Summary
ApisixConsumer.spec.authParameter.jwtAuth.value.private_key is currently required by the CRD schema.
Please triage whether this should be relaxed so symmetric JWT configurations do not require an unused private key.
Current behavior
APISIX itself supports JWT consumer credentials that use symmetric secrets without requiring a private key, but the ApisixConsumer schema currently requires both:
for jwtAuth.value.
At the same time, the translator accepts multiple JWT shapes and simply forwards whichever fields are present, including secret, public_key, private_key, and algorithm.
As a result, some JWT consumer configurations supported by APISIX are rejected by the CRD schema before they reach translation.
Use cases affected
- configuring JWT consumer credentials with
secret for symmetric algorithms such as HS256
- using
ApisixConsumer for JWT setups that do not require an asymmetric private key
Code context
api/v2/apisixconsumer_types.goconfig/crd/bases/apisix.apache.org_apisixconsumers.yamlinternal/adc/translator/apisixconsumer.go
Summary
ApisixConsumer.spec.authParameter.jwtAuth.value.private_keyis currently required by the CRD schema.Please triage whether this should be relaxed so symmetric JWT configurations do not require an unused private key.
Current behavior
APISIX itself supports JWT consumer credentials that use symmetric secrets without requiring a private key, but the
ApisixConsumerschema currently requires both:keyprivate_keyfor
jwtAuth.value.At the same time, the translator accepts multiple JWT shapes and simply forwards whichever fields are present, including
secret,public_key,private_key, andalgorithm.As a result, some JWT consumer configurations supported by APISIX are rejected by the CRD schema before they reach translation.
Use cases affected
secretfor symmetric algorithms such asHS256ApisixConsumerfor JWT setups that do not require an asymmetric private keyCode context
api/v2/apisixconsumer_types.goconfig/crd/bases/apisix.apache.org_apisixconsumers.yamlinternal/adc/translator/apisixconsumer.go