envoyproxy/envoy

ext_authz to be able to set x-envoy-force-trace

Open

#21.670 aperta il 12 giu 2022

Vedi su GitHub
 (7 commenti) (0 reazioni) (0 assegnatari)C++ (5373 fork)batch import
area/ext_authzhelp wanted

Metriche repository

Star
 (27.997 star)
Metriche merge PR
 (Merge medio 8g) (378 PR mergiate in 30 g)

Descrizione

Title: ext_authz to be able to set x-envoy-force-trace

Description:

The documentation states that

If an internal request sets this header, Envoy will modify the generated x-request-id such that it forces traces to be collected.

However, setting this in an ext_authz with allowed_upstream_headers doesn't enable tracing. It does cause an x-request-id response header.

It would be practical if ext_authz could set the tracing state based on user/session configuration since it's already manipulating that data anyway.

Relevant Links:

The code that checks the header is in conn_manager_utility.cc, but I wonder if this condition in conn_manager_impl.cc is what's causing this decision to be re-evaluated after ext_authz.

The x-request-id response header decision doesn't check the trace reason, but explicitly looks at the force header, which explains why that shows up even without tracing.

Guida contributor