Use new authN api in our bookinfo example

[andrewedstrom]

Per @rshriram's suggestion in the istio slack, we should update https://github.com/istio-ecosystem/authservice/blob/master/bookinfo-example/config/bookinfo-authn-policy-template-adding-reviews.yaml to use the new authN api

I believe it's called RequestAuthentication. Should be a pretty small fix.

[zimmertr]

I believe they will look something like this. Can anyone confirm? I am having trouble determining if I have misconfigured the RequestAuthentication and AuthorizationPolicy.

apiVersion: security.istio.io/v1beta1
kind: RequestAuthentication
metadata:
  name: bookinfo-productpage
  namespace: bookinfo
spec:
  selector:
    matchLabels:
      app: productpage
  jwtRules:
  - issuer: https://kubernetes.docker.internal/auth/realms/example
    jwksUri: https://kubernetes.docker.internal/auth/realms/example/protocol/openid-connect/certs
  principalBinding: USE_ORIGIN

apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name: bookinfo-productpage
  namespace: bookinfo
spec:
  selector:
    matchLabels:
      app: productpage
  # rules:
  # - from:
  #   - source:
  #       requestPrincipals: ["*"]

[zimmertr]

Second, I am using Keycloak as my OIDC provider. You can see my JWT Issuer rules in the RequestAuthentication resource above. If these lines are commented out, /productpage will return a 403. If they are NOT commented out, /productpage will return a 200. This seems strange to me as the docs suggest I should expect a 401 when requests are being denied. Furthermore, why are requests being allowed when I add the JWT rule and denied when it is absent?