rename to recomputeRoute

Signed-off-by: Arko Dasgupta <arko@tetrate.io>
envoyproxy · Feb 23, 2024 · 0276f45 · 0276f45
1 parent 9241363
commit 0276f45
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 20 deletions.
diff --git a/api/v1alpha1/jwt_types.go b/api/v1alpha1/jwt_types.go
@@ -52,8 +52,16 @@ type JWTProvider struct {
 	// For examples, following config:
 	// The claim must be of type; string, int, double, bool. Array type claims are not supported
 	//
+	// +optional
 	ClaimToHeaders []ClaimToHeader `json:"claimToHeaders,omitempty"`
 
+	// RecomputeRoute clears the route cache and recalculates the routing decision.
+	// This field must be enabled if the headers generated from the claim are used for
+	// route matching decisions.
+	//
+	// +optional
+	RecomputeRoute *bool `json:"recomputeRoute,omitempty"`
+
 	// ExtractFrom defines different ways to extract the JWT token from HTTP request.
 	// If empty, it defaults to extract JWT token from the Authorization HTTP request header using Bearer schema
 	// or access_token from query parameters.
@@ -85,11 +93,6 @@ type ClaimToHeader struct {
 	// (eg. "claim.nested.key", "sub"). The nested claim name must use dot "."
 	// to separate the JSON name path.
 	Claim string `json:"claim"`
-
-	// UseForRouting must be enabled if this header generated from the claim should be used for
-	// route matching decisions
-	// +optional
-	UseForRouting *bool `json:"useForRouting,omitempty"`
 }
 
 // JWTExtractor defines a custom JWT token extraction from HTTP request.

diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml
@@ -397,11 +397,6 @@ spec:
                                 description: Header defines the name of the HTTP request
                                   header that the JWT Claim will be saved into.
                                 type: string
-                              useForRouting:
-                                description: UseForRouting must be enabled if this
-                                  header generated from the claim should be used for
-                                  route matching decisions
-                                type: boolean
                             required:
                             - claim
                             - header
@@ -466,6 +461,12 @@ spec:
                           maxLength: 253
                           minLength: 1
                           type: string
+                        recomputeRoute:
+                          description: RecomputeRoute clears the route cache and recalculates
+                            the routing decision. This field must be enabled if the
+                            headers generated from the claim are used for route matching
+                            decisions.
+                          type: boolean
                         remoteJWKS:
                           description: RemoteJWKS defines how to fetch and cache JSON
                             Web Key Sets (JWKS) from a remote HTTP/HTTPS endpoint.

diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md
@@ -245,7 +245,6 @@ _Appears in:_
 | ---   | ---  | ---      | ---         |
 | `header` | _string_ |  true  | Header defines the name of the HTTP request header that the JWT Claim will be saved into. |
 | `claim` | _string_ |  true  | Claim is the JWT Claim that should be saved into the header : it can be a nested claim of type (eg. "claim.nested.key", "sub"). The nested claim name must use dot "." to separate the JSON name path. |
-| `useForRouting` | _boolean_ |  false  | UseForRouting must be enabled if this header generated from the claim should be used for route matching decisions |
 
 
 #### ClientIPDetectionSettings
@@ -1375,7 +1374,8 @@ _Appears in:_
 | `issuer` | _string_ |  false  | Issuer is the principal that issued the JWT and takes the form of a URL or email address. For additional details, see https://tools.ietf.org/html/rfc7519#section-4.1.1 for URL format and https://rfc-editor.org/rfc/rfc5322.html for email format. If not provided, the JWT issuer is not checked. |
 | `audiences` | _string array_ |  false  | Audiences is a list of JWT audiences allowed access. For additional details, see https://tools.ietf.org/html/rfc7519#section-4.1.3. If not provided, JWT audiences are not checked. |
 | `remoteJWKS` | _[RemoteJWKS](#remotejwks)_ |  true  | RemoteJWKS defines how to fetch and cache JSON Web Key Sets (JWKS) from a remote HTTP/HTTPS endpoint. |
-| `claimToHeaders` | _[ClaimToHeader](#claimtoheader) array_ |  true  | ClaimToHeaders is a list of JWT claims that must be extracted into HTTP request headers For examples, following config: The claim must be of type; string, int, double, bool. Array type claims are not supported |
+| `claimToHeaders` | _[ClaimToHeader](#claimtoheader) array_ |  false  | ClaimToHeaders is a list of JWT claims that must be extracted into HTTP request headers For examples, following config: The claim must be of type; string, int, double, bool. Array type claims are not supported |
+| `recomputeRoute` | _boolean_ |  false  | RecomputeRoute clears the route cache and recalculates the routing decision. This field must be enabled if the headers generated from the claim are used for route matching decisions. |
 | `extractFrom` | _[JWTExtractor](#jwtextractor)_ |  false  | ExtractFrom defines different ways to extract the JWT token from HTTP request. If empty, it defaults to extract JWT token from the Authorization HTTP request header using Bearer schema or access_token from query parameters. |