check in istio#5238 to 0.8 branch (istio#5261)

Automatic merge from submit-queue. check in istio#5238 to 0.8 branch check in istio#5238 to 0.8 branch, which is required for jwt authn policy to work in v2.
wuweichi · Apr 28, 2018 · 66d5226 · 66d5226
1 parent 02595b6
commit 66d5226
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 6 deletions.
diff --git a/pilot/pkg/model/jwks_resolver.go b/pilot/pkg/model/jwks_resolver.go
@@ -15,6 +15,7 @@
 package model
 
 import (
+	"crypto/tls"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -103,6 +104,12 @@ func newJwksResolver(expireDuration, evictionDuration, refreshInterval time.Dura
 		refreshInterval:  refreshInterval,
 		client: &http.Client{
 			Timeout: jwksHTTPTimeOutInSec * time.Second,
+
+			// TODO: pilot needs to include a collection of root CAs to make external
+			// https web request(https://github.com/istio/istio/issues/1419).
+			Transport: &http.Transport{
+				TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+			},
 		},
 	}
 

diff --git a/tests/e2e/tests/pilot/authn_policy_test.go b/tests/e2e/tests/pilot/authn_policy_test.go
@@ -70,12 +70,6 @@ func TestAuthNPolicy(t *testing.T) {
 }
 
 func TestAuthNJwt(t *testing.T) {
-	// V1alpha3 == true implies envoyv2, jwt authn doesn't work for v2 so skip it now.
-	// TODO(quanlin): enable test for v2 API after https://github.com/istio/istio/pull/5061 is in.
-	if tc.V1alpha3 {
-		t.Skipf("Skipping %s: V1alpha3=true", t.Name())
-	}
-
 	// JWT token used is borrowed from https://github.com/istio/proxy/blob/master/src/envoy/http/jwt_auth/sample/correct_jwt.
 	// The Token expires in year 2132, issuer is 628645741881-noabiu23f5a8m8ovd8ucv698lj78vv0l@developer.gserviceaccount.com.
 	// Test will fail if this service account is deleted.