diff --git a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.json b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.json index 16c1d3522fc..f3452b71909 100644 --- a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.json +++ b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.json @@ -394,6 +394,7 @@ "@type": "type.googleapis.com/envoy.extensions.filters.http.jwt_authn.v3.JwtAuthentication", "providers": { "httproute/envoy-gateway-system/backend/rule/0/match/0/www_example_com/example": { + "forward": true, "remoteJwks": { "asyncFetch": {}, "cacheDuration": "300s", diff --git a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.yaml b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.yaml index 8b70c138d50..6f26675e23f 100644 --- a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.yaml +++ b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.yaml @@ -233,6 +233,7 @@ xds: '@type': type.googleapis.com/envoy.extensions.filters.http.jwt_authn.v3.JwtAuthentication providers: httproute/envoy-gateway-system/backend/rule/0/match/0/www_example_com/example: + forward: true remoteJwks: asyncFetch: {} cacheDuration: 300s diff --git a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.listener.yaml b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.listener.yaml index 273ca89e7c7..7c8a353b83c 100644 --- a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.listener.yaml +++ b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.listener.yaml @@ -48,6 +48,7 @@ xds: '@type': type.googleapis.com/envoy.extensions.filters.http.jwt_authn.v3.JwtAuthentication providers: httproute/envoy-gateway-system/backend/rule/0/match/0/www_example_com/example: + forward: true remoteJwks: asyncFetch: {} cacheDuration: 300s diff --git a/internal/xds/translator/jwt.go b/internal/xds/translator/jwt.go index 619b99b552e..ea5dd6ce28f 100644 --- a/internal/xds/translator/jwt.go +++ b/internal/xds/translator/jwt.go @@ -142,6 +142,7 @@ func buildJWTAuthn(irListener *ir.HTTPListener) (*jwtauthnv3.JwtAuthentication, JwksSourceSpecifier: remote, PayloadInMetadata: irProvider.Issuer, ClaimToHeaders: claimToHeaders, + Forward: true, } if irProvider.ExtractFrom != nil { diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-custom-extractor.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-custom-extractor.listeners.yaml index 2481c634ea7..3bd76da8af0 100644 --- a/internal/xds/translator/testdata/out/xds-ir/jwt-custom-extractor.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/jwt-custom-extractor.listeners.yaml @@ -21,6 +21,7 @@ first-route/example: audiences: - foo.com + forward: true fromCookies: - session_access_token issuer: https://www.example.com diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-multi-provider.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-multi-provider.listeners.yaml index 1eec8005ef8..23990992ee7 100755 --- a/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-multi-provider.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-multi-provider.listeners.yaml @@ -24,6 +24,7 @@ claimToHeaders: - claimName: claim.neteased.key headerName: one-route-example-key1 + forward: true issuer: https://www.example.com payloadInMetadata: https://www.example.com remoteJwks: @@ -43,6 +44,7 @@ headerName: one-route-example2-key1 - claimName: name headerName: one-route-example2-key2 + forward: true issuer: https://www.two.example.com payloadInMetadata: https://www.two.example.com remoteJwks: @@ -59,6 +61,7 @@ claimToHeaders: - claimName: claim.neteased.key headerName: second-route-example-key1 + forward: true issuer: https://www.example.com payloadInMetadata: https://www.example.com remoteJwks: @@ -73,6 +76,7 @@ audiences: - one.foo.com - two.foo.com + forward: true issuer: https://www.two.example.com payloadInMetadata: https://www.two.example.com remoteJwks: diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-single-provider.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-single-provider.listeners.yaml index 133530ef79f..bc515a98bb8 100644 --- a/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-single-provider.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-single-provider.listeners.yaml @@ -46,6 +46,7 @@ claimToHeaders: - claimName: claim.neteased.key headerName: first-route-key + forward: true issuer: https://www.example.com payloadInMetadata: https://www.example.com remoteJwks: @@ -59,6 +60,7 @@ second-route/example: audiences: - foo.com + forward: true issuer: https://www.example.com payloadInMetadata: https://www.example.com remoteJwks: diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-ratelimit.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-ratelimit.listeners.yaml index 8ff2832d64b..797be82e982 100644 --- a/internal/xds/translator/testdata/out/xds-ir/jwt-ratelimit.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/jwt-ratelimit.listeners.yaml @@ -21,6 +21,7 @@ first-route/example: audiences: - foo.com + forward: true issuer: https://www.example.com payloadInMetadata: https://www.example.com remoteJwks: diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-single-route-single-match.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-single-route-single-match.listeners.yaml index 9a095ee2e29..e268247f475 100644 --- a/internal/xds/translator/testdata/out/xds-ir/jwt-single-route-single-match.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/jwt-single-route-single-match.listeners.yaml @@ -21,6 +21,7 @@ first-route/example: audiences: - foo.com + forward: true issuer: https://www.example.com payloadInMetadata: https://www.example.com remoteJwks: