envoyproxy/envoy

ext_authz to be able to set x-envoy-force-trace

Open

#21 670 ouverte le 12 juin 2022

Voir sur GitHub
 (7 commentaires) (0 réactions) (0 assignés)C++ (5 373 forks)batch import
area/ext_authzhelp wanted

Métriques du dépôt

Stars
 (27 997 stars)
Métriques de merge PR
 (Merge moyen 8j) (378 PRs mergées en 30 j)

Description

Title: ext_authz to be able to set x-envoy-force-trace

Description:

The documentation states that

If an internal request sets this header, Envoy will modify the generated x-request-id such that it forces traces to be collected.

However, setting this in an ext_authz with allowed_upstream_headers doesn't enable tracing. It does cause an x-request-id response header.

It would be practical if ext_authz could set the tracing state based on user/session configuration since it's already manipulating that data anyway.

Relevant Links:

The code that checks the header is in conn_manager_utility.cc, but I wonder if this condition in conn_manager_impl.cc is what's causing this decision to be re-evaluated after ext_authz.

The x-request-id response header decision doesn't check the trace reason, but explicitly looks at the force header, which explains why that shows up even without tracing.

Guide contributeur