Back port the fix for peerIsOptional/originIsOptional to 1.0 branch

[yangminzhu]

What this PR does / why we need it: In order to cherrypick this fix into Istio 1.0.3, we need back port the fix to 1.0 branch first.

Which issue this PR fixes: The same as #1959

Special notes for your reviewer: I manually excluded the test case IgnoreBothPass added in #1959 as it has dependencies on some other PRs in master branch which I think is too big to cherrypick to 1.0 branch.

Severity: This patch is needed to fix a bug that makes the peerIsOptional/oritinIsOptional flag useless. Without the patch, the user identity cannot be passed to the next layer (i.e. Istio authorization) when the flag is set to true. This makes the authorization layer always deny the request due to the missing identities. Multiple users have reported this (#1892 #1958, and also from slack).

Release note:

Fixed a bug for the peerIsOptional/originIsOptional flag in authentication policy that didn't pass generated attributes when set to true. (#1892 #1958)

[diemtvu]

/lgtm

[yangminzhu]

@JimmyCYJ @qiwzhang Could you approve this if no changes needed? As this is to be cherrypicked in Istio 1.0.3, do I need to update anything else for the Release note? (I already included in the PR description). Thanks!

[yangminzhu]

@hklai Could you approve this so that I can cherrypick it to Istio 1.0.3? Thank you.

[JimmyCYJ]

/lgtm

/approve

[istio-testing]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: diemtvu, JimmyCYJ

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [JimmyCYJ]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment