From 8a62c28de35fd9620615c276b36f762cece5d296 Mon Sep 17 00:00:00 2001 From: John Murret Date: Fri, 3 Nov 2023 16:01:15 -0600 Subject: [PATCH] migrate jwt provider tests to resources_test.go --- agent/xds/clusters_test.go | 61 ------ agent/xds/resources_test.go | 67 +++++++ ...-jwt-config-entry-with-local.latest.golden | 75 +++++++ ...onfig-entry-with-remote-jwks.latest.golden | 75 +++++++ ...-jwt-config-entry-with-local.latest.golden | 187 ++---------------- ...onfig-entry-with-remote-jwks.latest.golden | 115 +++++++++++ ...-jwt-config-entry-with-local.latest.golden | 5 + ...onfig-entry-with-remote-jwks.latest.golden | 5 + ...-jwt-config-entry-with-local.latest.golden | 5 + ...onfig-entry-with-remote-jwks.latest.golden | 5 + 10 files changed, 364 insertions(+), 236 deletions(-) create mode 100644 agent/xds/testdata/endpoints/connect-proxy-with-jwt-config-entry-with-local.latest.golden create mode 100644 agent/xds/testdata/endpoints/connect-proxy-with-jwt-config-entry-with-remote-jwks.latest.golden create mode 100644 agent/xds/testdata/listeners/connect-proxy-with-jwt-config-entry-with-remote-jwks.latest.golden create mode 100644 agent/xds/testdata/routes/connect-proxy-with-jwt-config-entry-with-local.latest.golden create mode 100644 agent/xds/testdata/routes/connect-proxy-with-jwt-config-entry-with-remote-jwks.latest.golden create mode 100644 agent/xds/testdata/secrets/connect-proxy-with-jwt-config-entry-with-local.latest.golden create mode 100644 agent/xds/testdata/secrets/connect-proxy-with-jwt-config-entry-with-remote-jwks.latest.golden diff --git a/agent/xds/clusters_test.go b/agent/xds/clusters_test.go index 264caf9e75b86..fe493fa51ae11 100644 --- a/agent/xds/clusters_test.go +++ b/agent/xds/clusters_test.go @@ -145,67 +145,6 @@ func TestClustersFromSnapshot(t *testing.T) { }, alsoRunTestForV2: true, }, - { - name: "connect-proxy-with-jwt-config-entry-with-local", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, nil, []proxycfg.UpdateEvent{ - { - CorrelationID: "jwt-provider", - Result: &structs.IndexedConfigEntries{ - Kind: "jwt-provider", - Entries: []structs.ConfigEntry{ - &structs.JWTProviderConfigEntry{ - Name: "okta", - JSONWebKeySet: &structs.JSONWebKeySet{ - Local: &structs.LocalJWKS{ - JWKS: "xxx", - }, - }, - }, - }, - }, - }, - }) - }, - // TODO(proxystate): jwt work will come at a later time - alsoRunTestForV2: false, - }, - { - name: "connect-proxy-with-jwt-config-entry-with-remote-jwks", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, nil, []proxycfg.UpdateEvent{ - { - CorrelationID: "jwt-provider", - Result: &structs.IndexedConfigEntries{ - Kind: "jwt-provider", - Entries: []structs.ConfigEntry{ - &structs.JWTProviderConfigEntry{ - Name: "okta", - JSONWebKeySet: &structs.JSONWebKeySet{ - Remote: &structs.RemoteJWKS{ - RequestTimeoutMs: 1000, - FetchAsynchronously: true, - URI: "https://test.test.com", - JWKSCluster: &structs.JWKSCluster{ - DiscoveryType: structs.DiscoveryTypeStatic, - ConnectTimeout: time.Duration(5) * time.Second, - TLSCertificates: &structs.JWKSTLSCertificate{ - TrustedCA: &structs.JWKSTLSCertTrustedCA{ - Filename: "mycert.crt", - }, - }, - }, - }, - }, - }, - }, - }, - }, - }) - }, - // TODO(proxystate): jwt work will come at a later time - alsoRunTestForV2: false, - }, { name: "custom-local-app", create: func(t testinf.T) *proxycfg.ConfigSnapshot { diff --git a/agent/xds/resources_test.go b/agent/xds/resources_test.go index 7ee332be08687..d3527c4d40fcc 100644 --- a/agent/xds/resources_test.go +++ b/agent/xds/resources_test.go @@ -278,6 +278,7 @@ func TestAllResourcesFromSnapshot(t *testing.T) { tests = append(tests, getEnterpriseGoldenTestCases(t)...) tests = append(tests, getAPIGatewayGoldenTestCases(t)...) tests = append(tests, getExposePathGoldenTestCases()...) + tests = append(tests, getConnectProxyJWTProviderGoldenTestCases()...) latestEnvoyVersion := xdscommon.EnvoyVersions[0] for _, envoyVersion := range xdscommon.EnvoyVersions { @@ -1141,3 +1142,69 @@ func getExposePathGoldenTestCases() []goldenTestCase { }, } } + +func getConnectProxyJWTProviderGoldenTestCases() []goldenTestCase { + return []goldenTestCase{ + { + name: "connect-proxy-with-jwt-config-entry-with-local", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, nil, []proxycfg.UpdateEvent{ + { + CorrelationID: "jwt-provider", + Result: &structs.IndexedConfigEntries{ + Kind: "jwt-provider", + Entries: []structs.ConfigEntry{ + &structs.JWTProviderConfigEntry{ + Name: "okta", + JSONWebKeySet: &structs.JSONWebKeySet{ + Local: &structs.LocalJWKS{ + JWKS: "xxx", + }, + }, + }, + }, + }, + }, + }) + }, + // TODO(proxystate): jwt work will come at a later time + alsoRunTestForV2: false, + }, + { + name: "connect-proxy-with-jwt-config-entry-with-remote-jwks", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, nil, []proxycfg.UpdateEvent{ + { + CorrelationID: "jwt-provider", + Result: &structs.IndexedConfigEntries{ + Kind: "jwt-provider", + Entries: []structs.ConfigEntry{ + &structs.JWTProviderConfigEntry{ + Name: "okta", + JSONWebKeySet: &structs.JSONWebKeySet{ + Remote: &structs.RemoteJWKS{ + RequestTimeoutMs: 1000, + FetchAsynchronously: true, + URI: "https://test.test.com", + JWKSCluster: &structs.JWKSCluster{ + DiscoveryType: structs.DiscoveryTypeStatic, + ConnectTimeout: time.Duration(5) * time.Second, + TLSCertificates: &structs.JWKSTLSCertificate{ + TrustedCA: &structs.JWKSTLSCertTrustedCA{ + Filename: "mycert.crt", + }, + }, + }, + }, + }, + }, + }, + }, + }, + }) + }, + // TODO(proxystate): jwt work will come at a later time + alsoRunTestForV2: false, + }, + } +} diff --git a/agent/xds/testdata/endpoints/connect-proxy-with-jwt-config-entry-with-local.latest.golden b/agent/xds/testdata/endpoints/connect-proxy-with-jwt-config-entry-with-local.latest.golden new file mode 100644 index 0000000000000..b4372a3439e81 --- /dev/null +++ b/agent/xds/testdata/endpoints/connect-proxy-with-jwt-config-entry-with-local.latest.golden @@ -0,0 +1,75 @@ +{ + "nonce": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "10.10.1.1", + "portValue": 8080 + } + } + }, + "healthStatus": "HEALTHY", + "loadBalancingWeight": 1 + }, + { + "endpoint": { + "address": { + "socketAddress": { + "address": "10.10.1.2", + "portValue": 8080 + } + } + }, + "healthStatus": "HEALTHY", + "loadBalancingWeight": 1 + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "10.10.1.1", + "portValue": 8080 + } + } + }, + "healthStatus": "HEALTHY", + "loadBalancingWeight": 1 + }, + { + "endpoint": { + "address": { + "socketAddress": { + "address": "10.20.1.2", + "portValue": 8080 + } + } + }, + "healthStatus": "HEALTHY", + "loadBalancingWeight": 1 + } + ] + } + ] + } + ], + "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "versionInfo": "00000001" +} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/connect-proxy-with-jwt-config-entry-with-remote-jwks.latest.golden b/agent/xds/testdata/endpoints/connect-proxy-with-jwt-config-entry-with-remote-jwks.latest.golden new file mode 100644 index 0000000000000..b4372a3439e81 --- /dev/null +++ b/agent/xds/testdata/endpoints/connect-proxy-with-jwt-config-entry-with-remote-jwks.latest.golden @@ -0,0 +1,75 @@ +{ + "nonce": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "10.10.1.1", + "portValue": 8080 + } + } + }, + "healthStatus": "HEALTHY", + "loadBalancingWeight": 1 + }, + { + "endpoint": { + "address": { + "socketAddress": { + "address": "10.10.1.2", + "portValue": 8080 + } + } + }, + "healthStatus": "HEALTHY", + "loadBalancingWeight": 1 + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "10.10.1.1", + "portValue": 8080 + } + } + }, + "healthStatus": "HEALTHY", + "loadBalancingWeight": 1 + }, + { + "endpoint": { + "address": { + "socketAddress": { + "address": "10.20.1.2", + "portValue": 8080 + } + } + }, + "healthStatus": "HEALTHY", + "loadBalancingWeight": 1 + } + ] + } + ] + } + ], + "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "versionInfo": "00000001" +} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/connect-proxy-with-jwt-config-entry-with-local.latest.golden b/agent/xds/testdata/listeners/connect-proxy-with-jwt-config-entry-with-local.latest.golden index e543143959774..0254a224d513b 100644 --- a/agent/xds/testdata/listeners/connect-proxy-with-jwt-config-entry-with-local.latest.golden +++ b/agent/xds/testdata/listeners/connect-proxy-with-jwt-config-entry-with-local.latest.golden @@ -63,179 +63,19 @@ { "filters": [ { - "name": "envoy.filters.network.http_connection_manager", + "name": "envoy.filters.network.rbac", "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "forwardClientCertDetails": "APPEND_FORWARD", - "httpFilters": [ - { - "name": "envoy.filters.http.jwt_authn", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.jwt_authn.v3.JwtAuthentication", - "providers": { - "okta": { - "fromCookies": [ - "token" - ], - "fromParams": [ - "token" - ], - "localJwks": { - "inlineString": "hello world\n" - }, - "payloadInMetadata": "jwt_payload_okta" - } - }, - "rules": [ - { - "match": { - "prefix": "/" - }, - "requires": { - "requiresAny": { - "requirements": [ - { - "providerName": "okta" - }, - { - "allowMissingOrFailed": {} - } - ] - } - } - } - ] - } - }, - { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": {} - } - }, - { - "name": "envoy.filters.http.header_to_metadata", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config", - "requestRules": [ - { - "header": "x-forwarded-client-cert", - "onHeaderPresent": { - "key": "trust-domain", - "metadataNamespace": "consul", - "regexValueRewrite": { - "pattern": { - "googleRe2": {}, - "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" - }, - "substitution": "\\1" - } - } - }, - { - "header": "x-forwarded-client-cert", - "onHeaderPresent": { - "key": "partition", - "metadataNamespace": "consul", - "regexValueRewrite": { - "pattern": { - "googleRe2": {}, - "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" - }, - "substitution": "\\2" - } - } - }, - { - "header": "x-forwarded-client-cert", - "onHeaderPresent": { - "key": "namespace", - "metadataNamespace": "consul", - "regexValueRewrite": { - "pattern": { - "googleRe2": {}, - "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" - }, - "substitution": "\\3" - } - } - }, - { - "header": "x-forwarded-client-cert", - "onHeaderPresent": { - "key": "datacenter", - "metadataNamespace": "consul", - "regexValueRewrite": { - "pattern": { - "googleRe2": {}, - "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" - }, - "substitution": "\\4" - } - } - }, - { - "header": "x-forwarded-client-cert", - "onHeaderPresent": { - "key": "service", - "metadataNamespace": "consul", - "regexValueRewrite": { - "pattern": { - "googleRe2": {}, - "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" - }, - "substitution": "\\5" - } - } - } - ] - } - }, - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "routeConfig": { - "name": "public_listener", - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "local_app" - } - } - ] - } - ] - }, - "setCurrentClientCertDetails": { - "cert": true, - "chain": true, - "dns": true, - "subject": true, - "uri": true - }, - "statPrefix": "public_listener", - "tracing": { - "randomSampling": {} - }, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": {}, + "statPrefix": "connect_authz" + } + }, + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "cluster": "local_app", + "statPrefix": "public_listener" } } ], @@ -244,9 +84,6 @@ "typedConfig": { "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "commonTlsContext": { - "alpnProtocols": [ - "http/1.1" - ], "tlsCertificates": [ { "certificateChain": { diff --git a/agent/xds/testdata/listeners/connect-proxy-with-jwt-config-entry-with-remote-jwks.latest.golden b/agent/xds/testdata/listeners/connect-proxy-with-jwt-config-entry-with-remote-jwks.latest.golden new file mode 100644 index 0000000000000..0254a224d513b --- /dev/null +++ b/agent/xds/testdata/listeners/connect-proxy-with-jwt-config-entry-with-remote-jwks.latest.golden @@ -0,0 +1,115 @@ +{ + "nonce": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 9191 + } + }, + "filterChains": [ + { + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "statPrefix": "upstream.db.default.default.dc1" + } + } + ] + } + ], + "name": "db:127.0.0.1:9191", + "trafficDirection": "OUTBOUND" + }, + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "address": { + "socketAddress": { + "address": "127.10.10.10", + "portValue": 8181 + } + }, + "filterChains": [ + { + "filters": [ + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", + "statPrefix": "upstream.prepared_query_geo-cache" + } + } + ] + } + ], + "name": "prepared_query:geo-cache:127.10.10.10:8181", + "trafficDirection": "OUTBOUND" + }, + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "address": { + "socketAddress": { + "address": "0.0.0.0", + "portValue": 9999 + } + }, + "filterChains": [ + { + "filters": [ + { + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": {}, + "statPrefix": "connect_authz" + } + }, + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "cluster": "local_app", + "statPrefix": "public_listener" + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "tlsParams": {}, + "validationContext": { + "trustedCa": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" + } + } + }, + "requireClientCertificate": true + } + } + } + ], + "name": "public_listener:0.0.0.0:9999", + "trafficDirection": "INBOUND" + } + ], + "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", + "versionInfo": "00000001" +} \ No newline at end of file diff --git a/agent/xds/testdata/routes/connect-proxy-with-jwt-config-entry-with-local.latest.golden b/agent/xds/testdata/routes/connect-proxy-with-jwt-config-entry-with-local.latest.golden new file mode 100644 index 0000000000000..8b919343d21a9 --- /dev/null +++ b/agent/xds/testdata/routes/connect-proxy-with-jwt-config-entry-with-local.latest.golden @@ -0,0 +1,5 @@ +{ + "nonce": "00000001", + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "versionInfo": "00000001" +} \ No newline at end of file diff --git a/agent/xds/testdata/routes/connect-proxy-with-jwt-config-entry-with-remote-jwks.latest.golden b/agent/xds/testdata/routes/connect-proxy-with-jwt-config-entry-with-remote-jwks.latest.golden new file mode 100644 index 0000000000000..8b919343d21a9 --- /dev/null +++ b/agent/xds/testdata/routes/connect-proxy-with-jwt-config-entry-with-remote-jwks.latest.golden @@ -0,0 +1,5 @@ +{ + "nonce": "00000001", + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "versionInfo": "00000001" +} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/connect-proxy-with-jwt-config-entry-with-local.latest.golden b/agent/xds/testdata/secrets/connect-proxy-with-jwt-config-entry-with-local.latest.golden new file mode 100644 index 0000000000000..82e45650658b4 --- /dev/null +++ b/agent/xds/testdata/secrets/connect-proxy-with-jwt-config-entry-with-local.latest.golden @@ -0,0 +1,5 @@ +{ + "nonce": "00000001", + "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", + "versionInfo": "00000001" +} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/connect-proxy-with-jwt-config-entry-with-remote-jwks.latest.golden b/agent/xds/testdata/secrets/connect-proxy-with-jwt-config-entry-with-remote-jwks.latest.golden new file mode 100644 index 0000000000000..82e45650658b4 --- /dev/null +++ b/agent/xds/testdata/secrets/connect-proxy-with-jwt-config-entry-with-remote-jwks.latest.golden @@ -0,0 +1,5 @@ +{ + "nonce": "00000001", + "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", + "versionInfo": "00000001" +} \ No newline at end of file