diff --git a/api/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.proto b/api/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.proto index 12d8d5bf540c4..7a5b13240e9f0 100644 --- a/api/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.proto +++ b/api/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.proto @@ -29,9 +29,8 @@ message GcpAuthnFilterConfig { config.core.v3.RetryPolicy retry_policy = 2; } +// Audience is the URL of the receiving service that performs token authentication. +// It will be provided to the filter through cluster's typed_filter_metadata. message Audience { - // The map of audience key to audience value. - // The key is defined as the contract with control plane in the configuration. It is fixed string "audience_key". - // The value is URL of the receiving service that performs token authentication. - map audience_map = 1; + string url = 1 [(validate.rules).string = {min_len: 1}]; } diff --git a/source/extensions/filters/http/gcp_authn/gcp_authn_filter.cc b/source/extensions/filters/http/gcp_authn/gcp_authn_filter.cc index 91e6a383d7e68..ac24aec8c6a41 100644 --- a/source/extensions/filters/http/gcp_authn/gcp_authn_filter.cc +++ b/source/extensions/filters/http/gcp_authn/gcp_authn_filter.cc @@ -35,10 +35,7 @@ Http::FilterHeadersStatus GcpAuthnFilter::decodeHeaders(Http::RequestHeaderMap& if (filter_it != filter_metadata.end()) { envoy::extensions::filters::http::gcp_authn::v3::Audience audience; MessageUtil::unpackTo(filter_it->second, audience); - auto it = audience.audience_map().find(std::string(AudienceKey)); - if (it != audience.audience_map().end()) { - audience_str = it->second; - } + audience_str = audience.url(); } } diff --git a/source/extensions/filters/http/gcp_authn/gcp_authn_filter.h b/source/extensions/filters/http/gcp_authn/gcp_authn_filter.h index f593263e631c6..961093eb8ddba 100644 --- a/source/extensions/filters/http/gcp_authn/gcp_authn_filter.h +++ b/source/extensions/filters/http/gcp_authn/gcp_authn_filter.h @@ -16,7 +16,6 @@ namespace HttpFilters { namespace GcpAuthn { inline constexpr absl::string_view FilterName = "envoy.filters.http.gcp_authn"; -inline constexpr absl::string_view AudienceKey = "audience_key"; inline const Envoy::Http::LowerCaseString& authorizationHeaderKey() { CONSTRUCT_ON_FIRST_USE(Envoy::Http::LowerCaseString, "Authorization"); } diff --git a/test/extensions/filters/http/gcp_authn/gcp_authn_filter_integration_test.cc b/test/extensions/filters/http/gcp_authn/gcp_authn_filter_integration_test.cc index d722fd26426b2..28a11010925f5 100644 --- a/test/extensions/filters/http/gcp_authn/gcp_authn_filter_integration_test.cc +++ b/test/extensions/filters/http/gcp_authn/gcp_authn_filter_integration_test.cc @@ -52,9 +52,7 @@ class GcpAuthnFilterIntegrationTest : public testing::TestWithParammutable_clusters(0); envoy::config::core::v3::Metadata* cluster_metadata = cluster_0->mutable_metadata(); envoy::extensions::filters::http::gcp_authn::v3::Audience audience; - audience.mutable_audience_map()->insert( - {std::string(AudienceKey), std::string(AudienceValue)}); - + audience.set_url(std::string(AudienceValue)); (*cluster_metadata->mutable_typed_filter_metadata()) [std::string(Envoy::Extensions::HttpFilters::GcpAuthn::FilterName)] .PackFrom(audience); diff --git a/test/extensions/filters/http/gcp_authn/gcp_authn_filter_test.cc b/test/extensions/filters/http/gcp_authn/gcp_authn_filter_test.cc index 82869a8a3d455..7c1ded8926995 100644 --- a/test/extensions/filters/http/gcp_authn/gcp_authn_filter_test.cc +++ b/test/extensions/filters/http/gcp_authn/gcp_authn_filter_test.cc @@ -69,8 +69,7 @@ class GcpAuthnFilterTest : public testing::Test { EXPECT_CALL(thread_local_cluster_, info()).WillRepeatedly(Return(cluster_info_)); if (valid) { envoy::extensions::filters::http::gcp_authn::v3::Audience audience; - audience.mutable_audience_map()->insert( - {std::string(Envoy::Extensions::HttpFilters::GcpAuthn::AudienceKey), "test"}); + audience.set_url("test"); (*metadata_.mutable_typed_filter_metadata()) [std::string(Envoy::Extensions::HttpFilters::GcpAuthn::FilterName)]