From cc33dfd8d98528cd68d953aeaca95cba82d80c55 Mon Sep 17 00:00:00 2001
From: "data-plane-api(Azure Pipelines)"
 <data-plane-api@users.noreply.github.com>
Date: Fri, 25 Mar 2022 15:02:32 +0000
Subject: [PATCH] ext_authz: forward typed_filter_metadata selected by
 typed_metadata_context_namespaces to external auth service. (#20305)

filter_metadata is already forwarded to external auth service
but typed_filter_metadata is not, this commit fixes this.

Signed-off-by: Wanli Li <wanlil@netflix.com>

Mirrored from https://github.com/envoyproxy/envoy @ 9cce4a61851069f025493726f0b6cef87489f394
---
 .../filters/http/ext_authz/v3/ext_authz.proto        | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto b/envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto
index 66daea8c..ae6466b7 100644
--- a/envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto
+++ b/envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto
@@ -25,7 +25,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 // External Authorization :ref:`configuration overview <config_http_filters_ext_authz>`.
 // [#extension: envoy.filters.http.ext_authz]
 
-// [#next-free-field: 16]
+// [#next-free-field: 17]
 message ExtAuthz {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.config.filter.http.ext_authz.v2.ExtAuthz";
@@ -84,7 +84,7 @@ message ExtAuthz {
   type.v3.HttpStatus status_on_error = 7;
 
   // Specifies a list of metadata namespaces whose values, if present, will be passed to the
-  // ext_authz service as an opaque *protobuf::Struct*.
+  // ext_authz service. :ref:`filter_metadata <envoy_v3_api_field_config.core.v3.Metadata.filter_metadata>` is passed as an opaque *protobuf::Struct*.
   //
   // For example, if the *jwt_authn* filter is used and :ref:`payload_in_metadata
   // <envoy_v3_api_field_extensions.filters.http.jwt_authn.v3.JwtProvider.payload_in_metadata>` is set,
@@ -97,6 +97,14 @@ message ExtAuthz {
   //
   repeated string metadata_context_namespaces = 8;
 
+  // Specifies a list of metadata namespaces whose values, if present, will be passed to the
+  // ext_authz service. :ref:`typed_filter_metadata <envoy_v3_api_field_config.core.v3.Metadata.typed_filter_metadata>` is passed as an *protobuf::Any*.
+  //
+  // It works in a way similar to `metadata_context_namespaces` but allows envoy and external authz server to share the protobuf message definition
+  // in order to do a safe parsing.
+  //
+  repeated string typed_metadata_context_namespaces = 16;
+
   // Specifies if the filter is enabled.
   //
   // If :ref:`runtime_key <envoy_v3_api_field_config.core.v3.RuntimeFractionalPercent.runtime_key>` is specified,