GCP Authentication Filter: Implement the token cache (#21378)

Signed-off-by: Tianyu Xia <tyxia@google.com>

Mirrored from https://github.com/envoyproxy/envoy @ 5e25df5e4d04248166c9afc55aa1955258f7b2a3

envoy/extensions/filters/http/gcp_authn/v3/gcp_authn.proto

@@ -5,6 +5,8 @@ package envoy.extensions.filters.http.gcp_authn.v3;
 import "envoy/config/core/v3/base.proto";
 import "envoy/config/core/v3/http_uri.proto";
 
+import "google/protobuf/wrappers.proto";
+
 import "udpa/annotations/status.proto";
 import "validate/validate.proto";
 
@@ -27,6 +29,9 @@ message GcpAuthnFilterConfig {
   // Retry policy for fetching tokens.
   // This field is optional. If it is not configured, the filter will be fail-closed (i.e., reject the requests).
   config.core.v3.RetryPolicy retry_policy = 2;
+
+  // Token cache configuration. This field is optional.
+  TokenCacheConfig cache_config = 3;
 }
 
 // Audience is the URL of the receiving service that performs token authentication.
@@ -34,3 +39,10 @@ message GcpAuthnFilterConfig {
 message Audience {
   string url = 1 [(validate.rules).string = {min_len: 1}];
 }
+
+// Token Cache configuration.
+message TokenCacheConfig {
+  // The number of cache entries. The maximum number of entries is INT64_MAX as it is constrained by underlying cache implementation.
+  // Default value 0 (i.e., proto3 defaults) disables the cache by default. Other default values will enable the cache.
+  google.protobuf.UInt64Value cache_size = 1 [(validate.rules).uint64 = {lte: 9223372036854775807}];
+}