From f833d0b489235104525fc278270a8b586d31faa1 Mon Sep 17 00:00:00 2001
From: "data-plane-api(Azure Pipelines)"
 <data-plane-api@users.noreply.github.com>
Date: Wed, 23 Jun 2021 21:32:25 +0000
Subject: [PATCH] ext_authz, docs: Authorization is automatically included in
 allowed_headers (#17051)

From https://github.com/envoyproxy/envoy/blob/0a55eb90060664ffa01229a8cd7c1fedcbc0599d/source/extensions/filters/common/ext_authz/ext_authz_http_impl.cc#L132-L133
Authorization header from client request is included in request to the
authorization service.

Signed-off-by: Dhi Aurrahman <dio@rockybars.com>

Mirrored from https://github.com/envoyproxy/envoy @ d526e38a79d643710d2236322abf7c0804e4146d
---
 .../filters/http/ext_authz/v3/ext_authz.proto | 23 +++++++++++--------
 .../http/ext_authz/v4alpha/ext_authz.proto    | 23 +++++++++++--------
 2 files changed, 26 insertions(+), 20 deletions(-)

diff --git a/envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto b/envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto
index 1effca69..a4de844a 100644
--- a/envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto
+++ b/envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto
@@ -215,18 +215,21 @@ message AuthorizationRequest {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.config.filter.http.ext_authz.v2.AuthorizationRequest";
 
-  // Authorization request will include the client request headers that have a correspondent match
-  // in the :ref:`list <envoy_v3_api_msg_type.matcher.v3.ListStringMatcher>`. Note that in addition to the
-  // user's supplied matchers:
+  // Authorization request includes the client request headers that have a correspondent match
+  // in the :ref:`list <envoy_v3_api_msg_type.matcher.v3.ListStringMatcher>`.
   //
-  // 1. *Host*, *Method*, *Path* and *Content-Length* are automatically included to the list.
+  // .. note::
+  //
+  //   In addition to the the user's supplied matchers, ``Host``, ``Method``, ``Path``,
+  //   ``Content-Length``, and ``Authorization`` are **automatically included** to the list.
+  //
+  // .. note::
   //
-  // 2. *Content-Length* will be set to 0 and the request to the authorization service will not have
-  // a message body. However, the authorization request can include the buffered client request body
-  // (controlled by :ref:`with_request_body
-  // <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.with_request_body>` setting),
-  // consequently the value of *Content-Length* of the authorization request reflects the size of
-  // its payload size.
+  //   By default, ``Content-Length`` header is set to ``0`` and the request to the authorization
+  //   service has no message body. However, the authorization request *may* include the buffered
+  //   client request body (controlled by :ref:`with_request_body
+  //   <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.with_request_body>`
+  //   setting) hence the value of its ``Content-Length`` reflects the size of its payload size.
   //
   type.matcher.v3.ListStringMatcher allowed_headers = 1;
 
diff --git a/envoy/extensions/filters/http/ext_authz/v4alpha/ext_authz.proto b/envoy/extensions/filters/http/ext_authz/v4alpha/ext_authz.proto
index 90f003b0..07114e04 100644
--- a/envoy/extensions/filters/http/ext_authz/v4alpha/ext_authz.proto
+++ b/envoy/extensions/filters/http/ext_authz/v4alpha/ext_authz.proto
@@ -215,18 +215,21 @@ message AuthorizationRequest {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.extensions.filters.http.ext_authz.v3.AuthorizationRequest";
 
-  // Authorization request will include the client request headers that have a correspondent match
-  // in the :ref:`list <envoy_v3_api_msg_type.matcher.v3.ListStringMatcher>`. Note that in addition to the
-  // user's supplied matchers:
+  // Authorization request includes the client request headers that have a correspondent match
+  // in the :ref:`list <envoy_v3_api_msg_type.matcher.v3.ListStringMatcher>`.
   //
-  // 1. *Host*, *Method*, *Path* and *Content-Length* are automatically included to the list.
+  // .. note::
+  //
+  //   In addition to the the user's supplied matchers, ``Host``, ``Method``, ``Path``,
+  //   ``Content-Length``, and ``Authorization`` are **automatically included** to the list.
+  //
+  // .. note::
   //
-  // 2. *Content-Length* will be set to 0 and the request to the authorization service will not have
-  // a message body. However, the authorization request can include the buffered client request body
-  // (controlled by :ref:`with_request_body
-  // <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.with_request_body>` setting),
-  // consequently the value of *Content-Length* of the authorization request reflects the size of
-  // its payload size.
+  //   By default, ``Content-Length`` header is set to ``0`` and the request to the authorization
+  //   service has no message body. However, the authorization request *may* include the buffered
+  //   client request body (controlled by :ref:`with_request_body
+  //   <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.with_request_body>`
+  //   setting) hence the value of its ``Content-Length`` reflects the size of its payload size.
   //
   type.matcher.v4alpha.ListStringMatcher allowed_headers = 1;