From eb877ac5d665f8d210d584bdf7a35d0e672dfbcc Mon Sep 17 00:00:00 2001
From: "data-plane-api(CircleCI)" <data-plane-api@users.noreply.github.com>
Date: Mon, 22 Jun 2020 16:19:43 +0000
Subject: [PATCH] ext_authz: support sending multiple headers with the same
 name to upstream (#11158)

This patch adds allowed_upstream_headers_to_append to allow sending multiple headers with the same name to upstream.

Relevant issue: solo-io/gloo#2983.

Risk Level: Low
Testing: Unit tests.
Docs Changes: Added.
Release Notes: Added.
Fixes #11156

Signed-off-by: weixiao-huang <hwx.simle@gmail.com>

Mirrored from https://github.com/envoyproxy/envoy @ dcf34972d1bc15324835c40dfd7a780e8fc69d72
---
 envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto   | 5 +++++
 .../filters/http/ext_authz/v4alpha/ext_authz.proto           | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto b/envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto
index 0efa67c6..d9264ca6 100644
--- a/envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto
+++ b/envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto
@@ -213,6 +213,11 @@ message AuthorizationResponse {
   // Note that coexistent headers will be overridden.
   type.matcher.v3.ListStringMatcher allowed_upstream_headers = 1;
 
+  // When this :ref:`list <envoy_api_msg_type.matcher.v3.ListStringMatcher>` is set, authorization
+  // response headers that have a correspondent match will be added to the client's response. Note
+  // that coexistent headers will be appended.
+  type.matcher.v3.ListStringMatcher allowed_upstream_headers_to_append = 3;
+
   // When this :ref:`list <envoy_api_msg_type.matcher.v3.ListStringMatcher>`. is set, authorization
   // response headers that have a correspondent match will be added to the client's response. Note
   // that when this list is *not* set, all the authorization response headers, except *Authority
diff --git a/envoy/extensions/filters/http/ext_authz/v4alpha/ext_authz.proto b/envoy/extensions/filters/http/ext_authz/v4alpha/ext_authz.proto
index fe288f85..7442715a 100644
--- a/envoy/extensions/filters/http/ext_authz/v4alpha/ext_authz.proto
+++ b/envoy/extensions/filters/http/ext_authz/v4alpha/ext_authz.proto
@@ -213,6 +213,11 @@ message AuthorizationResponse {
   // Note that coexistent headers will be overridden.
   type.matcher.v4alpha.ListStringMatcher allowed_upstream_headers = 1;
 
+  // When this :ref:`list <envoy_api_msg_type.matcher.v4alpha.ListStringMatcher>` is set, authorization
+  // response headers that have a correspondent match will be added to the client's response. Note
+  // that coexistent headers will be appended.
+  type.matcher.v4alpha.ListStringMatcher allowed_upstream_headers_to_append = 3;
+
   // When this :ref:`list <envoy_api_msg_type.matcher.v4alpha.ListStringMatcher>`. is set, authorization
   // response headers that have a correspondent match will be added to the client's response. Note
   // that when this list is *not* set, all the authorization response headers, except *Authority