istio
diff --git a/‎kubernetes/customresourcedefinitions.gen.yaml
Lines changed: 12 additions & 0 deletions b/‎kubernetes/customresourcedefinitions.gen.yaml
Lines changed: 12 additions & 0 deletions
diff --git a/‎proto.lock
Lines changed: 38 additions & 0 deletions b/‎proto.lock
Lines changed: 38 additions & 0 deletions
diff --git a/‎security/v1/jwt.pb.go
Lines changed: 99 additions & 23 deletions b/‎security/v1/jwt.pb.go
Lines changed: 99 additions & 23 deletions
diff --git a/‎security/v1/jwt.pb.html
Lines changed: 48 additions & 1 deletion b/‎security/v1/jwt.pb.html
Lines changed: 48 additions & 1 deletion
diff --git a/‎security/v1/jwt.proto
Lines changed: 19 additions & 0 deletions b/‎security/v1/jwt.proto
Lines changed: 19 additions & 0 deletions
diff --git a/‎security/v1beta1/jwt.gen.json
Lines changed: 11 additions & 0 deletions b/‎security/v1beta1/jwt.gen.json
Lines changed: 11 additions & 0 deletions
@@ -44233,6 +44233,20 @@
     {
       "protopath": "security:/:v1:/:jwt.proto",
       "def": {
+        "enums": [
+          {
+            "name": "JWTRule.Allow",
+            "enum_fields": [
+              {
+                "name": "ALLOW_MISSING"
+              },
+              {
+                "name": "ALLOW_MISSING_OR_FAILED",
+                "integer": 1
+              }
+            ]
+          }
+        ],
         "messages": [
           {
             "name": "JWTRule",
@@ -44291,6 +44305,11 @@
                 "name": "output_claim_to_headers",
                 "type": "ClaimToHeader",
                 "is_repeated": true
+              },
+              {
+                "id": 12,
+                "name": "allow",
+                "type": "Allow"
               }
             ]
           },
@@ -44729,6 +44748,20 @@
     {
       "protopath": "security:/:v1beta1:/:jwt.proto",
       "def": {
+        "enums": [
+          {
+            "name": "JWTRule.Allow",
+            "enum_fields": [
+              {
+                "name": "ALLOW_MISSING"
+              },
+              {
+                "name": "ALLOW_MISSING_OR_FAILED",
+                "integer": 1
+              }
+            ]
+          }
+        ],
         "messages": [
           {
             "name": "JWTRule",
@@ -44787,6 +44820,11 @@
                 "name": "output_claim_to_headers",
                 "type": "ClaimToHeader",
                 "is_repeated": true
+              },
+              {
+                "id": 12,
+                "name": "allow",
+                "type": "Allow"
               }
             ]
           },
 
@@ -162,6 +162,25 @@ message JWTRule {
   // ```
   // [Experimental] This feature is a experimental feature.
   repeated ClaimToHeader output_claim_to_headers = 11; // [TODO:Update the status whenever this feature is promoted.]
+
+  // Allow specifies a Jwt requirement.
+  enum Allow {
+    // The requirement is satisfied if JWT is missing, but failed if JWT is
+    // presented but invalid. Similar to ALLOW_MISSING_OR_FAILED, this is used
+    // to only verify JWTs and pass the verified payload to another filter. The
+    // different is this mode will reject requests with invalid tokens.
+    // This is the default behavior.
+    ALLOW_MISSING = 0;
+
+    // The requirement is always satisfied even if JWT is missing or the JWT
+    // verification fails. A typical usage is: this filter is used to only verify
+    // JWTs and pass the verified JWT payloads to another filter, the other filter
+    // will make decision. In this mode, all JWT tokens will be verified.
+    ALLOW_MISSING_OR_FAILED = 1;
+  }
+
+  // Allow specifies a Jwt requirement. This is Optional, the default value is ALLOW_MISSING.
+  Allow allow = 12;
 }
 
 // This message specifies a header location to extract JWT token.