feat: add cacheDuration for remoteJWKS in SecurityPolicy

[slayer321]

What type of PR is this?

feat: add cacheDuration and asyncFetch support for remoteJWKS in SecurityPolicy

What this PR does / why we need it:
Adds support for two new field under remoteJWKS i.e cacheDuration and asyncFetch

Which issue(s) this PR fixes:

Fixes #6520

Release Notes: Yes

[codecov]

Codecov Report

❌ Patch coverage is 85.00000% with 3 lines in your changes missing coverage. Please review.
✅ Project coverage is 71.03%. Comparing base (5c0df92) to head (d8d4847).
⚠️ Report is 4 commits behind head on main.

Files with missing lines	Patch %	Lines
internal/gatewayapi/securitypolicy.go	80.00%	2 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #6641      +/-   ##
==========================================
+ Coverage   70.97%   71.03%   +0.06%     
==========================================
  Files         227      227              
  Lines       40461    40470       +9     
==========================================
+ Hits        28716    28747      +31     
+ Misses      10039    10022      -17     
+ Partials     1706     1701       -5     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[arkodg]

lets use gwapiv1.Duration here

[arkodg]

can we rm AsyncFetch from this API PR, since its already enabled by default
prefer if we address retry semantics as part of #6525
this should help make this PR move faster

[slayer321]

Ok, so if I understand it correctly, in this PR, we just want to add the CacheDuration field and not the AsyncFetch field right?

[arkodg]

yeah thanks

[slayer321]

Hey @arkodg , I see that conformance-test is failing for v1.32.5 . I tried runing it locally and it passed.

Edit: I see it been passed now

[arkodg]

can we rm this from this PR

[arkodg]

since we are relying on a ptr value, preference here would be to wrap it around

if jwks.CacheDuration != nil {

cur, err := time.ParseDuration(string(*jwks.CacheDuration))
				if err != nil {
					return nil, err
				}
remote.CacheDuration = cDur
}

[arkodg]

lets rm // +kubebuilder:validation:Format=duration, we are relying on CEL validations of gwapiv1.Duration

[arkodg]

thanks @slayer321 can you fix make gen, by running make generate && make manifests and committing those changes

[arkodg]

can you fix the CI errors @slayer321 ?

[arkodg]

can you follow similar time fields in this file, which use metav1.Duration here to simplify test comparison

[slayer321]

eariler metav1.Duration was used but as mentioned here I updated it to gwapiv1.Duration

[arkodg]

Meta is under in the IR

[slayer321]

Hey @arkodg , I see two of the e2e tests are failing .. I check the logs and can see in v1.33.1, ipv4 test TestE2E/RateLimitHeaderMatch/all_matched_headers_can_got_limited is failing and in v1.32.5, ipv6 test TestE2E/RateLimitGlobalMergeTest/shared_no_client_selectors is failing .. I checked there are no changes releated to this in this PR. Please let me know if I'm missing something.

[arkodg]

LGTM thanks

[zirain]

can you add a release notes?