envoyproxy/envoy

ext_authz to be able to set x-envoy-force-trace

Open

#21,670 opened on 2022年6月12日

GitHub で見る
 (7 comments) (0 reactions) (0 assignees)C++ (5,373 forks)batch import
area/ext_authzhelp wanted

Repository metrics

Stars
 (27,997 stars)
PR merge metrics
 (平均マージ 8d) (30d で 378 merged PRs)

説明

Title: ext_authz to be able to set x-envoy-force-trace

Description:

The documentation states that

If an internal request sets this header, Envoy will modify the generated x-request-id such that it forces traces to be collected.

However, setting this in an ext_authz with allowed_upstream_headers doesn't enable tracing. It does cause an x-request-id response header.

It would be practical if ext_authz could set the tracing state based on user/session configuration since it's already manipulating that data anyway.

Relevant Links:

The code that checks the header is in conn_manager_utility.cc, but I wonder if this condition in conn_manager_impl.cc is what's causing this decision to be re-evaluated after ext_authz.

The x-request-id response header decision doesn't check the trace reason, but explicitly looks at the force header, which explains why that shows up even without tracing.

コントリビューターガイド