diff --git a/source/extensions/filters/http/jwt_authn/filter.cc b/source/extensions/filters/http/jwt_authn/filter.cc index 5f49c826d41e2..57e4e4347b788 100644 --- a/source/extensions/filters/http/jwt_authn/filter.cc +++ b/source/extensions/filters/http/jwt_authn/filter.cc @@ -26,12 +26,12 @@ Http::FilterHeadersStatus Filter::decodeHeaders(Http::HeaderMap& headers, bool) state_ = Calling; stopped_ = false; // Verify the JWT token, onComplete() will be called when completed. - auto matcher = config_->findMatcher(headers); - if (!matcher) { + const auto* verifier = config_->findVerifier(headers); + if (!verifier) { onComplete(Status::Ok); } else { context_ = Verifier::createContext(headers, this); - matcher->verifier()->verify(context_); + verifier->verify(context_); } if (state_ == Complete) { diff --git a/source/extensions/filters/http/jwt_authn/filter_config.h b/source/extensions/filters/http/jwt_authn/filter_config.h index 0a71374c8588a..da286c966ab62 100644 --- a/source/extensions/filters/http/jwt_authn/filter_config.h +++ b/source/extensions/filters/http/jwt_authn/filter_config.h @@ -6,6 +6,7 @@ #include "envoy/thread_local/thread_local.h" #include "extensions/filters/http/jwt_authn/matcher.h" +#include "extensions/filters/http/jwt_authn/verifier.h" namespace Envoy { namespace Extensions { @@ -71,8 +72,9 @@ class FilterConfig : public Logger::Loggable, public AuthFac extractor_ = Extractor::create(proto_config_); for (const auto& rule : proto_config_.rules()) { - rule_matchers_.push_back( - Matcher::create(rule, proto_config_.providers(), *this, getExtractor())); + rule_pairs_.emplace_back( + Matcher::create(rule), + Verifier::create(rule.requires(), proto_config_.providers(), *this, getExtractor())); } } @@ -94,10 +96,10 @@ class FilterConfig : public Logger::Loggable, public AuthFac const Extractor& getExtractor() const { return *extractor_; } // Finds the matcher that matched the header - virtual const MatcherConstSharedPtr findMatcher(const Http::HeaderMap& headers) const { - for (const auto& matcher : rule_matchers_) { - if (matcher->matches(headers)) { - return matcher; + virtual const Verifier* findVerifier(const Http::HeaderMap& headers) const { + for (const auto& pair : rule_pairs_) { + if (pair.matcher_->matches(headers)) { + return pair.verifier_.get(); } } return nullptr; @@ -117,6 +119,13 @@ class FilterConfig : public Logger::Loggable, public AuthFac return {ALL_JWT_AUTHN_FILTER_STATS(POOL_COUNTER_PREFIX(scope, final_prefix))}; } + struct MatcherVerifierPair { + MatcherVerifierPair(MatcherConstPtr matcher, VerifierConstPtr verifier) + : matcher_(std::move(matcher)), verifier_(std::move(verifier)) {} + MatcherConstPtr matcher_; + VerifierConstPtr verifier_; + }; + // The proto config. ::envoy::config::filter::http::jwt_authn::v2alpha::JwtAuthentication proto_config_; // The stats for the filter. @@ -128,7 +137,7 @@ class FilterConfig : public Logger::Loggable, public AuthFac // The object to extract tokens. ExtractorConstPtr extractor_; // The list of rule matchers. - std::vector rule_matchers_; + std::vector rule_pairs_; TimeSource& time_source_; }; typedef std::shared_ptr FilterConfigSharedPtr; diff --git a/source/extensions/filters/http/jwt_authn/matcher.cc b/source/extensions/filters/http/jwt_authn/matcher.cc index ee500c9de3cb1..252bc330d739a 100644 --- a/source/extensions/filters/http/jwt_authn/matcher.cc +++ b/source/extensions/filters/http/jwt_authn/matcher.cc @@ -1,5 +1,6 @@ #include "extensions/filters/http/jwt_authn/matcher.h" +#include "common/common/logger.h" #include "common/router/config_impl.h" #include "absl/strings/match.h" @@ -20,9 +21,7 @@ namespace { */ class BaseMatcherImpl : public Matcher, public Logger::Loggable { public: - BaseMatcherImpl(const RequirementRule& rule, - const Protobuf::Map& providers, - const AuthFactory& factory, const Extractor& extractor) + BaseMatcherImpl(const RequirementRule& rule) : case_sensitive_(PROTOBUF_GET_WRAPPED_OR_DEFAULT(rule.match(), case_sensitive, true)) { for (const auto& header_map : rule.match().headers()) { @@ -32,8 +31,6 @@ class BaseMatcherImpl : public Matcher, public Logger::Loggable config_headers_; std::vector config_query_parameters_; - VerifierPtr verifier_; }; /** @@ -66,10 +60,8 @@ class BaseMatcherImpl : public Matcher, public Logger::Loggable& providers, - const AuthFactory& factory, const Extractor& extractor) - : BaseMatcherImpl(rule, providers, factory, extractor), prefix_(rule.match().prefix()) {} + PrefixMatcherImpl(const RequirementRule& rule) + : BaseMatcherImpl(rule), prefix_(rule.match().prefix()) {} bool matches(const Http::HeaderMap& headers) const override { if (BaseMatcherImpl::matchRoute(headers) && @@ -92,10 +84,8 @@ class PrefixMatcherImpl : public BaseMatcherImpl { */ class PathMatcherImpl : public BaseMatcherImpl { public: - PathMatcherImpl(const RequirementRule& rule, - const Protobuf::Map& providers, - const AuthFactory& factory, const Extractor& extractor) - : BaseMatcherImpl(rule, providers, factory, extractor), path_(rule.match().path()) {} + PathMatcherImpl(const RequirementRule& rule) + : BaseMatcherImpl(rule), path_(rule.match().path()) {} bool matches(const Http::HeaderMap& headers) const override { if (BaseMatcherImpl::matchRoute(headers)) { @@ -122,11 +112,9 @@ class PathMatcherImpl : public BaseMatcherImpl { */ class RegexMatcherImpl : public BaseMatcherImpl { public: - RegexMatcherImpl(const RequirementRule& rule, - const Protobuf::Map& providers, - const AuthFactory& factory, const Extractor& extractor) - : BaseMatcherImpl(rule, providers, factory, extractor), - regex_(RegexUtil::parseRegex(rule.match().regex())), regex_str_(rule.match().regex()) {} + RegexMatcherImpl(const RequirementRule& rule) + : BaseMatcherImpl(rule), regex_(RegexUtil::parseRegex(rule.match().regex())), + regex_str_(rule.match().regex()) {} bool matches(const Http::HeaderMap& headers) const override { if (BaseMatcherImpl::matchRoute(headers)) { @@ -149,17 +137,14 @@ class RegexMatcherImpl : public BaseMatcherImpl { } // namespace -MatcherConstSharedPtr -Matcher::create(const RequirementRule& rule, - const Protobuf::Map& providers, - const AuthFactory& factory, const Extractor& extractor) { +MatcherConstPtr Matcher::create(const RequirementRule& rule) { switch (rule.match().path_specifier_case()) { case RouteMatch::PathSpecifierCase::kPrefix: - return std::make_shared(rule, providers, factory, extractor); + return std::make_unique(rule); case RouteMatch::PathSpecifierCase::kPath: - return std::make_shared(rule, providers, factory, extractor); + return std::make_unique(rule); case RouteMatch::PathSpecifierCase::kRegex: - return std::make_shared(rule, providers, factory, extractor); + return std::make_unique(rule); // path specifier is required. case RouteMatch::PathSpecifierCase::PATH_SPECIFIER_NOT_SET: default: diff --git a/source/extensions/filters/http/jwt_authn/matcher.h b/source/extensions/filters/http/jwt_authn/matcher.h index ebbc87d3a406a..af7104729bb80 100644 --- a/source/extensions/filters/http/jwt_authn/matcher.h +++ b/source/extensions/filters/http/jwt_authn/matcher.h @@ -1,16 +1,15 @@ #pragma once +#include "envoy/config/filter/http/jwt_authn/v2alpha/config.pb.h" #include "envoy/http/header_map.h" -#include "extensions/filters/http/jwt_authn/verifier.h" - namespace Envoy { namespace Extensions { namespace HttpFilters { namespace JwtAuthn { class Matcher; -typedef std::shared_ptr MatcherConstSharedPtr; +typedef std::unique_ptr MatcherConstPtr; /** * Supports matching a HTTP requests with JWT requirements. @@ -28,27 +27,14 @@ class Matcher { */ virtual bool matches(const Http::HeaderMap& headers) const PURE; - /** - * Returns the configured verifier for this route. - * - * @return reference to verifier pointer. - */ - virtual const VerifierPtr& verifier() const PURE; - /** * Factory method to create a shared instance of a matcher based on the rule defined. * * @param rule the proto rule match message. - * @param providers the provider name to config map - * @param factory the Authenticator factory * @return the matcher instance. */ - static MatcherConstSharedPtr - create(const ::envoy::config::filter::http::jwt_authn::v2alpha::RequirementRule& rule, - const Protobuf::Map& - providers, - const AuthFactory& factory, const Extractor& extractor); + static MatcherConstPtr + create(const ::envoy::config::filter::http::jwt_authn::v2alpha::RequirementRule& rule); }; } // namespace JwtAuthn diff --git a/source/extensions/filters/http/jwt_authn/verifier.cc b/source/extensions/filters/http/jwt_authn/verifier.cc index 3ade939f75600..9b73a81453ef9 100644 --- a/source/extensions/filters/http/jwt_authn/verifier.cc +++ b/source/extensions/filters/http/jwt_authn/verifier.cc @@ -179,10 +179,10 @@ class AllowFailedVerifierImpl : public BaseVerifierImpl { const Extractor& extractor_; }; -VerifierPtr innerCreate(const JwtRequirement& requirement, - const Protobuf::Map& providers, - const AuthFactory& factory, const Extractor& extractor, - const BaseVerifierImpl* parent); +VerifierConstPtr innerCreate(const JwtRequirement& requirement, + const Protobuf::Map& providers, + const AuthFactory& factory, const Extractor& extractor, + const BaseVerifierImpl* parent); // Base verifier for requires all or any. class BaseGroupVerifierImpl : public BaseVerifierImpl { @@ -201,7 +201,7 @@ class BaseGroupVerifierImpl : public BaseVerifierImpl { protected: // The list of requirement verifiers - std::vector verifiers_; + std::vector verifiers_; }; // Requires any verifier. @@ -264,10 +264,10 @@ class AllowAllVerifierImpl : public BaseVerifierImpl { } }; -VerifierPtr innerCreate(const JwtRequirement& requirement, - const Protobuf::Map& providers, - const AuthFactory& factory, const Extractor& extractor_for_allow_fail, - const BaseVerifierImpl* parent) { +VerifierConstPtr innerCreate(const JwtRequirement& requirement, + const Protobuf::Map& providers, + const AuthFactory& factory, const Extractor& extractor_for_allow_fail, + const BaseVerifierImpl* parent) { std::string provider_name; std::vector audiences; switch (requirement.requires_type_case()) { @@ -311,10 +311,10 @@ ContextSharedPtr Verifier::createContext(Http::HeaderMap& headers, Callbacks* ca return std::make_shared(headers, callback); } -VerifierPtr Verifier::create(const JwtRequirement& requirement, - const Protobuf::Map& providers, - const AuthFactory& factory, - const Extractor& extractor_for_allow_fail) { +VerifierConstPtr +Verifier::create(const JwtRequirement& requirement, + const Protobuf::Map& providers, + const AuthFactory& factory, const Extractor& extractor_for_allow_fail) { return innerCreate(requirement, providers, factory, extractor_for_allow_fail, nullptr); } diff --git a/source/extensions/filters/http/jwt_authn/verifier.h b/source/extensions/filters/http/jwt_authn/verifier.h index 03a64c22db153..94d842fca50a2 100644 --- a/source/extensions/filters/http/jwt_authn/verifier.h +++ b/source/extensions/filters/http/jwt_authn/verifier.h @@ -8,7 +8,7 @@ namespace HttpFilters { namespace JwtAuthn { class Verifier; -typedef std::unique_ptr VerifierPtr; +typedef std::unique_ptr VerifierConstPtr; /** * Supports verification of JWTs with configured requirments. @@ -71,7 +71,7 @@ class Verifier { virtual void verify(ContextSharedPtr context) const PURE; // Factory method for creating verifiers. - static VerifierPtr + static VerifierConstPtr create(const ::envoy::config::filter::http::jwt_authn::v2alpha::JwtRequirement& requirement, const Protobuf::Map& diff --git a/test/extensions/filters/http/jwt_authn/all_verifier_test.cc b/test/extensions/filters/http/jwt_authn/all_verifier_test.cc index 4bac5581a7b58..59db8de2d8707 100644 --- a/test/extensions/filters/http/jwt_authn/all_verifier_test.cc +++ b/test/extensions/filters/http/jwt_authn/all_verifier_test.cc @@ -29,7 +29,7 @@ class AllVerifierTest : public ::testing::Test { JwtAuthentication proto_config_; FilterConfigSharedPtr filter_config_; - VerifierPtr verifier_; + VerifierConstPtr verifier_; NiceMock mock_factory_ctx_; ContextSharedPtr context_; MockVerifierCallbacks mock_cb_; diff --git a/test/extensions/filters/http/jwt_authn/filter_test.cc b/test/extensions/filters/http/jwt_authn/filter_test.cc index 467bff6f78f03..47a8c404a7832 100644 --- a/test/extensions/filters/http/jwt_authn/filter_test.cc +++ b/test/extensions/filters/http/jwt_authn/filter_test.cc @@ -22,7 +22,6 @@ namespace JwtAuthn { class MockMatcher : public Matcher { public: MOCK_CONST_METHOD1(matches, bool(const Http::HeaderMap& headers)); - MOCK_CONST_METHOD0(verifier, const VerifierPtr&()); }; class MockFilterConfig : public FilterConfig { @@ -31,7 +30,7 @@ class MockFilterConfig : public FilterConfig { const ::envoy::config::filter::http::jwt_authn::v2alpha::JwtAuthentication& proto_config, const std::string& stats_prefix, Server::Configuration::FactoryContext& context) : FilterConfig(proto_config, stats_prefix, context) {} - MOCK_CONST_METHOD1(findMatcher, const MatcherConstSharedPtr(const Http::HeaderMap& headers)); + MOCK_CONST_METHOD1(findVerifier, const Verifier*(const Http::HeaderMap& headers)); }; class FilterTest : public ::testing::Test { @@ -40,22 +39,13 @@ class FilterTest : public ::testing::Test { mock_config_ = ::std::make_shared(proto_config_, "", mock_context_); mock_verifier_ = std::make_unique(); - raw_mock_verifier_ = static_cast(mock_verifier_.get()); - filter_ = std::make_unique(mock_config_); filter_->setDecoderFilterCallbacks(filter_callbacks_); } void setupMockConfig() { - EXPECT_CALL(*mock_config_.get(), findMatcher(_)).WillOnce(Invoke([&](const Http::HeaderMap&) { - auto mock_matcher = std::make_shared>(); - ON_CALL(*mock_matcher.get(), matches(_)).WillByDefault(Invoke([](const Http::HeaderMap&) { - return true; - })); - ON_CALL(*mock_matcher.get(), verifier()).WillByDefault(Invoke([&]() -> const VerifierPtr& { - return mock_verifier_; - })); - return mock_matcher; + EXPECT_CALL(*mock_config_.get(), findVerifier(_)).WillOnce(Invoke([&](const Http::HeaderMap&) { + return mock_verifier_.get(); })); } @@ -64,8 +54,7 @@ class FilterTest : public ::testing::Test { std::shared_ptr mock_config_; NiceMock filter_callbacks_; std::unique_ptr filter_; - VerifierPtr mock_verifier_; - MockVerifier* raw_mock_verifier_; + std::unique_ptr mock_verifier_; NiceMock verifier_callback_; }; @@ -74,7 +63,7 @@ class FilterTest : public ::testing::Test { TEST_F(FilterTest, InlineOK) { setupMockConfig(); // A successful authentication completed inline: callback is called inside verify(). - EXPECT_CALL(*raw_mock_verifier_, verify(_)).WillOnce(Invoke([](ContextSharedPtr context) { + EXPECT_CALL(*mock_verifier_, verify(_)).WillOnce(Invoke([](ContextSharedPtr context) { context->callback()->onComplete(Status::Ok); })); @@ -92,7 +81,7 @@ TEST_F(FilterTest, TestSetPayloadCall) { setupMockConfig(); ProtobufWkt::Struct payload; // A successful authentication completed inline: callback is called inside verify(). - EXPECT_CALL(*raw_mock_verifier_, verify(_)).WillOnce(Invoke([&payload](ContextSharedPtr context) { + EXPECT_CALL(*mock_verifier_, verify(_)).WillOnce(Invoke([&payload](ContextSharedPtr context) { context->callback()->setPayload(payload); context->callback()->onComplete(Status::Ok); })); @@ -117,7 +106,7 @@ TEST_F(FilterTest, TestSetPayloadCall) { TEST_F(FilterTest, InlineFailure) { setupMockConfig(); // A failed authentication completed inline: callback is called inside verify(). - EXPECT_CALL(*raw_mock_verifier_, verify(_)).WillOnce(Invoke([](ContextSharedPtr context) { + EXPECT_CALL(*mock_verifier_, verify(_)).WillOnce(Invoke([](ContextSharedPtr context) { context->callback()->onComplete(Status::JwtBadFormat); })); @@ -135,7 +124,7 @@ TEST_F(FilterTest, OutBoundOK) { setupMockConfig(); Verifier::Callbacks* m_cb; // callback is saved, not called right - EXPECT_CALL(*raw_mock_verifier_, verify(_)).WillOnce(Invoke([&m_cb](ContextSharedPtr context) { + EXPECT_CALL(*mock_verifier_, verify(_)).WillOnce(Invoke([&m_cb](ContextSharedPtr context) { m_cb = context->callback(); })); @@ -160,7 +149,7 @@ TEST_F(FilterTest, OutBoundFailure) { setupMockConfig(); Verifier::Callbacks* m_cb; // callback is saved, not called right - EXPECT_CALL(*raw_mock_verifier_, verify(_)).WillOnce(Invoke([&m_cb](ContextSharedPtr context) { + EXPECT_CALL(*mock_verifier_, verify(_)).WillOnce(Invoke([&m_cb](ContextSharedPtr context) { m_cb = context->callback(); })); @@ -185,7 +174,7 @@ TEST_F(FilterTest, OutBoundFailure) { // Test verifies that if no route matched requirement, then request is allowed. TEST_F(FilterTest, TestNoRouteMatched) { - EXPECT_CALL(*mock_config_.get(), findMatcher(_)).WillOnce(Invoke([&](const Http::HeaderMap&) { + EXPECT_CALL(*mock_config_.get(), findVerifier(_)).WillOnce(Invoke([&](const Http::HeaderMap&) { return nullptr; })); diff --git a/test/extensions/filters/http/jwt_authn/group_verifier_test.cc b/test/extensions/filters/http/jwt_authn/group_verifier_test.cc index 041b8029f2c2b..3550f4bb00768 100644 --- a/test/extensions/filters/http/jwt_authn/group_verifier_test.cc +++ b/test/extensions/filters/http/jwt_authn/group_verifier_test.cc @@ -128,7 +128,7 @@ class GroupVerifierTest : public ::testing::Test { } JwtAuthentication proto_config_; - VerifierPtr verifier_; + VerifierConstPtr verifier_; MockVerifierCallbacks mock_cb_; std::unordered_map> mock_auths_; NiceMock mock_factory_; diff --git a/test/extensions/filters/http/jwt_authn/matcher_test.cc b/test/extensions/filters/http/jwt_authn/matcher_test.cc index 75eb48c295ba3..8adc79dbbc400 100644 --- a/test/extensions/filters/http/jwt_authn/matcher_test.cc +++ b/test/extensions/filters/http/jwt_authn/matcher_test.cc @@ -25,8 +25,6 @@ namespace { class MatcherTest : public ::testing::Test { public: - NiceMock mock_factory_; - MockExtractor extractor_; }; TEST_F(MatcherTest, TestMatchPrefix) { @@ -34,8 +32,7 @@ TEST_F(MatcherTest, TestMatchPrefix) { prefix: "/match")"; RequirementRule rule; MessageUtil::loadFromYaml(config, rule); - MatcherConstSharedPtr matcher = Matcher::create( - rule, Protobuf::Map(), mock_factory_, extractor_); + MatcherConstPtr matcher = Matcher::create(rule); auto headers = TestHeaderMapImpl{{":path", "/match/this"}}; EXPECT_TRUE(matcher->matches(headers)); headers = TestHeaderMapImpl{{":path", "/MATCH"}}; @@ -46,7 +43,6 @@ TEST_F(MatcherTest, TestMatchPrefix) { EXPECT_FALSE(matcher->matches(headers)); headers = TestHeaderMapImpl{{":path", "/no"}}; EXPECT_FALSE(matcher->matches(headers)); - EXPECT_FALSE(matcher->verifier() == nullptr); } TEST_F(MatcherTest, TestMatchRegex) { @@ -54,8 +50,7 @@ TEST_F(MatcherTest, TestMatchRegex) { regex: "/[^c][au]t")"; RequirementRule rule; MessageUtil::loadFromYaml(config, rule); - MatcherConstSharedPtr matcher = Matcher::create( - rule, Protobuf::Map(), mock_factory_, extractor_); + MatcherConstPtr matcher = Matcher::create(rule); auto headers = TestHeaderMapImpl{{":path", "/but"}}; EXPECT_TRUE(matcher->matches(headers)); headers = TestHeaderMapImpl{{":path", "/mat?ok=bye"}}; @@ -66,7 +61,6 @@ TEST_F(MatcherTest, TestMatchRegex) { EXPECT_FALSE(matcher->matches(headers)); headers = TestHeaderMapImpl{{":path", "/mut/"}}; EXPECT_FALSE(matcher->matches(headers)); - EXPECT_FALSE(matcher->verifier() == nullptr); } TEST_F(MatcherTest, TestMatchPath) { @@ -75,8 +69,7 @@ TEST_F(MatcherTest, TestMatchPath) { case_sensitive: false)"; RequirementRule rule; MessageUtil::loadFromYaml(config, rule); - MatcherConstSharedPtr matcher = Matcher::create( - rule, Protobuf::Map(), mock_factory_, extractor_); + MatcherConstPtr matcher = Matcher::create(rule); auto headers = TestHeaderMapImpl{{":path", "/match"}}; EXPECT_TRUE(matcher->matches(headers)); headers = TestHeaderMapImpl{{":path", "/MATCH"}}; @@ -89,7 +82,6 @@ TEST_F(MatcherTest, TestMatchPath) { EXPECT_FALSE(matcher->matches(headers)); headers = TestHeaderMapImpl{{":path", "/matching"}}; EXPECT_FALSE(matcher->matches(headers)); - EXPECT_FALSE(matcher->verifier() == nullptr); } TEST_F(MatcherTest, TestMatchQuery) { @@ -100,8 +92,7 @@ TEST_F(MatcherTest, TestMatchQuery) { value: bar)"; RequirementRule rule; MessageUtil::loadFromYaml(config, rule); - MatcherConstSharedPtr matcher = Matcher::create( - rule, Protobuf::Map(), mock_factory_, extractor_); + MatcherConstPtr matcher = Matcher::create(rule); auto headers = TestHeaderMapImpl{{":path", "/boo?foo=bar"}}; EXPECT_TRUE(matcher->matches(headers)); headers = TestHeaderMapImpl{{":path", "/boo?ok=bye"}}; @@ -112,7 +103,6 @@ TEST_F(MatcherTest, TestMatchQuery) { EXPECT_FALSE(matcher->matches(headers)); headers = TestHeaderMapImpl{{":path", "/boo?bar=foo"}}; EXPECT_FALSE(matcher->matches(headers)); - EXPECT_FALSE(matcher->verifier() == nullptr); } TEST_F(MatcherTest, TestMatchHeader) { @@ -122,8 +112,7 @@ TEST_F(MatcherTest, TestMatchHeader) { - name: a)"; RequirementRule rule; MessageUtil::loadFromYaml(config, rule); - MatcherConstSharedPtr matcher = Matcher::create( - rule, Protobuf::Map(), mock_factory_, extractor_); + MatcherConstPtr matcher = Matcher::create(rule); auto headers = TestHeaderMapImpl{{":path", "/"}, {"a", ""}}; EXPECT_TRUE(matcher->matches(headers)); headers = TestHeaderMapImpl{{":path", "/"}, {"a", "some"}, {"b", ""}}; @@ -134,7 +123,6 @@ TEST_F(MatcherTest, TestMatchHeader) { EXPECT_FALSE(matcher->matches(headers)); headers = TestHeaderMapImpl{{":path", "/"}, {"", ""}}; EXPECT_FALSE(matcher->matches(headers)); - EXPECT_FALSE(matcher->verifier() == nullptr); } TEST_F(MatcherTest, TestMatchPathAndHeader) { @@ -145,8 +133,7 @@ TEST_F(MatcherTest, TestMatchPathAndHeader) { value: bar)"; RequirementRule rule; MessageUtil::loadFromYaml(config, rule); - MatcherConstSharedPtr matcher = Matcher::create( - rule, Protobuf::Map(), mock_factory_, extractor_); + MatcherConstPtr matcher = Matcher::create(rule); auto headers = TestHeaderMapImpl{{":path", "/boo?foo=bar"}}; EXPECT_TRUE(matcher->matches(headers)); headers = TestHeaderMapImpl{{":path", "/boo?ok=bye"}}; @@ -157,7 +144,6 @@ TEST_F(MatcherTest, TestMatchPathAndHeader) { EXPECT_FALSE(matcher->matches(headers)); headers = TestHeaderMapImpl{{":path", "/boo?bar=foo"}}; EXPECT_FALSE(matcher->matches(headers)); - EXPECT_FALSE(matcher->verifier() == nullptr); } } // namespace diff --git a/test/extensions/filters/http/jwt_authn/provider_verifier_test.cc b/test/extensions/filters/http/jwt_authn/provider_verifier_test.cc index a02ed21a4891e..b0da46ef6b66b 100644 --- a/test/extensions/filters/http/jwt_authn/provider_verifier_test.cc +++ b/test/extensions/filters/http/jwt_authn/provider_verifier_test.cc @@ -37,7 +37,7 @@ class ProviderVerifierTest : public ::testing::Test { JwtAuthentication proto_config_; FilterConfigSharedPtr filter_config_; - VerifierPtr verifier_; + VerifierConstPtr verifier_; NiceMock mock_factory_ctx_; ContextSharedPtr context_; MockVerifierCallbacks mock_cb_;