diff --git a/api/v1alpha1/securitypolicy_types.go b/api/v1alpha1/securitypolicy_types.go index 0d9e29c53774..c9d346f100ff 100644 --- a/api/v1alpha1/securitypolicy_types.go +++ b/api/v1alpha1/securitypolicy_types.go @@ -47,11 +47,10 @@ type SecurityPolicySpec struct { // +optional CORS *CORS `json:"cors,omitempty"` - // JWTAuthentication defines the configuration for JSON Web Token (JWT) - // authentication. + // JWT defines the configuration for JSON Web Token (JWT) authentication. // // +optional - JWTAuthentication *JWTAuthentication `json:"jwtAuthentication,omitempty"` + JWT *JWT `json:"jwt,omitempty"` } // CORS defines the configuration for Cross-Origin Resource Sharing (CORS). @@ -70,8 +69,8 @@ type CORS struct { MaxAge *metav1.Duration `json:"maxAge,omitempty" yaml:"maxAge,omitempty"` } -// JWTAuthentication defines the configuration for JSON Web Token (JWT) authentication. -type JWTAuthentication struct { +// JWT defines the configuration for JSON Web Token (JWT) authentication. +type JWT struct { // Providers defines the JSON Web Token (JWT) authentication provider type. // diff --git a/api/v1alpha1/validation/securitypolicy_validate.go b/api/v1alpha1/validation/securitypolicy_validate.go index 3f8f45f83c28..59a55abcac5e 100644 --- a/api/v1alpha1/validation/securitypolicy_validate.go +++ b/api/v1alpha1/validation/securitypolicy_validate.go @@ -40,7 +40,7 @@ func validateSecurityPolicySpec(spec *egv1a1.SecurityPolicySpec) error { errs = append(errs, errors.New("spec is nil")) case spec.CORS != nil: sum++ - case spec.JWTAuthentication != nil: + case spec.JWT != nil: sum++ } if sum == 0 { @@ -52,15 +52,15 @@ func validateSecurityPolicySpec(spec *egv1a1.SecurityPolicySpec) error { return utilerrors.NewAggregate(errs) } - if err := ValidateJWTAuthentication(spec.JWTAuthentication.Providers); err != nil { + if err := ValidateJWTProvider(spec.JWT.Providers); err != nil { errs = append(errs, err) } return utilerrors.NewAggregate(errs) } -// ValidateJWTAuthentication validates the provided JWT authentication configuration. -func ValidateJWTAuthentication(providers []egv1a1.JWTProvider) error { +// ValidateJWTProvider validates the provided JWT authentication configuration. +func ValidateJWTProvider(providers []egv1a1.JWTProvider) error { var errs []error if len(providers) == 0 { diff --git a/api/v1alpha1/validation/securitypolicy_validate_test.go b/api/v1alpha1/validation/securitypolicy_validate_test.go index d688fb66e0f5..e84d9fc1f175 100644 --- a/api/v1alpha1/validation/securitypolicy_validate_test.go +++ b/api/v1alpha1/validation/securitypolicy_validate_test.go @@ -52,7 +52,7 @@ func TestValidateSecurityPolicy(t *testing.T) { Name: "test", }, Spec: egv1a1.SecurityPolicySpec{ - JWTAuthentication: &egv1a1.JWTAuthentication{ + JWT: &egv1a1.JWT{ Providers: []egv1a1.JWTProvider{}, }, }, @@ -71,7 +71,7 @@ func TestValidateSecurityPolicy(t *testing.T) { Name: "test", }, Spec: egv1a1.SecurityPolicySpec{ - JWTAuthentication: &egv1a1.JWTAuthentication{ + JWT: &egv1a1.JWT{ Providers: []egv1a1.JWTProvider{ { Name: "test", @@ -99,7 +99,7 @@ func TestValidateSecurityPolicy(t *testing.T) { Name: "test", }, Spec: egv1a1.SecurityPolicySpec{ - JWTAuthentication: &egv1a1.JWTAuthentication{ + JWT: &egv1a1.JWT{ Providers: []egv1a1.JWTProvider{ { Name: "test", @@ -127,7 +127,7 @@ func TestValidateSecurityPolicy(t *testing.T) { Name: "test", }, Spec: egv1a1.SecurityPolicySpec{ - JWTAuthentication: &egv1a1.JWTAuthentication{ + JWT: &egv1a1.JWT{ Providers: []egv1a1.JWTProvider{ { Name: "test", @@ -161,7 +161,7 @@ func TestValidateSecurityPolicy(t *testing.T) { Name: "test", }, Spec: egv1a1.SecurityPolicySpec{ - JWTAuthentication: &egv1a1.JWTAuthentication{ + JWT: &egv1a1.JWT{ Providers: []egv1a1.JWTProvider{ { Name: "unqualified_...", @@ -189,7 +189,7 @@ func TestValidateSecurityPolicy(t *testing.T) { Name: "test", }, Spec: egv1a1.SecurityPolicySpec{ - JWTAuthentication: &egv1a1.JWTAuthentication{ + JWT: &egv1a1.JWT{ Providers: []egv1a1.JWTProvider{ { Name: "", @@ -217,7 +217,7 @@ func TestValidateSecurityPolicy(t *testing.T) { Name: "test", }, Spec: egv1a1.SecurityPolicySpec{ - JWTAuthentication: &egv1a1.JWTAuthentication{ + JWT: &egv1a1.JWT{ Providers: []egv1a1.JWTProvider{ { Name: "unique", @@ -261,7 +261,7 @@ func TestValidateSecurityPolicy(t *testing.T) { Name: "test", }, Spec: egv1a1.SecurityPolicySpec{ - JWTAuthentication: &egv1a1.JWTAuthentication{ + JWT: &egv1a1.JWT{ Providers: []egv1a1.JWTProvider{ { Name: "test", @@ -289,7 +289,7 @@ func TestValidateSecurityPolicy(t *testing.T) { Name: "test", }, Spec: egv1a1.SecurityPolicySpec{ - JWTAuthentication: &egv1a1.JWTAuthentication{ + JWT: &egv1a1.JWT{ Providers: []egv1a1.JWTProvider{ { Name: "test", @@ -317,7 +317,7 @@ func TestValidateSecurityPolicy(t *testing.T) { Name: "test", }, Spec: egv1a1.SecurityPolicySpec{ - JWTAuthentication: &egv1a1.JWTAuthentication{ + JWT: &egv1a1.JWT{ Providers: []egv1a1.JWTProvider{ { Name: "test", @@ -345,7 +345,7 @@ func TestValidateSecurityPolicy(t *testing.T) { Name: "test", }, Spec: egv1a1.SecurityPolicySpec{ - JWTAuthentication: &egv1a1.JWTAuthentication{ + JWT: &egv1a1.JWT{ Providers: []egv1a1.JWTProvider{ { Name: "test", @@ -372,7 +372,7 @@ func TestValidateSecurityPolicy(t *testing.T) { Name: "test", }, Spec: egv1a1.SecurityPolicySpec{ - JWTAuthentication: &egv1a1.JWTAuthentication{ + JWT: &egv1a1.JWT{ Providers: []egv1a1.JWTProvider{ { Name: "test", @@ -406,7 +406,7 @@ func TestValidateSecurityPolicy(t *testing.T) { Name: "test", }, Spec: egv1a1.SecurityPolicySpec{ - JWTAuthentication: &egv1a1.JWTAuthentication{ + JWT: &egv1a1.JWT{ Providers: []egv1a1.JWTProvider{ { Name: "test", @@ -440,7 +440,7 @@ func TestValidateSecurityPolicy(t *testing.T) { Name: "test", }, Spec: egv1a1.SecurityPolicySpec{ - JWTAuthentication: &egv1a1.JWTAuthentication{ + JWT: &egv1a1.JWT{ Providers: []egv1a1.JWTProvider{ { Name: "test", @@ -467,7 +467,7 @@ func TestValidateSecurityPolicy(t *testing.T) { Name: "test", }, Spec: egv1a1.SecurityPolicySpec{ - JWTAuthentication: &egv1a1.JWTAuthentication{ + JWT: &egv1a1.JWT{ Providers: []egv1a1.JWTProvider{ { Name: "test", diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index 64524f347724..be47b98c57d3 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -1299,7 +1299,7 @@ func (in *JSONPatchOperation) DeepCopy() *JSONPatchOperation { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *JWTAuthentication) DeepCopyInto(out *JWTAuthentication) { +func (in *JWT) DeepCopyInto(out *JWT) { *out = *in if in.Providers != nil { in, out := &in.Providers, &out.Providers @@ -1310,12 +1310,12 @@ func (in *JWTAuthentication) DeepCopyInto(out *JWTAuthentication) { } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTAuthentication. -func (in *JWTAuthentication) DeepCopy() *JWTAuthentication { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWT. +func (in *JWT) DeepCopy() *JWT { if in == nil { return nil } - out := new(JWTAuthentication) + out := new(JWT) in.DeepCopyInto(out) return out } @@ -2271,9 +2271,9 @@ func (in *SecurityPolicySpec) DeepCopyInto(out *SecurityPolicySpec) { *out = new(CORS) (*in).DeepCopyInto(*out) } - if in.JWTAuthentication != nil { - in, out := &in.JWTAuthentication, &out.JWTAuthentication - *out = new(JWTAuthentication) + if in.JWT != nil { + in, out := &in.JWT, &out.JWT + *out = new(JWT) (*in).DeepCopyInto(*out) } } diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml index feb30bbdf3ae..d371e6b02ca1 100644 --- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml +++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml @@ -98,9 +98,9 @@ spec: request can be cached. type: string type: object - jwtAuthentication: - description: JWTAuthentication defines the configuration for JSON - Web Token (JWT) authentication. + jwt: + description: JWT defines the configuration for JSON Web Token (JWT) + authentication. properties: providers: description: "Providers defines the JSON Web Token (JWT) authentication diff --git a/internal/gatewayapi/securitypolicy.go b/internal/gatewayapi/securitypolicy.go index 0f73665e6a39..1b52af2bbf9a 100644 --- a/internal/gatewayapi/securitypolicy.go +++ b/internal/gatewayapi/securitypolicy.go @@ -223,16 +223,16 @@ func resolveSecurityPolicyRouteTargetRef(policy *egv1a1.SecurityPolicy, routes m func (t *Translator) translateSecurityPolicyForRoute(policy *egv1a1.SecurityPolicy, route RouteContext, xdsIR XdsIRMap) { // Build IR var ( - cors *ir.CORS - jwtAuthentication *ir.JWTAuthentication + cors *ir.CORS + jwt *ir.JWT ) if policy.Spec.CORS != nil { cors = t.buildCORS(policy) } - if policy.Spec.JWTAuthentication != nil { - jwtAuthentication = t.buildJWTAuthentication(policy) + if policy.Spec.JWT != nil { + jwt = t.buildJWT(policy) } // Apply IR to all relevant routes @@ -245,7 +245,7 @@ func (t *Translator) translateSecurityPolicyForRoute(policy *egv1a1.SecurityPoli // route is associated with a Gateway API xRoute if strings.HasPrefix(r.Name, prefix) { r.CORS = cors - r.JWTAuthentication = jwtAuthentication + r.JWT = jwt } } } @@ -256,16 +256,16 @@ func (t *Translator) translateSecurityPolicyForRoute(policy *egv1a1.SecurityPoli func (t *Translator) translateSecurityPolicyForGateway(policy *egv1a1.SecurityPolicy, gateway *GatewayContext, xdsIR XdsIRMap) { // Build IR var ( - cors *ir.CORS - jwtAuthentication *ir.JWTAuthentication + cors *ir.CORS + jwt *ir.JWT ) if policy.Spec.CORS != nil { cors = t.buildCORS(policy) } - if policy.Spec.JWTAuthentication != nil { - jwtAuthentication = t.buildJWTAuthentication(policy) + if policy.Spec.JWT != nil { + jwt = t.buildJWT(policy) } // Apply IR to all the routes within the specific Gateway @@ -281,8 +281,8 @@ func (t *Translator) translateSecurityPolicyForGateway(policy *egv1a1.SecurityPo if r.CORS == nil { r.CORS = cors } - if r.JWTAuthentication == nil { - r.JWTAuthentication = jwtAuthentication + if r.JWT == nil { + r.JWT = jwt } } } @@ -331,8 +331,8 @@ func (t *Translator) buildCORS(policy *egv1a1.SecurityPolicy) *ir.CORS { } } -func (t *Translator) buildJWTAuthentication(policy *egv1a1.SecurityPolicy) *ir.JWTAuthentication { - return &ir.JWTAuthentication{ - Providers: policy.Spec.JWTAuthentication.Providers, +func (t *Translator) buildJWT(policy *egv1a1.SecurityPolicy) *ir.JWT { + return &ir.JWT{ + Providers: policy.Spec.JWT.Providers, } } diff --git a/internal/gatewayapi/testdata/securitypolicy-with-jwtauthn.in.yaml b/internal/gatewayapi/testdata/securitypolicy-with-jwt.in.yaml similarity index 98% rename from internal/gatewayapi/testdata/securitypolicy-with-jwtauthn.in.yaml rename to internal/gatewayapi/testdata/securitypolicy-with-jwt.in.yaml index abb1eabe0f02..b7eec111123f 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-jwtauthn.in.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-jwt.in.yaml @@ -74,7 +74,7 @@ securityPolicies: kind: Gateway name: gateway-1 namespace: envoy-gateway - jwtAuthentication: + jwt: providers: - name: example1 issuer: https://one.example.com @@ -105,7 +105,7 @@ securityPolicies: kind: HTTPRoute name: httproute-1 namespace: default - jwtAuthentication: + jwt: providers: - name: example3 issuer: https://three.example.com diff --git a/internal/gatewayapi/testdata/securitypolicy-with-jwtauthn.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-jwt.out.yaml similarity index 98% rename from internal/gatewayapi/testdata/securitypolicy-with-jwtauthn.out.yaml rename to internal/gatewayapi/testdata/securitypolicy-with-jwt.out.yaml index 9063c6ce7eda..8acf1b66a513 100755 --- a/internal/gatewayapi/testdata/securitypolicy-with-jwtauthn.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-jwt.out.yaml @@ -189,7 +189,7 @@ securityPolicies: name: policy-for-route namespace: default spec: - jwtAuthentication: + jwt: providers: - audiences: - three.foo.com @@ -219,7 +219,7 @@ securityPolicies: name: policy-for-gateway namespace: envoy-gateway spec: - jwtAuthentication: + jwt: providers: - audiences: - one.foo.com @@ -275,7 +275,7 @@ xdsIR: port: 8080 weight: 1 hostname: '*' - jwtAuthentication: + jwt: providers: - audiences: - one.foo.com @@ -319,7 +319,7 @@ xdsIR: port: 8080 weight: 1 hostname: gateway.envoyproxy.io - jwtAuthentication: + jwt: providers: - audiences: - three.foo.com diff --git a/internal/ir/xds.go b/internal/ir/xds.go index 2fe80e2762ef..6a7a0041918f 100644 --- a/internal/ir/xds.go +++ b/internal/ir/xds.go @@ -281,8 +281,8 @@ type HTTPRoute struct { LoadBalancer *LoadBalancer `json:"loadBalancer,omitempty" yaml:"loadBalancer,omitempty"` // CORS policy for the route. CORS *CORS `json:"cors,omitempty" yaml:"cors,omitempty"` - // JWTAuthentication defines the schema for authenticating HTTP requests using JSON Web Tokens (JWT). - JWTAuthentication *JWTAuthentication `json:"jwtAuthentication,omitempty" yaml:"jwtAuthentication,omitempty"` + // JWT defines the schema for authenticating HTTP requests using JSON Web Tokens (JWT). + JWT *JWT `json:"jwt,omitempty" yaml:"jwt,omitempty"` // ExtensionRefs holds unstructured resources that were introduced by an extension and used on the HTTPRoute as extensionRef filters ExtensionRefs []*UnstructuredRef `json:"extensionRefs,omitempty" yaml:"extensionRefs,omitempty"` } @@ -334,11 +334,11 @@ type CORS struct { MaxAge *metav1.Duration `json:"maxAge,omitempty" yaml:"maxAge,omitempty"` } -// JWTAuthentication defines the schema for authenticating HTTP requests using +// JWT defines the schema for authenticating HTTP requests using // JSON Web Tokens (JWT). // // +k8s:deepcopy-gen=true -type JWTAuthentication struct { +type JWT struct { // Providers defines a list of JSON Web Token (JWT) authentication providers. Providers []egv1a1.JWTProvider `json:"providers,omitempty" yaml:"providers,omitempty"` } @@ -459,8 +459,8 @@ func (h HTTPRoute) Validate() error { errs = multierror.Append(errs, err) } } - if h.JWTAuthentication != nil { - if err := h.JWTAuthentication.validate(); err != nil { + if h.JWT != nil { + if err := h.JWT.validate(); err != nil { errs = multierror.Append(errs, err) } } @@ -478,10 +478,10 @@ func (j *JwtRequestAuthentication) Validate() error { return errs } -func (j *JWTAuthentication) validate() error { +func (j *JWT) validate() error { var errs error - if err := validation.ValidateJWTAuthentication(j.Providers); err != nil { + if err := validation.ValidateJWTProvider(j.Providers); err != nil { errs = multierror.Append(errs, err) } diff --git a/internal/ir/xds_test.go b/internal/ir/xds_test.go index 19f6548787da..17ca98787518 100644 --- a/internal/ir/xds_test.go +++ b/internal/ir/xds_test.go @@ -426,7 +426,7 @@ var ( PathMatch: &StringMatch{ Exact: ptrTo("jwtauthen"), }, - JWTAuthentication: &JWTAuthentication{ + JWT: &JWT{ Providers: []egv1a1.JWTProvider{ { Name: "test1", @@ -1070,19 +1070,19 @@ func TestValidateStringMatch(t *testing.T) { func TestValidateJwtRequestAuthentication(t *testing.T) { tests := []struct { name string - input JWTAuthentication + input JWT want error }{ { name: "nil rules", - input: JWTAuthentication{ + input: JWT{ Providers: nil, }, want: nil, }, { name: "provider with remote jwks uri", - input: JWTAuthentication{ + input: JWT{ Providers: []egv1a1.JWTProvider{ { Name: "test", diff --git a/internal/ir/zz_generated.deepcopy.go b/internal/ir/zz_generated.deepcopy.go index be94dd1cb355..8044ec291a5a 100644 --- a/internal/ir/zz_generated.deepcopy.go +++ b/internal/ir/zz_generated.deepcopy.go @@ -461,9 +461,9 @@ func (in *HTTPRoute) DeepCopyInto(out *HTTPRoute) { *out = new(CORS) (*in).DeepCopyInto(*out) } - if in.JWTAuthentication != nil { - in, out := &in.JWTAuthentication, &out.JWTAuthentication - *out = new(JWTAuthentication) + if in.JWT != nil { + in, out := &in.JWT, &out.JWT + *out = new(JWT) (*in).DeepCopyInto(*out) } if in.ExtensionRefs != nil { @@ -586,7 +586,7 @@ func (in *JSONPatchOperation) DeepCopy() *JSONPatchOperation { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *JWTAuthentication) DeepCopyInto(out *JWTAuthentication) { +func (in *JWT) DeepCopyInto(out *JWT) { *out = *in if in.Providers != nil { in, out := &in.Providers, &out.Providers @@ -597,12 +597,12 @@ func (in *JWTAuthentication) DeepCopyInto(out *JWTAuthentication) { } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTAuthentication. -func (in *JWTAuthentication) DeepCopy() *JWTAuthentication { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWT. +func (in *JWT) DeepCopy() *JWT { if in == nil { return nil } - out := new(JWTAuthentication) + out := new(JWT) in.DeepCopyInto(out) return out } diff --git a/internal/xds/translator/jwt_authn.go b/internal/xds/translator/jwt_authn.go index 611f99d57895..7003bcac3fb7 100644 --- a/internal/xds/translator/jwt_authn.go +++ b/internal/xds/translator/jwt_authn.go @@ -99,8 +99,8 @@ func buildJWTAuthn(irListener *ir.HTTPListener) (*jwtauthnv3.JwtAuthentication, for _, route := range irListener.Routes { if route != nil && routeContainsJWTAuthn(route) { var reqs []*jwtauthnv3.JwtRequirement - for i := range route.JWTAuthentication.Providers { - irProvider := route.JWTAuthentication.Providers[i] + for i := range route.JWT.Providers { + irProvider := route.JWT.Providers[i] // Create the cluster for the remote jwks, if it doesn't exist. jwksCluster, err := newJWKSCluster(&irProvider) if err != nil { @@ -246,8 +246,8 @@ func createJWKSClusters(tCtx *types.ResourceVersionTable, routes []*ir.HTTPRoute for _, route := range routes { if routeContainsJWTAuthn(route) { - for i := range route.JWTAuthentication.Providers { - provider := route.JWTAuthentication.Providers[i] + for i := range route.JWT.Providers { + provider := route.JWT.Providers[i] jwks, err := newJWKSCluster(&provider) epType := DefaultEndpointType if jwks.isStatic { @@ -349,9 +349,9 @@ func routeContainsJWTAuthn(irRoute *ir.HTTPRoute) bool { } if irRoute != nil && - irRoute.JWTAuthentication != nil && - irRoute.JWTAuthentication.Providers != nil && - len(irRoute.JWTAuthentication.Providers) > 0 { + irRoute.JWT != nil && + irRoute.JWT.Providers != nil && + len(irRoute.JWT.Providers) > 0 { return true } diff --git a/internal/xds/translator/testdata/in/xds-ir/jwt-authn-multi-route-multi-provider.yaml b/internal/xds/translator/testdata/in/xds-ir/jwt-authn-multi-route-multi-provider.yaml index 42939898c16e..6abee5f05755 100644 --- a/internal/xds/translator/testdata/in/xds-ir/jwt-authn-multi-route-multi-provider.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/jwt-authn-multi-route-multi-provider.yaml @@ -9,7 +9,7 @@ http: hostname: "*" pathMatch: exact: "foo/bar" - jwtAuthentication: + jwt: providers: - name: example issuer: https://www.example.com @@ -42,7 +42,7 @@ http: hostname: "*" pathMatch: exact: "foo/baz" - jwtAuthentication: + jwt: providers: - name: example issuer: https://www.example.com diff --git a/internal/xds/translator/testdata/in/xds-ir/jwt-authn-multi-route-single-provider.yaml b/internal/xds/translator/testdata/in/xds-ir/jwt-authn-multi-route-single-provider.yaml index 85d96eab0f13..d9699c052f9e 100644 --- a/internal/xds/translator/testdata/in/xds-ir/jwt-authn-multi-route-single-provider.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/jwt-authn-multi-route-single-provider.yaml @@ -12,7 +12,7 @@ http: hostname: "*" pathMatch: exact: "foo/bar" - jwtAuthentication: + jwt: providers: - name: example issuer: https://www.example.com @@ -33,7 +33,7 @@ http: hostname: "*" pathMatch: exact: "foo/baz" - jwtAuthentication: + jwt: providers: - name: example issuer: https://www.example.com diff --git a/internal/xds/translator/testdata/in/xds-ir/jwt-authn-ratelimit.yaml b/internal/xds/translator/testdata/in/xds-ir/jwt-authn-ratelimit.yaml index 9ad8902e0dd8..f4b24fe35256 100644 --- a/internal/xds/translator/testdata/in/xds-ir/jwt-authn-ratelimit.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/jwt-authn-ratelimit.yaml @@ -24,7 +24,7 @@ http: - endpoints: - host: "1.2.3.4" port: 50000 - jwtAuthentication: + jwt: providers: - name: example issuer: https://www.example.com diff --git a/internal/xds/translator/testdata/in/xds-ir/jwt-authn-single-route-single-match.yaml b/internal/xds/translator/testdata/in/xds-ir/jwt-authn-single-route-single-match.yaml index b99fce84984e..cb7b0a209461 100644 --- a/internal/xds/translator/testdata/in/xds-ir/jwt-authn-single-route-single-match.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/jwt-authn-single-route-single-match.yaml @@ -9,7 +9,7 @@ http: hostname: "*" pathMatch: exact: "foo/bar" - jwtAuthentication: + jwt: providers: - name: example issuer: https://www.example.com diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md index 9d48a602f498..b79f1dc2b949 100644 --- a/site/content/en/latest/api/extension_types.md +++ b/site/content/en/latest/api/extension_types.md @@ -907,11 +907,11 @@ _Appears in:_ -#### JWTAuthentication +#### JWT -JWTAuthentication defines the configuration for JSON Web Token (JWT) authentication. +JWT defines the configuration for JSON Web Token (JWT) authentication. _Appears in:_ - [SecurityPolicySpec](#securitypolicyspec) @@ -929,7 +929,7 @@ _Appears in:_ JWTProvider defines how a JSON Web Token (JWT) can be verified. _Appears in:_ -- [JWTAuthentication](#jwtauthentication) +- [JWT](#jwt) | Field | Description | | --- | --- | @@ -1674,7 +1674,7 @@ _Appears in:_ | --- | --- | | `targetRef` _[PolicyTargetReferenceWithSectionName](#policytargetreferencewithsectionname)_ | TargetRef is the name of the Gateway resource this policy is being attached to. This Policy and the TargetRef MUST be in the same namespace for this Policy to have effect and be applied to the Gateway. TargetRef | | `cors` _[CORS](#cors)_ | CORS defines the configuration for Cross-Origin Resource Sharing (CORS). | -| `jwtAuthentication` _[JWTAuthentication](#jwtauthentication)_ | JWTAuthentication defines the configuration for JSON Web Token (JWT) authentication. | +| `jwt` _[JWT](#jwt)_ | JWT defines the configuration for JSON Web Token (JWT) authentication. |