diff --git a/envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto b/envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto index 66daea8c..ae6466b7 100644 --- a/envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto +++ b/envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto @@ -25,7 +25,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // External Authorization :ref:`configuration overview `. // [#extension: envoy.filters.http.ext_authz] -// [#next-free-field: 16] +// [#next-free-field: 17] message ExtAuthz { option (udpa.annotations.versioning).previous_message_type = "envoy.config.filter.http.ext_authz.v2.ExtAuthz"; @@ -84,7 +84,7 @@ message ExtAuthz { type.v3.HttpStatus status_on_error = 7; // Specifies a list of metadata namespaces whose values, if present, will be passed to the - // ext_authz service as an opaque *protobuf::Struct*. + // ext_authz service. :ref:`filter_metadata ` is passed as an opaque *protobuf::Struct*. // // For example, if the *jwt_authn* filter is used and :ref:`payload_in_metadata // ` is set, @@ -97,6 +97,14 @@ message ExtAuthz { // repeated string metadata_context_namespaces = 8; + // Specifies a list of metadata namespaces whose values, if present, will be passed to the + // ext_authz service. :ref:`typed_filter_metadata ` is passed as an *protobuf::Any*. + // + // It works in a way similar to `metadata_context_namespaces` but allows envoy and external authz server to share the protobuf message definition + // in order to do a safe parsing. + // + repeated string typed_metadata_context_namespaces = 16; + // Specifies if the filter is enabled. // // If :ref:`runtime_key ` is specified,