envoyproxy/envoy

ext_authz to be able to set x-envoy-force-trace

Open

#21,670 opened on Jun 12, 2022

View on GitHub
 (7 comments) (0 reactions) (0 assignees)C++ (5,373 forks)batch import
area/ext_authzhelp wanted

Repository metrics

Stars
 (27,997 stars)
PR merge metrics
 (Avg merge 8d) (378 merged PRs in 30d)

Description

Title: ext_authz to be able to set x-envoy-force-trace

Description:

The documentation states that

If an internal request sets this header, Envoy will modify the generated x-request-id such that it forces traces to be collected.

However, setting this in an ext_authz with allowed_upstream_headers doesn't enable tracing. It does cause an x-request-id response header.

It would be practical if ext_authz could set the tracing state based on user/session configuration since it's already manipulating that data anyway.

Relevant Links:

The code that checks the header is in conn_manager_utility.cc, but I wonder if this condition in conn_manager_impl.cc is what's causing this decision to be re-evaluated after ext_authz.

The x-request-id response header decision doesn't check the trace reason, but explicitly looks at the force header, which explains why that shows up even without tracing.

Contributor guide