docs: add some clarification around the use of metadata in ExtAuthZ (#30563)

Signed-off-by: Rohit Agrawal <rohit.agrawal@databricks.com>
Co-authored-by: phlax <phlax@users.noreply.github.com>

Mirrored from https://github.com/envoyproxy/envoy @ 8f804787815a17debce1222a7b65ff67418475f9
main
update-envoy[bot] 1 year ago
parent f5b171e919
commit 11884f6161
  1. 14
      envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto

@ -91,7 +91,10 @@ message ExtAuthz {
type.v3.HttpStatus status_on_error = 7; type.v3.HttpStatus status_on_error = 7;
// Specifies a list of metadata namespaces whose values, if present, will be passed to the // Specifies a list of metadata namespaces whose values, if present, will be passed to the
// ext_authz service. :ref:`filter_metadata <envoy_v3_api_field_config.core.v3.Metadata.filter_metadata>` is passed as an opaque ``protobuf::Struct``. // ext_authz service. The :ref:`filter_metadata <envoy_v3_api_field_config.core.v3.Metadata.filter_metadata>`
// is passed as an opaque ``protobuf::Struct``.
//
// Please note that this field exclusively applies to the gRPC ext_authz service and has no effect on the HTTP service.
// //
// For example, if the ``jwt_authn`` filter is used and :ref:`payload_in_metadata // For example, if the ``jwt_authn`` filter is used and :ref:`payload_in_metadata
// <envoy_v3_api_field_extensions.filters.http.jwt_authn.v3.JwtProvider.payload_in_metadata>` is set, // <envoy_v3_api_field_extensions.filters.http.jwt_authn.v3.JwtProvider.payload_in_metadata>` is set,
@ -105,10 +108,13 @@ message ExtAuthz {
repeated string metadata_context_namespaces = 8; repeated string metadata_context_namespaces = 8;
// Specifies a list of metadata namespaces whose values, if present, will be passed to the // Specifies a list of metadata namespaces whose values, if present, will be passed to the
// ext_authz service. :ref:`typed_filter_metadata <envoy_v3_api_field_config.core.v3.Metadata.typed_filter_metadata>` is passed as an ``protobuf::Any``. // ext_authz service. :ref:`typed_filter_metadata <envoy_v3_api_field_config.core.v3.Metadata.typed_filter_metadata>`
// is passed as a ``protobuf::Any``.
//
// Please note that this field exclusively applies to the gRPC ext_authz service and has no effect on the HTTP service.
// //
// It works in a way similar to ``metadata_context_namespaces`` but allows envoy and external authz server to share the protobuf message definition // It works in a way similar to ``metadata_context_namespaces`` but allows Envoy and ext_authz server to share
// in order to do a safe parsing. // the protobuf message definition in order to do a safe parsing.
// //
repeated string typed_metadata_context_namespaces = 16; repeated string typed_metadata_context_namespaces = 16;

Loading…
Cancel
Save