Skip to content

Commit

Permalink
[NET-10719] Fix cluster generation for jwt clusters for external jwt …
Browse files Browse the repository at this point in the history 
…providers (#21604)

* Fix cluster generation for jwt clusters for external jwt providers

* add changelog
  • Loading branch information
@jm96441n
jm96441n committed Aug 14, 2024
1 parent 8555404 commit 1fa4285
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 3 deletions.
3 changes: 3 additions & 0 deletions .changelog/21604.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:bug
api-gateway: **(Enterprise only)** ensure clusters are properly created for JWT providers with a remote URI for the JWKS endpoint
```
6 changes: 3 additions & 3 deletions agent/xds/clusters.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -148,7 +148,7 @@ func (s *ResourceGenerator) clustersFromSnapshotConnectProxy(cfgSnap *proxycfg.C

// add clusters for jwt-providers
for _, prov := range cfgSnap.JWTProviders {
//skip cluster creation for local providers
// skip cluster creation for local providers
if prov.JSONWebKeySet == nil || prov.JSONWebKeySet.Remote == nil {
continue
}
Expand Down Expand Up @@ -923,7 +923,6 @@ func (s *ResourceGenerator) injectGatewayDestinationAddons(cfgSnap *proxycfg.Con
}
c.TransportSocket = transportSocket
}

}
return nil
}
Expand Down Expand Up @@ -1004,6 +1003,8 @@ func (s *ResourceGenerator) clustersFromSnapshotAPIGateway(cfgSnap *proxycfg.Con

createdClusters[uid] = true
}

clusters = append(clusters, makeAPIGatewayJWKClusters(s.Logger, cfgSnap)...)
}
return clusters, nil
}
Expand Down Expand Up @@ -1145,7 +1146,6 @@ func (s *ResourceGenerator) makeUpstreamClusterForPeerService(
}

upstreamsSnapshot, err := cfgSnap.ToConfigSnapshotUpstreams()

if err != nil {
return c, err
}
Expand Down
7 changes: 7 additions & 0 deletions agent/xds/jwt_authn_ce.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,11 @@ package xds
import (
envoy_http_jwt_authn_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/jwt_authn/v3"
envoy_http_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3"
"google.golang.org/protobuf/proto"

"github.com/hashicorp/consul/agent/proxycfg"
"github.com/hashicorp/consul/agent/structs"
"github.com/hashicorp/go-hclog"
)

type GatewayAuthFilterBuilder struct {
Expand All @@ -22,3 +25,7 @@ type GatewayAuthFilterBuilder struct {
func (g *GatewayAuthFilterBuilder) makeGatewayAuthFilters() ([]*envoy_http_v3.HttpFilter, error) {
return nil, nil
}

func makeAPIGatewayJWKClusters(_ hclog.Logger, _ *proxycfg.ConfigSnapshot) []proto.Message {
return nil
}

0 comments on commit 1fa4285

Please sign in to comment.