feature flag

envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/SnapshotProperties.kt

@@ -392,6 +392,7 @@ class JwtFilterProperties {
     var forwardPayloadHeader = "x-oauth-token-validated"
     var payloadInMetadata = "jwt"
     var failedStatusInMetadata = "jwt_failure_reason"
+    var failedStatusInMetadataEnabled = true
     var fieldRequiredInToken = "exp"
     var defaultVerificationType = OAuth.Verification.OFFLINE
     var defaultOAuthPolicy = OAuth.Policy.STRICT

envoy-control-core/src/main/kotlin/pl/allegro/tech/servicemesh/envoycontrol/snapshot/resource/listeners/filters/JwtFilterFactory.kt

@@ -64,7 +64,8 @@ class JwtFilterFactory(
             it.key to createProvider(it.value)
         }
 
-    private fun createProvider(provider: OAuthProvider) = JwtProvider.newBuilder()
+    private fun createProvider(provider: OAuthProvider): JwtProvider {
+        val jwtProvider = JwtProvider.newBuilder()
         .setRemoteJwks(
             RemoteJwks.newBuilder().setHttpUri(
                 HttpUri.newBuilder()
@@ -79,8 +80,12 @@ class JwtFilterFactory(
         .setForward(properties.forwardJwt)
         .setForwardPayloadHeader(properties.forwardPayloadHeader)
         .setPayloadInMetadata(properties.payloadInMetadata)
-        .setFailedStatusInMetadata(properties.failedStatusInMetadata)
-        .build()
+
+        if (properties.failedStatusInMetadataEnabled)
+            jwtProvider.setFailedStatusInMetadata(properties.failedStatusInMetadata)
+
+        return jwtProvider.build()
+    }
 
     private fun createRules(endpoints: List<IncomingEndpoint>): Set<RequirementRule> {
         return endpoints.mapNotNull(this::createRuleForEndpoint).toSet()