status-im
/
consul
mirror of https://github.com/status-im/consul.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

[NET-10719] Fix cluster generation for jwt clusters for external jwt providers (#21604) 

* Fix cluster generation for jwt clusters for external jwt providers

* add changelog
This commit is contained in:
John Maguire 2024-08-14 15:41:02 -04:00 committed by GitHub
parent 8555404662
commit 1fa428552b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.changelog/21604.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
api-gateway: **(Enterprise only)** ensure clusters are properly created for JWT providers with a remote URI for the JWKS endpoint
```

6
agent/xds/clusters.go
View File

@ -148,7 +148,7 @@ func (s *ResourceGenerator) clustersFromSnapshotConnectProxy(cfgSnap *proxycfg.C
// add clusters for jwt-providers // add clusters for jwt-providers
for _, prov := range cfgSnap.JWTProviders { for _, prov := range cfgSnap.JWTProviders {
//skip cluster creation for local providers // skip cluster creation for local providers
if prov.JSONWebKeySet == nil || prov.JSONWebKeySet.Remote == nil { if prov.JSONWebKeySet == nil || prov.JSONWebKeySet.Remote == nil {
continue continue
} }
@ -923,7 +923,6 @@ func (s *ResourceGenerator) injectGatewayDestinationAddons(cfgSnap *proxycfg.Con
} }
c.TransportSocket = transportSocket c.TransportSocket = transportSocket
} }
} }
return nil return nil
} }
@ -1004,6 +1003,8 @@ func (s *ResourceGenerator) clustersFromSnapshotAPIGateway(cfgSnap *proxycfg.Con
createdClusters[uid] = true createdClusters[uid] = true
} }
clusters = append(clusters, makeAPIGatewayJWKClusters(s.Logger, cfgSnap)...)
} }
return clusters, nil return clusters, nil
} }
@ -1145,7 +1146,6 @@ func (s *ResourceGenerator) makeUpstreamClusterForPeerService(
} }
upstreamsSnapshot, err := cfgSnap.ToConfigSnapshotUpstreams() upstreamsSnapshot, err := cfgSnap.ToConfigSnapshotUpstreams()
if err != nil { if err != nil {
return c, err return c, err
} }

7
agent/xds/jwt_authn_ce.go
View File

@ -8,8 +8,11 @@ package xds
import ( import (
envoy_http_jwt_authn_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/jwt_authn/v3" envoy_http_jwt_authn_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/jwt_authn/v3"
envoy_http_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" envoy_http_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3"
"google.golang.org/protobuf/proto"
"github.com/hashicorp/consul/agent/proxycfg"
"github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/agent/structs"
"github.com/hashicorp/go-hclog"
) )
type GatewayAuthFilterBuilder struct { type GatewayAuthFilterBuilder struct {
@ -22,3 +25,7 @@ type GatewayAuthFilterBuilder struct {
func (g *GatewayAuthFilterBuilder) makeGatewayAuthFilters() ([]*envoy_http_v3.HttpFilter, error) { func (g *GatewayAuthFilterBuilder) makeGatewayAuthFilters() ([]*envoy_http_v3.HttpFilter, error) {
return nil, nil return nil, nil
} }
func makeAPIGatewayJWKClusters(_ hclog.Logger, _ *proxycfg.ConfigSnapshot) []proto.Message {
return nil
}