ext_authz: Add a per-route flag to skip request body buffering (#13389)

This patch adds a per-route flag to bypass the request body buffering. Fixes #13285 Signed-off-by: Dhi Aurrahman <dio@tetrate.io> Mirrored from https://github.com/envoyproxy/envoy @ 10e5a47fdc9c3120d24b4d3e5383d49ddeca344a
4 years ago · a95a23fc7a
parent 3980649d0a
commit a95a23fc7a
2 changed files with 22 additions and 10 deletions
--- a/envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto
+++ b/envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto
@ -267,11 +267,7 @@ message ExtAuthzPerRoute {
  }
 }

-// Extra settings for the check request. You can use this to provide extra context for the
-// external authorization server on specific virtual hosts \ routes. For example, adding a context
-// extension on the virtual host level can give the ext-authz server information on what virtual
-// host is used without needing to parse the host header. If CheckSettings is specified in multiple
-// per-filter-configs, they will be merged in order, and the result will be used.
+// Extra settings for the check request.
 message CheckSettings {
  option (udpa.annotations.versioning).previous_message_type =
      "envoy.config.filter.http.ext_authz.v2.CheckSettings";
@ -279,6 +275,12 @@ message CheckSettings {
  // Context extensions to set on the CheckRequest's
  // :ref:`AttributeContext.context_extensions<envoy_api_field_service.auth.v3.AttributeContext.context_extensions>`
  //
+  // You can use this to provide extra context for the external authorization server on specific
+  // virtual hosts/routes. For example, adding a context extension on the virtual host level can
+  // give the ext-authz server information on what virtual host is used without needing to parse the
+  // host header. If CheckSettings is specified in multiple per-filter-configs, they will be merged
+  // in order, and the result will be used.
+  //
  // Merge semantics for this field are such that keys from more specific configs override.
  //
  // .. note::
@ -286,4 +288,8 @@ message CheckSettings {
  //   These settings are only applied to a filter configured with a
  //   :ref:`grpc_service<envoy_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.grpc_service>`.
  map<string, string> context_extensions = 1;
+
+  // When set to true, disable the configured :ref:`with_request_body
+  // <envoy_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.with_request_body>` for a route.
+  bool disable_request_body_buffering = 2;
 }
--- a/envoy/extensions/filters/http/ext_authz/v4alpha/ext_authz.proto
+++ b/envoy/extensions/filters/http/ext_authz/v4alpha/ext_authz.proto
@ -267,11 +267,7 @@ message ExtAuthzPerRoute {
  }
 }

-// Extra settings for the check request. You can use this to provide extra context for the
-// external authorization server on specific virtual hosts \ routes. For example, adding a context
-// extension on the virtual host level can give the ext-authz server information on what virtual
-// host is used without needing to parse the host header. If CheckSettings is specified in multiple
-// per-filter-configs, they will be merged in order, and the result will be used.
+// Extra settings for the check request.
 message CheckSettings {
  option (udpa.annotations.versioning).previous_message_type =
      "envoy.extensions.filters.http.ext_authz.v3.CheckSettings";
@ -279,6 +275,12 @@ message CheckSettings {
  // Context extensions to set on the CheckRequest's
  // :ref:`AttributeContext.context_extensions<envoy_api_field_service.auth.v4alpha.AttributeContext.context_extensions>`
  //
+  // You can use this to provide extra context for the external authorization server on specific
+  // virtual hosts/routes. For example, adding a context extension on the virtual host level can
+  // give the ext-authz server information on what virtual host is used without needing to parse the
+  // host header. If CheckSettings is specified in multiple per-filter-configs, they will be merged
+  // in order, and the result will be used.
+  //
  // Merge semantics for this field are such that keys from more specific configs override.
  //
  // .. note::
@ -286,4 +288,8 @@ message CheckSettings {
  //   These settings are only applied to a filter configured with a
  //   :ref:`grpc_service<envoy_api_field_extensions.filters.http.ext_authz.v4alpha.ExtAuthz.grpc_service>`.
  map<string, string> context_extensions = 1;
+
+  // When set to true, disable the configured :ref:`with_request_body
+  // <envoy_api_field_extensions.filters.http.ext_authz.v4alpha.ExtAuthz.with_request_body>` for a route.
+  bool disable_request_body_buffering = 2;
 }