ext_authz: optionally add headers to external authorization service (#4432)

Adds optional configuration to ext_authz filter allowing to specify http headers to add to the request from Envoy to external authorization service.

Risk Level: Low
Testing: unit test
Docs Changes: added
Release Notes: added

Signed-off-by: David Kowalski <dkowalski@apple.com>

Mirrored from https://github.com/envoyproxy/envoy @ 031501b1680d7544ab585b06ea459e94f9972f46

envoy/config/filter/http/ext_authz/v2alpha/BUILD

@@ -6,6 +6,7 @@ api_proto_library_internal(
     name = "ext_authz",
     srcs = ["ext_authz.proto"],
     deps = [
+        "//envoy/api/v2/core:base",
         "//envoy/api/v2/core:grpc_service",
         "//envoy/api/v2/core:http_uri",
     ],

envoy/config/filter/http/ext_authz/v2alpha/ext_authz.proto

@@ -3,6 +3,7 @@ syntax = "proto3";
 package envoy.config.filter.http.ext_authz.v2alpha;
 option go_package = "v2alpha";
 
+import "envoy/api/v2/core/base.proto";
 import "envoy/api/v2/core/grpc_service.proto";
 import "envoy/api/v2/core/http_uri.proto";
 
@@ -82,4 +83,8 @@ message HttpService {
   // *Method* and *Path* are always dispatched to the authorization server by default. The message
   // will not contain body data and the *Content-Length* will be set to zero.
   repeated string allowed_request_headers = 5;
+
+  // Sets a list of headers and their values that will be added to the request to external
+  // authorization server. Note that these will override the headers coming from the downstream.
+  repeated envoy.api.v2.core.HeaderValue authorization_headers_to_add = 6;
 }