envoyproxy / envoy

Cloud-native high-performance edge/middle/service proxy
https://www.envoyproxy.io
Apache License 2.0
25.05k stars 4.82k forks source link

Pass gRPC metadata to ext_authz #7272

Open splix opened 5 years ago

splix commented 5 years ago

Title: Pass gRPC metadata to ext_authz

Description: With current ext_authz filter implementation an external grpc_service receives only subset of request information, such as IPs and TLS details. It would be really helpful to have ability to access gRPC metadata headers as well.

Our current authorization schema is based on metadata fields added to grpc calls. Metadata is checked on server side, and we would like to move it out to Envoy filters.

It seems to be possible for http_service to configure which http headers will be passed to authz service, but nothing like that is configurable for grpc_service type.

dsymonds commented 4 years ago

Are you sure it isn't already working? I'm finding that gRPC client-set metadata (passed as headers) gets through to our ext_authz service, appearing as regular HTTP headers. I'm using Envoy v1.14.2.

jamersonchequer commented 3 years ago

Were you able to solve this problem? I have the same problem