config: fix jwt_issuer_format conversion (#5524)

Remove the previous conversion logic in NewPolicyFromProto() for the jwt_issuer_format field. This would prevent the new "unset" state from working correctly. Add a unit test to verify that all three values (unset, "hostOnly" and "uri") will successfully round trip to the proto format and back again. Also add a test case for the Options.ApplySettings() method to verify that an unset jwt_issuer_format will not overwrite the existing value (if any) in the settings.
2025-06-14 16:52:58 +02:00 · 2025-03-12 16:13:16 -07:00 · 2025-03-12 16:13:16 -07:00 · e1eca4e97c
commit e1eca4e97c
parent 9cd5160468
3 changed files with 30 additions and 7 deletions
--- a/config/policy_test.go
+++ b/config/policy_test.go
@ -292,6 +292,22 @@ func TestPolicy_FromToPb(t *testing.T) {
 		assert.NoError(t, err)
 		assert.Equal(t, p.Redirect.HTTPSRedirect, policyFromProto.Redirect.HTTPSRedirect)
 	})
+
+	t.Run("JWT issuer format", func(t *testing.T) {
+		for f := range knownJWTIssuerFormats {
+			p := &Policy{
+				From:            "https://pomerium.io",
+				To:              mustParseWeightedURLs(t, "http://localhost"),
+				JWTIssuerFormat: f,
+			}
+			pbPolicy, err := p.ToProto()
+			require.NoError(t, err)
+
+			policyFromPb, err := NewPolicyFromProto(pbPolicy)
+			assert.NoError(t, err)
+			assert.Equal(t, f, policyFromPb.JWTIssuerFormat)
+		}
+	})
 }

 func TestPolicy_Matches(t *testing.T) {