rename JWTAuthentication to JWT

Signed-off-by: huabing zhao <[email protected]>
envoyproxy · Oct 26, 2023 · 462e1e8 · 462e1e8
1 parent 9ebdb43
commit 462e1e8
Show file tree

Hide file tree

Showing 17 changed files with 89 additions and 90 deletions.
diff --git a/api/v1alpha1/securitypolicy_types.go b/api/v1alpha1/securitypolicy_types.go
@@ -47,11 +47,10 @@ type SecurityPolicySpec struct {
 	// +optional
 	CORS *CORS `json:"cors,omitempty"`
 
-	// JWTAuthentication defines the configuration for JSON Web Token (JWT)
-	// authentication.
+	// JWT defines the configuration for JSON Web Token (JWT) authentication.
 	//
 	// +optional
-	JWTAuthentication *JWTAuthentication `json:"jwtAuthentication,omitempty"`
+	JWT *JWT `json:"jwt,omitempty"`
 }
 
 // CORS defines the configuration for Cross-Origin Resource Sharing (CORS).
@@ -70,8 +69,8 @@ type CORS struct {
 	MaxAge *metav1.Duration `json:"maxAge,omitempty" yaml:"maxAge,omitempty"`
 }
 
-// JWTAuthentication defines the configuration for JSON Web Token (JWT) authentication.
-type JWTAuthentication struct {
+// JWT defines the configuration for JSON Web Token (JWT) authentication.
+type JWT struct {
 
 	// Providers defines the JSON Web Token (JWT) authentication provider type.
 	//

diff --git a/api/v1alpha1/validation/securitypolicy_validate.go b/api/v1alpha1/validation/securitypolicy_validate.go
@@ -40,7 +40,7 @@ func validateSecurityPolicySpec(spec *egv1a1.SecurityPolicySpec) error {
 		errs = append(errs, errors.New("spec is nil"))
 	case spec.CORS != nil:
 		sum++
-	case spec.JWTAuthentication != nil:
+	case spec.JWT != nil:
 		sum++
 	}
 	if sum == 0 {
@@ -52,15 +52,15 @@ func validateSecurityPolicySpec(spec *egv1a1.SecurityPolicySpec) error {
 		return utilerrors.NewAggregate(errs)
 	}
 
-	if err := ValidateJWTAuthentication(spec.JWTAuthentication.Providers); err != nil {
+	if err := ValidateJWTProvider(spec.JWT.Providers); err != nil {
 		errs = append(errs, err)
 	}
 
 	return utilerrors.NewAggregate(errs)
 }
 
-// ValidateJWTAuthentication validates the provided JWT authentication configuration.
-func ValidateJWTAuthentication(providers []egv1a1.JWTProvider) error {
+// ValidateJWTProvider validates the provided JWT authentication configuration.
+func ValidateJWTProvider(providers []egv1a1.JWTProvider) error {
 	var errs []error
 
 	if len(providers) == 0 {

diff --git a/api/v1alpha1/validation/securitypolicy_validate_test.go b/api/v1alpha1/validation/securitypolicy_validate_test.go
@@ -52,7 +52,7 @@ func TestValidateSecurityPolicy(t *testing.T) {
 					Name:      "test",
 				},
 				Spec: egv1a1.SecurityPolicySpec{
-					JWTAuthentication: &egv1a1.JWTAuthentication{
+					JWT: &egv1a1.JWT{
 						Providers: []egv1a1.JWTProvider{},
 					},
 				},
@@ -71,7 +71,7 @@ func TestValidateSecurityPolicy(t *testing.T) {
 					Name:      "test",
 				},
 				Spec: egv1a1.SecurityPolicySpec{
-					JWTAuthentication: &egv1a1.JWTAuthentication{
+					JWT: &egv1a1.JWT{
 						Providers: []egv1a1.JWTProvider{
 							{
 								Name:      "test",
@@ -99,7 +99,7 @@ func TestValidateSecurityPolicy(t *testing.T) {
 					Name:      "test",
 				},
 				Spec: egv1a1.SecurityPolicySpec{
-					JWTAuthentication: &egv1a1.JWTAuthentication{
+					JWT: &egv1a1.JWT{
 						Providers: []egv1a1.JWTProvider{
 							{
 								Name:      "test",
@@ -127,7 +127,7 @@ func TestValidateSecurityPolicy(t *testing.T) {
 					Name:      "test",
 				},
 				Spec: egv1a1.SecurityPolicySpec{
-					JWTAuthentication: &egv1a1.JWTAuthentication{
+					JWT: &egv1a1.JWT{
 						Providers: []egv1a1.JWTProvider{
 							{
 								Name:      "test",
@@ -161,7 +161,7 @@ func TestValidateSecurityPolicy(t *testing.T) {
 					Name:      "test",
 				},
 				Spec: egv1a1.SecurityPolicySpec{
-					JWTAuthentication: &egv1a1.JWTAuthentication{
+					JWT: &egv1a1.JWT{
 						Providers: []egv1a1.JWTProvider{
 							{
 								Name:      "unqualified_...",
@@ -189,7 +189,7 @@ func TestValidateSecurityPolicy(t *testing.T) {
 					Name:      "test",
 				},
 				Spec: egv1a1.SecurityPolicySpec{
-					JWTAuthentication: &egv1a1.JWTAuthentication{
+					JWT: &egv1a1.JWT{
 						Providers: []egv1a1.JWTProvider{
 							{
 								Name:      "",
@@ -217,7 +217,7 @@ func TestValidateSecurityPolicy(t *testing.T) {
 					Name:      "test",
 				},
 				Spec: egv1a1.SecurityPolicySpec{
-					JWTAuthentication: &egv1a1.JWTAuthentication{
+					JWT: &egv1a1.JWT{
 						Providers: []egv1a1.JWTProvider{
 							{
 								Name:      "unique",
@@ -261,7 +261,7 @@ func TestValidateSecurityPolicy(t *testing.T) {
 					Name:      "test",
 				},
 				Spec: egv1a1.SecurityPolicySpec{
-					JWTAuthentication: &egv1a1.JWTAuthentication{
+					JWT: &egv1a1.JWT{
 						Providers: []egv1a1.JWTProvider{
 							{
 								Name:      "test",
@@ -289,7 +289,7 @@ func TestValidateSecurityPolicy(t *testing.T) {
 					Name:      "test",
 				},
 				Spec: egv1a1.SecurityPolicySpec{
-					JWTAuthentication: &egv1a1.JWTAuthentication{
+					JWT: &egv1a1.JWT{
 						Providers: []egv1a1.JWTProvider{
 							{
 								Name:      "test",
@@ -317,7 +317,7 @@ func TestValidateSecurityPolicy(t *testing.T) {
 					Name:      "test",
 				},
 				Spec: egv1a1.SecurityPolicySpec{
-					JWTAuthentication: &egv1a1.JWTAuthentication{
+					JWT: &egv1a1.JWT{
 						Providers: []egv1a1.JWTProvider{
 							{
 								Name:      "test",
@@ -345,7 +345,7 @@ func TestValidateSecurityPolicy(t *testing.T) {
 					Name:      "test",
 				},
 				Spec: egv1a1.SecurityPolicySpec{
-					JWTAuthentication: &egv1a1.JWTAuthentication{
+					JWT: &egv1a1.JWT{
 						Providers: []egv1a1.JWTProvider{
 							{
 								Name:      "test",
@@ -372,7 +372,7 @@ func TestValidateSecurityPolicy(t *testing.T) {
 					Name:      "test",
 				},
 				Spec: egv1a1.SecurityPolicySpec{
-					JWTAuthentication: &egv1a1.JWTAuthentication{
+					JWT: &egv1a1.JWT{
 						Providers: []egv1a1.JWTProvider{
 							{
 								Name:      "test",
@@ -406,7 +406,7 @@ func TestValidateSecurityPolicy(t *testing.T) {
 					Name:      "test",
 				},
 				Spec: egv1a1.SecurityPolicySpec{
-					JWTAuthentication: &egv1a1.JWTAuthentication{
+					JWT: &egv1a1.JWT{
 						Providers: []egv1a1.JWTProvider{
 							{
 								Name:      "test",
@@ -440,7 +440,7 @@ func TestValidateSecurityPolicy(t *testing.T) {
 					Name:      "test",
 				},
 				Spec: egv1a1.SecurityPolicySpec{
-					JWTAuthentication: &egv1a1.JWTAuthentication{
+					JWT: &egv1a1.JWT{
 						Providers: []egv1a1.JWTProvider{
 							{
 								Name:      "test",
@@ -467,7 +467,7 @@ func TestValidateSecurityPolicy(t *testing.T) {
 					Name:      "test",
 				},
 				Spec: egv1a1.SecurityPolicySpec{
-					JWTAuthentication: &egv1a1.JWTAuthentication{
+					JWT: &egv1a1.JWT{
 						Providers: []egv1a1.JWTProvider{
 							{
 								Name:   "test",

diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml
@@ -98,9 +98,9 @@ spec:
                       request can be cached.
                     type: string
                 type: object
-              jwtAuthentication:
-                description: JWTAuthentication defines the configuration for JSON
-                  Web Token (JWT) authentication.
+              jwt:
+                description: JWT defines the configuration for JSON Web Token (JWT)
+                  authentication.
                 properties:
                   providers:
                     description: "Providers defines the JSON Web Token (JWT) authentication

diff --git a/internal/gatewayapi/securitypolicy.go b/internal/gatewayapi/securitypolicy.go
@@ -223,16 +223,16 @@ func resolveSecurityPolicyRouteTargetRef(policy *egv1a1.SecurityPolicy, routes m
 func (t *Translator) translateSecurityPolicyForRoute(policy *egv1a1.SecurityPolicy, route RouteContext, xdsIR XdsIRMap) {
 	// Build IR
 	var (
-		cors              *ir.CORS
-		jwtAuthentication *ir.JWTAuthentication
+		cors *ir.CORS
+		jwt  *ir.JWT
 	)
 
 	if policy.Spec.CORS != nil {
 		cors = t.buildCORS(policy)
 	}
 
-	if policy.Spec.JWTAuthentication != nil {
-		jwtAuthentication = t.buildJWTAuthentication(policy)
+	if policy.Spec.JWT != nil {
+		jwt = t.buildJWT(policy)
 	}
 
 	// Apply IR to all relevant routes
@@ -245,7 +245,7 @@ func (t *Translator) translateSecurityPolicyForRoute(policy *egv1a1.SecurityPoli
 				// route is associated with a Gateway API xRoute
 				if strings.HasPrefix(r.Name, prefix) {
 					r.CORS = cors
-					r.JWTAuthentication = jwtAuthentication
+					r.JWT = jwt
 				}
 			}
 		}
@@ -256,16 +256,16 @@ func (t *Translator) translateSecurityPolicyForRoute(policy *egv1a1.SecurityPoli
 func (t *Translator) translateSecurityPolicyForGateway(policy *egv1a1.SecurityPolicy, gateway *GatewayContext, xdsIR XdsIRMap) {
 	// Build IR
 	var (
-		cors              *ir.CORS
-		jwtAuthentication *ir.JWTAuthentication
+		cors *ir.CORS
+		jwt  *ir.JWT
 	)
 
 	if policy.Spec.CORS != nil {
 		cors = t.buildCORS(policy)
 	}
 
-	if policy.Spec.JWTAuthentication != nil {
-		jwtAuthentication = t.buildJWTAuthentication(policy)
+	if policy.Spec.JWT != nil {
+		jwt = t.buildJWT(policy)
 	}
 
 	// Apply IR to all the routes within the specific Gateway
@@ -281,8 +281,8 @@ func (t *Translator) translateSecurityPolicyForGateway(policy *egv1a1.SecurityPo
 			if r.CORS == nil {
 				r.CORS = cors
 			}
-			if r.JWTAuthentication == nil {
-				r.JWTAuthentication = jwtAuthentication
+			if r.JWT == nil {
+				r.JWT = jwt
 			}
 		}
 	}
@@ -331,8 +331,8 @@ func (t *Translator) buildCORS(policy *egv1a1.SecurityPolicy) *ir.CORS {
 	}
 }
 
-func (t *Translator) buildJWTAuthentication(policy *egv1a1.SecurityPolicy) *ir.JWTAuthentication {
-	return &ir.JWTAuthentication{
-		Providers: policy.Spec.JWTAuthentication.Providers,
+func (t *Translator) buildJWT(policy *egv1a1.SecurityPolicy) *ir.JWT {
+	return &ir.JWT{
+		Providers: policy.Spec.JWT.Providers,
 	}
 }
diff --git a/...data/securitypolicy-with-jwtauthn.in.yaml → .../testdata/securitypolicy-with-jwt.in.yaml b/...data/securitypolicy-with-jwtauthn.in.yaml → .../testdata/securitypolicy-with-jwt.in.yaml
@@ -74,7 +74,7 @@ securityPolicies:
       kind: Gateway
       name: gateway-1
       namespace: envoy-gateway
-    jwtAuthentication:
+    jwt:
       providers:
       - name: example1
         issuer: https://one.example.com
@@ -105,7 +105,7 @@ securityPolicies:
       kind: HTTPRoute
       name: httproute-1
       namespace: default
-    jwtAuthentication:
+    jwt:
       providers:
       - name: example3
         issuer: https://three.example.com

diff --git a/...ata/securitypolicy-with-jwtauthn.out.yaml → ...testdata/securitypolicy-with-jwt.out.yaml b/...ata/securitypolicy-with-jwtauthn.out.yaml → ...testdata/securitypolicy-with-jwt.out.yaml
@@ -189,7 +189,7 @@ securityPolicies:
     name: policy-for-route
     namespace: default
   spec:
-    jwtAuthentication:
+    jwt:
       providers:
       - audiences:
         - three.foo.com
@@ -219,7 +219,7 @@ securityPolicies:
     name: policy-for-gateway
     namespace: envoy-gateway
   spec:
-    jwtAuthentication:
+    jwt:
       providers:
       - audiences:
         - one.foo.com
@@ -275,7 +275,7 @@ xdsIR:
               port: 8080
             weight: 1
         hostname: '*'
-        jwtAuthentication:
+        jwt:
           providers:
           - audiences:
             - one.foo.com
@@ -319,7 +319,7 @@ xdsIR:
               port: 8080
             weight: 1
         hostname: gateway.envoyproxy.io
-        jwtAuthentication:
+        jwt:
           providers:
           - audiences:
             - three.foo.com