-
Notifications
You must be signed in to change notification settings - Fork 328
-
Notifications
You must be signed in to change notification settings - Fork 328
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for dynamic metadata in http ext authz #4163
Comments
can this be achieved today by |
@arkodg yes, it can be archieved with that approach. However, we won't be able to retrieve the ext_authz_duration data, since it's only available when |
this feels like an advanced use case, I suggest using https://gateway.envoyproxy.io/docs/tasks/extensibility/envoy-patch-policy/ to achieve this |
Description:
We have a use case that requires emitting specific information from the external authz service into the logs, and this can be achieved using dynamic metadata. In the grpc ext_authz, dynamic metadata can be included directly as part of
CheckResponse
. However, in the http ext_authz, the only method to pass this information is by sending it as response headers, which are then emitted via thedynamic_metadata_from_headers
.It would be great if the dynamic_metadata_from_headers field can be exposed
proposal:
In the current implementation,
allowed_upstream_headers
is already implemented asheadersToBackend
with support for theexact
match type only. We can extend the functionality to includedynamic_metadata_from_headers
to support this.headersToMetadata
seems like a suitable option fordynamic_metadata_from_headers
. However, I welcome any feedback and suggestionsThe text was updated successfully, but these errors were encountered: