Open nothinux opened 1 week ago
can this be achieved today by headersToBackend
and then removing the header using RequstHeaderModifier
filter https://gateway-api.sigs.k8s.io/guides/http-header-modifier/#http-request-header-modifier?
@arkodg yes, it can be archieved with that approach. However, we won't be able to retrieve the ext_authz_duration data, since it's only available when dynamic_metadata_from_headers
is set. We need that data to monitor the time taken to complete the authorization process for each request
this feels like an advanced use case, I suggest using https://gateway.envoyproxy.io/docs/tasks/extensibility/envoy-patch-policy/ to achieve this lets keep this issue open to see if others in the community are also interested in this
Description: We have a use case that requires emitting specific information from the external authz service into the logs, and this can be achieved using dynamic metadata. In the grpc ext_authz, dynamic metadata can be included directly as part of
CheckResponse
. However, in the http ext_authz, the only method to pass this information is by sending it as response headers, which are then emitted via thedynamic_metadata_from_headers
.It would be great if the dynamic_metadata_from_headers field can be exposed
proposal: In the current implementation,
allowed_upstream_headers
is already implemented asheadersToBackend
with support for theexact
match type only. We can extend the functionality to includedynamic_metadata_from_headers
to support this.headersToMetadata
seems like a suitable option fordynamic_metadata_from_headers
. However, I welcome any feedback and suggestions