remove asyncFetch field and change cacheDuration type to gwapiv1.Duration

Signed-off-by: sachin maurya <[email protected]>

Author: slayer321

api/v1alpha1/jwt_types.go

@@ -6,7 +6,6 @@
 package v1alpha1
 
 import (
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
 )
 
@@ -116,23 +115,7 @@ type RemoteJWKS struct {
 	// +kubebuilder:default="300s"
 	// +kubebuilder:validation:Format=duration
 	// +optional
-	CacheDuration *metav1.Duration `json:"cacheDuration,omitempty"`
-
-	// Fetch Jwks asynchronously in the main thread before the listener is activated. Fetched Jwks can be used by all worker threads.
-	// +optional
-	AsyncFetch *JwksAsyncFetch `json:"asyncFetch,omitempty"`
-}
-
-// JwksAsyncFetch is used to Fetch Jwks asynchronously in the main thread before the listener is activated.
-type JwksAsyncFetch struct {
-	// If false, the listener is activated after the initial fetch is completed. The initial fetch result can be either successful or failed.
-	// If true, it is activated without waiting for the initial fetch to complete.
-
-	// +optional
-	FastListener bool `json:"fastListener,omitempty"`
-	// The duration to refetch after a failed fetch.
-	// +optional
-	FailedRefetchDuration *metav1.Duration `json:"failedRefetchDuration,omitempty"`
+	CacheDuration *gwapiv1.Duration `json:"cacheDuration,omitempty"`
 }
 
 // LocalJWKSType defines the types of values for Local JWKS.

api/v1alpha1/zz_generated.deepcopy.go

@@ -2774,18 +2774,6 @@ spec:
                             RemoteJWKS defines how to fetch and cache JSON Web Key Sets (JWKS) from a remote
                             HTTP/HTTPS endpoint.
                           properties:
-                            asyncFetch:
-                              description: Fetch Jwks asynchronously in the main thread
-                                before the listener is activated. Fetched Jwks can
-                                be used by all worker threads.
-                              properties:
-                                failedRefetchDuration:
-                                  description: The duration to refetch after a failed
-                                    fetch.
-                                  type: string
-                                fastListener:
-                                  type: boolean
-                              type: object
                             backendRef:
                               description: |-
                                 BackendRef references a Kubernetes object that represents the
@@ -3781,7 +3769,11 @@ spec:
                               type: object
                             cacheDuration:
                               default: 300s
+                              description: |-
+                                Duration is a string value representing a duration in time. The format is as specified
+                                in GEP-2257, a strict subset of the syntax parsed by Golang time.ParseDuration.
                               format: duration
+                              pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
                               type: string
                             uri:
                               description: |-

charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_securitypolicies.yaml

@@ -2773,18 +2773,6 @@ spec:
                             RemoteJWKS defines how to fetch and cache JSON Web Key Sets (JWKS) from a remote
                             HTTP/HTTPS endpoint.
                           properties:
-                            asyncFetch:
-                              description: Fetch Jwks asynchronously in the main thread
-                                before the listener is activated. Fetched Jwks can
-                                be used by all worker threads.
-                              properties:
-                                failedRefetchDuration:
-                                  description: The duration to refetch after a failed
-                                    fetch.
-                                  type: string
-                                fastListener:
-                                  type: boolean
-                              type: object
                             backendRef:
                               description: |-
                                 BackendRef references a Kubernetes object that represents the
@@ -3780,7 +3768,11 @@ spec:
                               type: object
                             cacheDuration:
                               default: 300s
+                              description: |-
+                                Duration is a string value representing a duration in time. The format is as specified
+                                in GEP-2257, a strict subset of the syntax parsed by Golang time.ParseDuration.
                               format: duration
+                              pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
                               type: string
                             uri:
                               description: |-

charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml

@@ -13,9 +13,6 @@ spec:
       remoteJWKS:
         uri: https://raw.githubusercontent.com/envoyproxy/gateway/main/examples/kubernetes/jwt/jwks.json
         cacheDuration: 60s
-        asyncFetch:
-          fastListener: true
-          failedRefetchDuration: 2s
 ---
 apiVersion: gateway.networking.k8s.io/v1
 kind: HTTPRoute

examples/kubernetes/jwt/jwt.yaml

@@ -383,7 +383,7 @@ securityPolicies:
       providers:
       - name: example
         remoteJWKS:
-          cacheDuration: 5m0s
+          cacheDuration: 300s
           uri: https://raw.githubusercontent.com/envoyproxy/gateway/main/examples/kubernetes/jwt/jwks.json
     targetRef:
       group: gateway.networking.k8s.io

internal/gatewayapi/resource/testdata/all-resources.out.yaml

@@ -1016,7 +1016,6 @@ func (t *Translator) buildRemoteJWKS(
 		Traffic:       traffic,
 		URI:           remoteJWKS.URI,
 		CacheDuration: remoteJWKS.CacheDuration,
-		AsyncFetch:    (*ir.JwksAsyncFetch)(remoteJWKS.AsyncFetch),
 	}, nil
 }
 

internal/gatewayapi/securitypolicy.go

@@ -1069,10 +1069,7 @@ type RemoteJWKS struct {
 	URI string `json:"uri"`
 
 	// Duration after which the cached JWKS should be expired. If not specified, default cache duration is 5 minutes.
-	CacheDuration *metav1.Duration `json:"cacheDuration,omitempty"`
-
-	// Fetch Jwks asynchronously in the main thread before the listener is activated. Fetched Jwks can be used by all worker threads.
-	AsyncFetch *JwksAsyncFetch `json:"asyncFetch,omitempty"`
+	CacheDuration *gwapiv1.Duration `json:"cacheDuration,omitempty"`
 }
 
 // JwksAsyncFetch is used to Fetch Jwks asynchronously in the main thread before the listener is activated.

internal/ir/xds.go

@@ -8,6 +8,7 @@ package translator
 import (
 	"errors"
 	"fmt"
+	"time"
 
 	corev3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
 	routev3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3"
@@ -18,8 +19,8 @@ import (
 	"google.golang.org/protobuf/types/known/anypb"
 	"google.golang.org/protobuf/types/known/durationpb"
 	"google.golang.org/protobuf/types/known/emptypb"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/utils/ptr"
+	gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
 
 	egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1"
 	"github.com/envoyproxy/gateway/internal/ir"
@@ -150,18 +151,14 @@ func buildJWTAuthn(irListener *ir.HTTPListener) (*jwtauthnv3.JwtAuthentication,
 					jwksCluster = cluster.name
 				}
 
-				var duration *metav1.Duration
+				var duration *gwapiv1.Duration
 				if jwks.CacheDuration != nil {
 					duration = jwks.CacheDuration
 				}
 
-				var asyncFetch jwtauthnv3.JwksAsyncFetch
-
-				if jwks.AsyncFetch != nil {
-					asyncFetch = jwtauthnv3.JwksAsyncFetch{
-						FastListener:          jwks.AsyncFetch.FastListener,
-						FailedRefetchDuration: durationpb.New(jwks.AsyncFetch.FailedRefetchDuration.Duration),
-					}
+				timeDuration, err := time.ParseDuration(string(*duration))
+				if err != nil {
+					return nil, err
 				}
 
 				remote := &jwtauthnv3.JwtProvider_RemoteJwks{
@@ -174,8 +171,8 @@ func buildJWTAuthn(irListener *ir.HTTPListener) (*jwtauthnv3.JwtAuthentication,
 							Timeout: &durationpb.Duration{Seconds: defaultExtServiceRequestTimeout},
 						},
 
-						CacheDuration: durationpb.New(duration.Duration),
-						AsyncFetch:    &asyncFetch,
+						CacheDuration: durationpb.New(timeDuration),
+						AsyncFetch:    &jwtauthnv3.JwksAsyncFetch{},
 					},
 				}