaming or removing features so as not to break currently deployed systems.
If you have any further questions or concerns in this regard please let us know!
I noticed that this option, especially in label in both the backend and UI, does not say anything about this flag solely being used during local JWT validation. It gives the impression that this ISS claim validation is done across both the validations: locally, and Kubernetes.
For myself this seems to be rather confusing when this option is set to
false, as that the TokenReview request to Kubernetes the issuer is being validated nonetheless. Not only is this confusing during review, but also when debugging where the Kubernetes TokenReview request responds with an invalid JWT Issuer while the local validation might be correct.Would renaming this to
disable_iss_local_validationnot be a better fit, alongside changing this in the UI?