ext_authz: Allow to set additional prefix for HTTP filter stats (#13215)

This patch allows setting an additional prefix for HTTP filter stats. This lets the emitted statistics from configured ext_authz HTTP filters in an HTTP filter chain can be distinguished from each other.

Risk Level: Low
Testing: Added a test on additional prefix.
Docs Changes: Added
Release Notes: Added

Fixes #12666

Signed-off-by: Dhi Aurrahman <dio@tetrate.io>

Mirrored from https://github.com/envoyproxy/envoy @ 720348b822aed159dc4ec8243fffe95a8775a4cd
master-ci-test
data-plane-api(CircleCI) 4 years ago
parent d13451bc82
commit 55205b3de8
  1. 19
      envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto
  2. 19
      envoy/extensions/filters/http/ext_authz/v4alpha/ext_authz.proto

@ -23,7 +23,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
// External Authorization :ref:`configuration overview <config_http_filters_ext_authz>`.
// [#extension: envoy.filters.http.ext_authz]
// [#next-free-field: 13]
// [#next-free-field: 14]
message ExtAuthz {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.filter.http.ext_authz.v2.ExtAuthz";
@ -117,6 +117,23 @@ message ExtAuthz {
// When this field is true, Envoy will include the peer X.509 certificate, if available, in the
// :ref:`certificate<envoy_api_field_service.auth.v3.AttributeContext.Peer.certificate>`.
bool include_peer_certificate = 10;
// Optional additional prefix to use when emitting statistics. This allows to distinguish
// emitted statistics between configured *ext_authz* filters in an HTTP filter chain. For example:
//
// .. code-block:: yaml
//
// http_filters:
// - name: envoy.filters.http.ext_authz
// typed_config:
// "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz
// stat_prefix: waf # This emits ext_authz.waf.ok, ext_authz.waf.denied, etc.
// - name: envoy.filters.http.ext_authz
// typed_config:
// "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz
// stat_prefix: blocker # This emits ext_authz.blocker.ok, ext_authz.blocker.denied, etc.
//
string stat_prefix = 13;
}
// Configuration for buffering the request data.

@ -23,7 +23,7 @@ option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSIO
// External Authorization :ref:`configuration overview <config_http_filters_ext_authz>`.
// [#extension: envoy.filters.http.ext_authz]
// [#next-free-field: 13]
// [#next-free-field: 14]
message ExtAuthz {
option (udpa.annotations.versioning).previous_message_type =
"envoy.extensions.filters.http.ext_authz.v3.ExtAuthz";
@ -117,6 +117,23 @@ message ExtAuthz {
// When this field is true, Envoy will include the peer X.509 certificate, if available, in the
// :ref:`certificate<envoy_api_field_service.auth.v4alpha.AttributeContext.Peer.certificate>`.
bool include_peer_certificate = 10;
// Optional additional prefix to use when emitting statistics. This allows to distinguish
// emitted statistics between configured *ext_authz* filters in an HTTP filter chain. For example:
//
// .. code-block:: yaml
//
// http_filters:
// - name: envoy.filters.http.ext_authz
// typed_config:
// "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz
// stat_prefix: waf # This emits ext_authz.waf.ok, ext_authz.waf.denied, etc.
// - name: envoy.filters.http.ext_authz
// typed_config:
// "@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz
// stat_prefix: blocker # This emits ext_authz.blocker.ok, ext_authz.blocker.denied, etc.
//
string stat_prefix = 13;
}
// Configuration for buffering the request data.

Loading…
Cancel
Save