GCP Authentication Filter: Update the API proto for audience.

api/envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.proto

@@ -29,9 +29,8 @@ message GcpAuthnFilterConfig {
   config.core.v3.RetryPolicy retry_policy = 2;
 }
 
+// Audience is the URL of the receiving service that performs token authentication.
+// It will be provided to the filter through cluster's typed_filter_metadata.
 message Audience {
-  // The map of audience key to audience value.
-  // The key is defined as the contract with control plane in the configuration. It is fixed string "audience_key".
-  // The value is URL of the receiving service that performs token authentication.
-  map<string, string> audience_map = 1;
+  string url = 1 [(validate.rules).string = {min_len: 1}];
 }

source/extensions/filters/http/gcp_authn/gcp_authn_filter.cc

@@ -35,10 +35,7 @@ Http::FilterHeadersStatus GcpAuthnFilter::decodeHeaders(Http::RequestHeaderMap&
     if (filter_it != filter_metadata.end()) {
       envoy::extensions::filters::http::gcp_authn::v3::Audience audience;
       MessageUtil::unpackTo(filter_it->second, audience);
-      auto it = audience.audience_map().find(std::string(AudienceKey));
-      if (it != audience.audience_map().end()) {
-        audience_str = it->second;
-      }
+      audience_str = audience.url();
     }
   }
 

source/extensions/filters/http/gcp_authn/gcp_authn_filter.h

@@ -16,7 +16,6 @@ namespace HttpFilters {
 namespace GcpAuthn {
 
 inline constexpr absl::string_view FilterName = "envoy.filters.http.gcp_authn";
-inline constexpr absl::string_view AudienceKey = "audience_key";
 inline const Envoy::Http::LowerCaseString& authorizationHeaderKey() {
   CONSTRUCT_ON_FIRST_USE(Envoy::Http::LowerCaseString, "Authorization");
 }

test/extensions/filters/http/gcp_authn/gcp_authn_filter_integration_test.cc

@@ -52,9 +52,7 @@ class GcpAuthnFilterIntegrationTest : public testing::TestWithParam<Network::Add
         auto cluster_0 = bootstrap.mutable_static_resources()->mutable_clusters(0);
         envoy::config::core::v3::Metadata* cluster_metadata = cluster_0->mutable_metadata();
         envoy::extensions::filters::http::gcp_authn::v3::Audience audience;
-        audience.mutable_audience_map()->insert(
-            {std::string(AudienceKey), std::string(AudienceValue)});
-
+        audience.set_url(std::string(AudienceValue));
         (*cluster_metadata->mutable_typed_filter_metadata())
             [std::string(Envoy::Extensions::HttpFilters::GcpAuthn::FilterName)]
                 .PackFrom(audience);

test/extensions/filters/http/gcp_authn/gcp_authn_filter_test.cc

@@ -69,8 +69,7 @@ class GcpAuthnFilterTest : public testing::Test {
     EXPECT_CALL(thread_local_cluster_, info()).WillRepeatedly(Return(cluster_info_));
     if (valid) {
       envoy::extensions::filters::http::gcp_authn::v3::Audience audience;
-      audience.mutable_audience_map()->insert(
-          {std::string(Envoy::Extensions::HttpFilters::GcpAuthn::AudienceKey), "test"});
+      audience.set_url("test");
 
       (*metadata_.mutable_typed_filter_metadata())
           [std::string(Envoy::Extensions::HttpFilters::GcpAuthn::FilterName)]