Repository metrics
- Stars
- (2,871 stars)
- PR merge metrics
- (PR metrics pending)
説明
Description:
We have a use case that requires emitting specific information from the external authz service into the logs, and this can be achieved using dynamic metadata. In the grpc ext_authz, dynamic metadata can be included directly as part of CheckResponse. However, in the http ext_authz, the only method to pass this information is by sending it as response headers, which are then emitted via the dynamic_metadata_from_headers.
It would be great if the dynamic_metadata_from_headers field can be exposed
proposal:
In the current implementation, allowed_upstream_headers is already implemented as headersToBackend with support for the exact match type only. We can extend the functionality to include dynamic_metadata_from_headers to support this.
headersToMetadata seems like a suitable option for dynamic_metadata_from_headers. However, I welcome any feedback and suggestions
apiVersion: gateway.envoyproxy.io/v1alpha1
kind: SecurityPolicy
metadata:
name: ext-auth-example
spec:
extAuth:
failOpen: false
http:
backendRefs:
- group: ""
kind: Service
name: http-ext-auth
port: 9002
headersToMetadata:
- x-user-id
targetRefs:
- group: gateway.networking.k8s.io
kind: HTTPRoute
name: backend