ext_authz: fix docs for `status_on_error` (#24778)

Fixes #24748 Risk Level: Very low Testing: docs only change Signed-off-by: Greg Greenway <ggreenway@apple.com> Mirrored from https://github.com/envoyproxy/envoy @ bfa849bc598870033dbbc11ae17c9abb273e19e5
2 years ago · c4818dbf45
parent 56b03fbe74
commit c4818dbf45
1 changed files with 6 additions and 2 deletions
--- a/envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto
+++ b/envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto
@ -80,8 +80,8 @@ message ExtAuthz {
  //
  bool clear_route_cache = 6;

-  // Sets the HTTP status that is returned to the client when there is a network error between the
-  // filter and the authorization server. The default status is HTTP 403 Forbidden.
+  // Sets the HTTP status that is returned to the client when the authorization server returns an error
+  // or cannot be reached. The default status is HTTP 403 Forbidden.
  type.v3.HttpStatus status_on_error = 7;

  // Specifies a list of metadata namespaces whose values, if present, will be passed to the
@ -125,6 +125,10 @@ message ExtAuthz {
  // typed_per_filter_config for the path, requests will not be denied.
  //
  // If this field is not specified, all requests will be allowed when disabled.
+  //
+  // If a request is denied due to this setting, the response code in :ref:`status_on_error
+  // <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.status_on_error>` will
+  // be returned.
  config.core.v3.RuntimeFeatureFlag deny_at_disable = 11;

  // Specifies if the peer certificate is sent to the external service.