From 84544911a76fbbcbffec731326428eafd97665f7 Mon Sep 17 00:00:00 2001
From: Tianyu Xia <tyxia@google.com>
Date: Thu, 14 Apr 2022 17:18:07 +0000
Subject: [PATCH 1/2] GCP Authentication Filter: Update the API proto for
 audience.

Signed-off-by: Tianyu Xia <tyxia@google.com>
---
 .../extensions/filters/http/gcp_authn/v3/gcp_authn.proto   | 7 +++----
 .../extensions/filters/http/gcp_authn/gcp_authn_filter.cc  | 5 +----
 .../http/gcp_authn/gcp_authn_filter_integration_test.cc    | 4 +---
 3 files changed, 5 insertions(+), 11 deletions(-)

diff --git a/api/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.proto b/api/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.proto
index 12d8d5bf540c4..7a5b13240e9f0 100644
--- a/api/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.proto
+++ b/api/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.proto
@@ -29,9 +29,8 @@ message GcpAuthnFilterConfig {
   config.core.v3.RetryPolicy retry_policy = 2;
 }
 
+// Audience is the URL of the receiving service that performs token authentication.
+// It will be provided to the filter through cluster's typed_filter_metadata.
 message Audience {
-  // The map of audience key to audience value.
-  // The key is defined as the contract with control plane in the configuration. It is fixed string "audience_key".
-  // The value is URL of the receiving service that performs token authentication.
-  map<string, string> audience_map = 1;
+  string url = 1 [(validate.rules).string = {min_len: 1}];
 }
diff --git a/source/extensions/filters/http/gcp_authn/gcp_authn_filter.cc b/source/extensions/filters/http/gcp_authn/gcp_authn_filter.cc
index 1f0db47785a23..a62ee696c8539 100644
--- a/source/extensions/filters/http/gcp_authn/gcp_authn_filter.cc
+++ b/source/extensions/filters/http/gcp_authn/gcp_authn_filter.cc
@@ -35,10 +35,7 @@ Http::FilterHeadersStatus GcpAuthnFilter::decodeHeaders(Http::RequestHeaderMap&,
     if (filter_it != filter_metadata.end()) {
       envoy::extensions::filters::http::gcp_authn::v3::Audience audience;
       MessageUtil::unpackTo(filter_it->second, audience);
-      auto it = audience.audience_map().find(std::string(AudienceKey));
-      if (it != audience.audience_map().end()) {
-        audience_str = it->second;
-      }
+      audience_str = audience.url();
     }
   }
 
diff --git a/test/extensions/filters/http/gcp_authn/gcp_authn_filter_integration_test.cc b/test/extensions/filters/http/gcp_authn/gcp_authn_filter_integration_test.cc
index 08c27e633579c..348a815e946ba 100644
--- a/test/extensions/filters/http/gcp_authn/gcp_authn_filter_integration_test.cc
+++ b/test/extensions/filters/http/gcp_authn/gcp_authn_filter_integration_test.cc
@@ -50,9 +50,7 @@ class GcpAuthnFilterIntegrationTest : public testing::TestWithParam<Network::Add
         auto cluster_0 = bootstrap.mutable_static_resources()->mutable_clusters(0);
         envoy::config::core::v3::Metadata* cluster_metadata = cluster_0->mutable_metadata();
         envoy::extensions::filters::http::gcp_authn::v3::Audience audience;
-        audience.mutable_audience_map()->insert(
-            {std::string(AudienceKey), std::string(AudienceValue)});
-
+        audience.set_url(std::string(AudienceValue));
         (*cluster_metadata->mutable_typed_filter_metadata())
             [std::string(Envoy::Extensions::HttpFilters::GcpAuthn::FilterName)]
                 .PackFrom(audience);

From 05a8f8574b9662656103fa35234c386712a25209 Mon Sep 17 00:00:00 2001
From: Tianyu Xia <tyxia@google.com>
Date: Thu, 14 Apr 2022 17:44:50 +0000
Subject: [PATCH 2/2] remove redundant variable

Signed-off-by: Tianyu Xia <tyxia@google.com>
---
 source/extensions/filters/http/gcp_authn/gcp_authn_filter.h    | 1 -
 .../extensions/filters/http/gcp_authn/gcp_authn_filter_test.cc | 3 +--
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/source/extensions/filters/http/gcp_authn/gcp_authn_filter.h b/source/extensions/filters/http/gcp_authn/gcp_authn_filter.h
index c8238a1e8448f..9ad63f7359e84 100644
--- a/source/extensions/filters/http/gcp_authn/gcp_authn_filter.h
+++ b/source/extensions/filters/http/gcp_authn/gcp_authn_filter.h
@@ -16,7 +16,6 @@ namespace HttpFilters {
 namespace GcpAuthn {
 
 inline constexpr absl::string_view FilterName = "envoy.filters.http.gcp_authn";
-inline constexpr absl::string_view AudienceKey = "audience_key";
 /**
  * All stats for the gcp authentication filter. @see stats_macros.h
  */
diff --git a/test/extensions/filters/http/gcp_authn/gcp_authn_filter_test.cc b/test/extensions/filters/http/gcp_authn/gcp_authn_filter_test.cc
index 82869a8a3d455..7c1ded8926995 100644
--- a/test/extensions/filters/http/gcp_authn/gcp_authn_filter_test.cc
+++ b/test/extensions/filters/http/gcp_authn/gcp_authn_filter_test.cc
@@ -69,8 +69,7 @@ class GcpAuthnFilterTest : public testing::Test {
     EXPECT_CALL(thread_local_cluster_, info()).WillRepeatedly(Return(cluster_info_));
     if (valid) {
       envoy::extensions::filters::http::gcp_authn::v3::Audience audience;
-      audience.mutable_audience_map()->insert(
-          {std::string(Envoy::Extensions::HttpFilters::GcpAuthn::AudienceKey), "test"});
+      audience.set_url("test");
 
       (*metadata_.mutable_typed_filter_metadata())
           [std::string(Envoy::Extensions::HttpFilters::GcpAuthn::FilterName)]