Consistent JWTProviderKey support in provision and samples create com…

…mands (#111)
apigee · Nov 19, 2020 · 4b1a5af · 4b1a5af
1 parent dbea0ba
commit 4b1a5af
Show file tree

Hide file tree

Showing 8 changed files with 23 additions and 15 deletions.
diff --git a/cmd/provision/config.go b/cmd/provision/config.go
@@ -50,6 +50,9 @@ func (p *provision) createConfig(cred *keySecret) *server.Config {
 			EnvName:                p.Env,
 			AllowUnverifiedSSLCert: p.InsecureSkipVerify,
 		},
+		Auth: server.AuthConfig{
+			JWTProviderKey: fmt.Sprintf(tokenURLFormat, p.RemoteServiceProxyURL),
+		},
 	}
 
 	if cred != nil {

diff --git a/cmd/provision/provision.go b/cmd/provision/provision.go
@@ -47,6 +47,7 @@ const (
 	productsURLFormat     = "%s/products"     // RemoteServiceProxyURL
 	verifyAPIKeyURLFormat = "%s/verifyApiKey" // RemoteServiceProxyURL
 	quotasURLFormat       = "%s/quotas"       // RemoteServiceProxyURL
+	tokenURLFormat        = "%s/token"        // RemoteServiceProxyURL
 )
 
 // default durations for the proxy verification retry

diff --git a/cmd/samples/samples.go b/cmd/samples/samples.go
@@ -41,6 +41,7 @@ var (
 		"istio-1.5":  "istio-1.6",
 		"istio-1.6":  "istio-1.6",
 		"istio-1.7":  "istio-1.7",
+		"istio-1.8":  "istio-1.7",
 	}
 )
 
@@ -50,6 +51,7 @@ type samples struct {
 	templateDir     string
 	outDir          string
 	overwrite       bool
+	JWTProviderKey  string
 	RuntimeHost     string
 	RuntimePort     string
 	RuntimeTLS      bool
@@ -218,6 +220,7 @@ func (s *samples) parseConfig() error {
 	s.Org = s.ServerConfig.Tenant.OrgName
 	s.Env = s.ServerConfig.Tenant.EnvName
 	s.Namespace = s.ServerConfig.Global.Namespace
+	s.JWTProviderKey = s.ServerConfig.Auth.JWTProviderKey
 
 	// handle configs for analytics-related credential
 	if s.ServerConfig.IsGCPManaged() {

diff --git a/cmd/samples/samples_test.go b/cmd/samples/samples_test.go
@@ -94,6 +94,7 @@ func TestTemplatesListing(t *testing.T) {
 		"  istio-1.5",
 		"  istio-1.6",
 		"  istio-1.7",
+		"  istio-1.8",
 		"  native",
 	}
 

diff --git a/templates/envoy-1.16/envoy-config.yaml b/templates/envoy-1.16/envoy-config.yaml
@@ -43,7 +43,7 @@ static_resources:
                       timeout: 5s
                     cache_duration:
                       seconds: 300
-                  payload_in_metadata: apigee
+                  payload_in_metadata: {{.JWTProviderKey}}
               rules:
               - match:
                   prefix: /

diff --git a/templates/istio-1.6/request-authentication.yaml b/templates/istio-1.6/request-authentication.yaml
@@ -13,7 +13,7 @@ spec:
     matchLabels:
       managed-by: apigee
   jwtRules:
-  - issuer: https://{{.RuntimeHost}}/remote-service/token
+  - issuer: {{.JWTProviderKey}}
     jwksUri: https://{{.RuntimeHost}}/remote-service/certs
 # ---
 # apiVersion: security.istio.io/v1beta1

diff --git a/templates/istio-1.7/request-authentication.yaml b/templates/istio-1.7/request-authentication.yaml
@@ -13,7 +13,7 @@ spec:
     matchLabels:
       managed-by: apigee
   jwtRules:
-  - issuer: https://{{.RuntimeHost}}/remote-service/token
+  - issuer: {{.JWTProviderKey}}
     jwksUri: https://{{.RuntimeHost}}/remote-service/certs
 # ---
 # apiVersion: security.istio.io/v1beta1

diff --git a/templates/templates.go b/templates/templates.go