Chiebot-Mirror
/
data-plane-api
mirror of https://github.com/envoyproxy/data-plane-api.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

external authz: Interpret error grpc codes of the external authz server as failure to fix failure_mode_allowed feature (#34951)

Browse Source 
Fixes #34705

Signed-off-by: konstantin-baidin-y42 <konstantin.baidin@y42.com>

Mirrored from https://github.com/envoyproxy/envoy @ 69a9c7c7468e8484f439e302b4f0cd4f3784545e
main
update-envoy[bot] 4 months ago
parent 2b1bb7805e
commit 69ecda60eb
2 changed files with 6 additions and 4 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 5
      envoy/config/filter/http/ext_authz/v2/ext_authz.proto
  2. 5
      envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto

5
envoy/config/filter/http/ext_authz/v2/ext_authz.proto
Unescape View File

@ -40,11 +40,12 @@ message ExtAuthz {
//
// 1. When set to true, the filter will *accept* client request even if the communication with
// the authorization service has failed, or if the authorization service has returned a HTTP 5xx
// error.
// error. In case with GRPC authorization service, only PermissionDenied (7) and Unauthenticated (16)
// status codes will *reject* client requests. And other GRPC statuses will *accept* client requests.
//
// 2. When set to false, ext-authz will *reject* client requests and return a *Forbidden*
// response if the communication with the authorization service has failed, or if the
// authorization service has returned a HTTP 5xx error.
// authorization service has returned a HTTP 5xx error or any non-Ok GRPC status.
//
// Note that errors can be *always* tracked in the :ref:`stats
// <config_http_filters_ext_authz_stats>`.

5
envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto
Unescape View File

@ -56,11 +56,12 @@ message ExtAuthz {
//
// 1. When set to true, the filter will ``accept`` client request even if the communication with
// the authorization service has failed, or if the authorization service has returned a HTTP 5xx
// error.
// error. In case with GRPC authorization service, only PermissionDenied (7) and Unauthenticated (16)
// status codes will ``reject`` client requests. And other GRPC statuses will ``accept`` client requests.
//
// 2. When set to false, ext-authz will ``reject`` client requests and return a ``Forbidden``
// response if the communication with the authorization service has failed, or if the
// authorization service has returned a HTTP 5xx error.
// authorization service has returned a HTTP 5xx error or any non-Ok GRPC status.
//
// Note that errors can be ``always`` tracked in the :ref:`stats
// <config_http_filters_ext_authz_stats>`.

Write Preview
Loading…
Cancel
Save