[X.509] Multi-CA Trust via Label Selectors #897
Description
Summary
Test Authorino's fine-grained multi-CA trust capability via label selectors — demonstrating that AuthPolicy can trust multiple intermediate CAs independently, unlike the single root CA approach at the gateway level.
Setup
- AuthPolicy trusting multiple intermediate CAs via label selectors
- Multiple CA Secrets with different labels (e.g.,
ca-team-a,ca-team-b)
Tests
- Client cert signed by CA with matching label →
200 OK - Client cert signed by CA without matching label →
403 Forbidden