ext_authz: optionally add headers to external authorization service (#4432)

Adds optional configuration to ext_authz filter allowing to specify http headers to add to the request from Envoy to external authorization service.

Risk Level: Low
Testing: unit test
Docs Changes: added
Release Notes: added

Signed-off-by: David Kowalski <dkowalski@apple.com>

Mirrored from https://github.com/envoyproxy/envoy @ 031501b1680d7544ab585b06ea459e94f9972f46
pull/620/head
data-plane-api(CircleCI) 6 years ago
parent 2aacec1ac6
commit 03f20aada1
  1. 1
      envoy/config/filter/http/ext_authz/v2alpha/BUILD
  2. 5
      envoy/config/filter/http/ext_authz/v2alpha/ext_authz.proto

@ -6,6 +6,7 @@ api_proto_library_internal(
name = "ext_authz", name = "ext_authz",
srcs = ["ext_authz.proto"], srcs = ["ext_authz.proto"],
deps = [ deps = [
"//envoy/api/v2/core:base",
"//envoy/api/v2/core:grpc_service", "//envoy/api/v2/core:grpc_service",
"//envoy/api/v2/core:http_uri", "//envoy/api/v2/core:http_uri",
], ],

@ -3,6 +3,7 @@ syntax = "proto3";
package envoy.config.filter.http.ext_authz.v2alpha; package envoy.config.filter.http.ext_authz.v2alpha;
option go_package = "v2alpha"; option go_package = "v2alpha";
import "envoy/api/v2/core/base.proto";
import "envoy/api/v2/core/grpc_service.proto"; import "envoy/api/v2/core/grpc_service.proto";
import "envoy/api/v2/core/http_uri.proto"; import "envoy/api/v2/core/http_uri.proto";
@ -82,4 +83,8 @@ message HttpService {
// *Method* and *Path* are always dispatched to the authorization server by default. The message // *Method* and *Path* are always dispatched to the authorization server by default. The message
// will not contain body data and the *Content-Length* will be set to zero. // will not contain body data and the *Content-Length* will be set to zero.
repeated string allowed_request_headers = 5; repeated string allowed_request_headers = 5;
// Sets a list of headers and their values that will be added to the request to external
// authorization server. Note that these will override the headers coming from the downstream.
repeated envoy.api.v2.core.HeaderValue authorization_headers_to_add = 6;
} }

Loading…
Cancel
Save