search

envoyproxy / envoy

Cloud-native high-performance edge/middle/service proxy
https://www.envoyproxy.io
Apache License 2.0
24.8k stars 4.77k forks source link

Allow filtering of headers sent in CheckRequest to gRPC ext authz #21535

Open petedmarsh opened 2 years ago

petedmarsh commented 2 years ago

Title: Allow filtering of headers sent in CheckRequest to gRPC ext authz

Description:

The HTTP ext authz allows for the filtering of headers from the request sent to the ext authz service (allowed_headers: https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/http/ext_authz/v3/ext_authz.proto#extensions-filters-http-ext-authz-v3-authorizationrequest), but the gRPC version does not.

In my case a lot of non-required headers are being passed along to my ext authz, I would prefer if they were not. I could of course move to straight HTTP but I don't really want to do that either.

KBaichoo commented 2 years ago

cc @pradeepcrao @esmet as a ext_authz owners

rulex123 commented 1 year ago

👋 @KBaichoo I have a patch that addresses this issue. Any chance we can get somebody to help with a first pass of code review? Thanks!