address comments

Signed-off-by: huabing zhao <[email protected]>
envoyproxy · Dec 22, 2023 · 7e4cc0d · 7e4cc0d
1 parent ed175d2
commit 7e4cc0d
Show file tree

Hide file tree

Showing 3 changed files with 52 additions and 28 deletions.
diff --git a/internal/xds/translator/testdata/in/xds-ir/jwt-multi-route-multi-provider.yaml b/internal/xds/translator/testdata/in/xds-ir/jwt-multi-route-multi-provider.yaml
@@ -16,17 +16,17 @@ http:
         audiences:
         - foo.com
         remoteJWKS:
-          uri: https://localhost/jwt/public-key/jwks.json
+          uri: http://localhost/jwt/public-key/jwks.json
         claimToHeaders:
         - header: one-route-example-key1
           claim: claim.neteased.key
       - name: example2
-        issuer: http://www.two.example.com
+        issuer: https://www.two.example.com
         audiences:
         - one.foo.com
         - two.foo.com
         remoteJWKS:
-          uri: http://192.168.1.250:8080/jwt/public-key/jwks.json
+          uri: https://192.168.1.250:8080/jwt/public-key/jwks.json
         claimToHeaders:
         - header: one-route-example2-key1
           claim: claim.neteased.key
@@ -49,17 +49,17 @@ http:
         audiences:
         - foo.com
         remoteJWKS:
-          uri: https://localhost/jwt/public-key/jwks.json
+          uri: http://ejwks.json
         claimToHeaders:
         - header: second-route-example-key1
           claim: claim.neteased.key
       - name: example2
-        issuer: http://www.two.example.com
+        issuer: https://www.two.example.com
         audiences:
         - one.foo.com
         - two.foo.com
         remoteJWKS:
-          uri: http://192.168.1.250:8080/jwt/public-key/jwks.json
+          uri: https://192.168.1.250:8080/jwt/public-key/jwks.json
     destination:
       name: "second-route-www.test.com-dest"
       settings:

diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-multi-provider.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-multi-provider.clusters.yaml
@@ -33,30 +33,22 @@
   dnsRefreshRate: 30s
   lbPolicy: LEAST_REQUEST
   loadAssignment:
-    clusterName: localhost_443
+    clusterName: localhost_80
     endpoints:
     - lbEndpoints:
       - endpoint:
           address:
             socketAddress:
               address: localhost
-              portValue: 443
+              portValue: 80
         loadBalancingWeight: 1
       loadBalancingWeight: 1
       locality:
-        region: localhost_443/backend/0
-  name: localhost_443
+        region: localhost_80/backend/0
+  name: localhost_80
   outlierDetection: {}
   perConnectionBufferLimitBytes: 32768
   respectDnsTtl: true
-  transportSocket:
-    name: envoy.transport_sockets.tls
-    typedConfig:
-      '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
-      commonTlsContext:
-        validationContext:
-          trustedCa:
-            filename: /etc/ssl/certs/ca-certificates.crt
   type: STRICT_DNS
 - commonLbConfig:
     localityWeightedLbConfig: {}
@@ -71,4 +63,36 @@
   name: "192_168_1_250_8080"
   outlierDetection: {}
   perConnectionBufferLimitBytes: 32768
+  transportSocket:
+    name: envoy.transport_sockets.tls
+    typedConfig:
+      '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
+      commonTlsContext:
+        validationContext:
+          trustedCa:
+            filename: /etc/ssl/certs/ca-certificates.crt
   type: EDS
+- commonLbConfig:
+    localityWeightedLbConfig: {}
+  connectTimeout: 10s
+  dnsLookupFamily: V4_ONLY
+  dnsRefreshRate: 30s
+  lbPolicy: LEAST_REQUEST
+  loadAssignment:
+    clusterName: ejwks_json_80
+    endpoints:
+    - lbEndpoints:
+      - endpoint:
+          address:
+            socketAddress:
+              address: ejwks.json
+              portValue: 80
+        loadBalancingWeight: 1
+      loadBalancingWeight: 1
+      locality:
+        region: ejwks_json_80/backend/0
+  name: ejwks_json_80
+  outlierDetection: {}
+  perConnectionBufferLimitBytes: 32768
+  respectDnsTtl: true
+  type: STRICT_DNS
diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-multi-provider.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-multi-provider.listeners.yaml
@@ -31,9 +31,9 @@
                   asyncFetch: {}
                   cacheDuration: 300s
                   httpUri:
-                    cluster: localhost_443
+                    cluster: localhost_80
                     timeout: 5s
-                    uri: https://localhost/jwt/public-key/jwks.json
+                    uri: http://localhost/jwt/public-key/jwks.json
                   retryPolicy: {}
               first-route-www.test.com/example2:
                 audiences:
@@ -45,15 +45,15 @@
                 - claimName: name
                   headerName: one-route-example2-key2
                 forward: true
-                issuer: http://www.two.example.com
-                payloadInMetadata: http://www.two.example.com
+                issuer: https://www.two.example.com
+                payloadInMetadata: https://www.two.example.com
                 remoteJwks:
                   asyncFetch: {}
                   cacheDuration: 300s
                   httpUri:
                     cluster: "192_168_1_250_8080"
                     timeout: 5s
-                    uri: http://192.168.1.250:8080/jwt/public-key/jwks.json
+                    uri: https://192.168.1.250:8080/jwt/public-key/jwks.json
                   retryPolicy: {}
               second-route-www.test.com/example:
                 audiences:
@@ -68,24 +68,24 @@
                   asyncFetch: {}
                   cacheDuration: 300s
                   httpUri:
-                    cluster: localhost_443
+                    cluster: ejwks_json_80
                     timeout: 5s
-                    uri: https://localhost/jwt/public-key/jwks.json
+                    uri: http://ejwks.json
                   retryPolicy: {}
               second-route-www.test.com/example2:
                 audiences:
                 - one.foo.com
                 - two.foo.com
                 forward: true
-                issuer: http://www.two.example.com
-                payloadInMetadata: http://www.two.example.com
+                issuer: https://www.two.example.com
+                payloadInMetadata: https://www.two.example.com
                 remoteJwks:
                   asyncFetch: {}
                   cacheDuration: 300s
                   httpUri:
                     cluster: "192_168_1_250_8080"
                     timeout: 5s
-                    uri: http://192.168.1.250:8080/jwt/public-key/jwks.json
+                    uri: https://192.168.1.250:8080/jwt/public-key/jwks.json
                   retryPolicy: {}
             requirementMap:
               first-route-www.test.com: