remove asyncFetch struct from xds ir

Signed-off-by: sachin maurya <[email protected]>

Author: slayer321

api/v1alpha1/jwt_types.go

@@ -113,7 +113,6 @@ type RemoteJWKS struct {
 	// Duration after which the cached JWKS should be expired. If not specified, default cache duration is 5 minutes.
 
 	// +kubebuilder:default="300s"
-	// +kubebuilder:validation:Format=duration
 	// +optional
 	CacheDuration *gwapiv1.Duration `json:"cacheDuration,omitempty"`
 }

charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_securitypolicies.yaml

@@ -3766,7 +3766,6 @@ spec:
                               description: |-
                                 Duration is a string value representing a duration in time. The format is as specified
                                 in GEP-2257, a strict subset of the syntax parsed by Golang time.ParseDuration.
-                              format: duration
                               pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
                               type: string
                             uri:

charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml

@@ -3765,7 +3765,6 @@ spec:
                               description: |-
                                 Duration is a string value representing a duration in time. The format is as specified
                                 in GEP-2257, a strict subset of the syntax parsed by Golang time.ParseDuration.
-                              format: duration
                               pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
                               type: string
                             uri:

internal/ir/xds.go

@@ -1082,17 +1082,6 @@ type RemoteJWKS struct {
 	CacheDuration *gwapiv1.Duration `json:"cacheDuration,omitempty"`
 }
 
-// JwksAsyncFetch is used to Fetch Jwks asynchronously in the main thread before the listener is activated.
-//
-// +k8s:deepcopy-gen=true
-type JwksAsyncFetch struct {
-	// If false, the listener is activated after the initial fetch is completed. The initial fetch result can be either successful or failed.
-	// If true, it is activated without waiting for the initial fetch to complete.
-	FastListener bool `json:"fastListener,omitempty"`
-	// The duration to refetch after a failed fetch.
-	FailedRefetchDuration *metav1.Duration `json:"failedRefetchDuration,omitempty"`
-}
-
 // OIDC defines the schema for authenticating HTTP requests using
 // OpenID Connect (OIDC).
 //

internal/ir/zz_generated.deepcopy.go

@@ -20,7 +20,6 @@ import (
 	"google.golang.org/protobuf/types/known/durationpb"
 	"google.golang.org/protobuf/types/known/emptypb"
 	"k8s.io/utils/ptr"
-	gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
 
 	egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1"
 	"github.com/envoyproxy/gateway/internal/ir"
@@ -151,16 +150,6 @@ func buildJWTAuthn(irListener *ir.HTTPListener) (*jwtauthnv3.JwtAuthentication,
 					jwksCluster = cluster.name
 				}
 
-				var duration *gwapiv1.Duration
-				if jwks.CacheDuration != nil {
-					duration = jwks.CacheDuration
-				}
-
-				timeDuration, err := time.ParseDuration(string(*duration))
-				if err != nil {
-					return nil, err
-				}
-
 				remote := &jwtauthnv3.JwtProvider_RemoteJwks{
 					RemoteJwks: &jwtauthnv3.RemoteJwks{
 						HttpUri: &corev3.HttpUri{
@@ -171,11 +160,16 @@ func buildJWTAuthn(irListener *ir.HTTPListener) (*jwtauthnv3.JwtAuthentication,
 							Timeout: durationpb.New(defaultExtServiceRequestTimeout),
 						},
 
-						CacheDuration: durationpb.New(timeDuration),
-						AsyncFetch:    &jwtauthnv3.JwksAsyncFetch{},
+						AsyncFetch: &jwtauthnv3.JwksAsyncFetch{},
 					},
 				}
-
+				if jwks.CacheDuration != nil {
+					cDur, err := time.ParseDuration(string(*jwks.CacheDuration))
+					if err != nil {
+						return nil, err
+					}
+					remote.RemoteJwks.CacheDuration = durationpb.New(cDur)
+				}
 				// Set the retry policy if it exists.
 				if jwks.Traffic != nil && jwks.Traffic.Retry != nil {
 					var rp *corev3.RetryPolicy