Attach connection dynamic metadata to request as HTTP header

[skambashi]

Title: Attach connection dynamic metadata to request as HTTP header

Description:
We are currently using envoy v1.15.0

I am using a proxy protocol listener filter to extract TLV values, which I then want to attach as an HTTP header to the request. I'm hoping to use this request header in the external auth service to do some additional validation on the TLV value.

In particular this is for validating requests that pass through an AWS network balancer.

My current proxy protocol listener filter looks something like the following:

listener_filters: [
    {
      name: "envoy.filters.listener.proxy_protocol",
      typed_config: {
        "@type": "type.googleapis.com/envoy.extensions.filters.listener.proxy_protocol.v3.ProxyProtocol",
        rules: [
          {
            tlv_type: 234,
            on_tlv_present: {
              metadata_namespace: "my_namespace",
              key: "my_key",
            }
          },
        ],
      },
    }

and I am able to see the TLV value when I log it from the listener's access_log ("%DYNAMIC_METADATA(my_namespace:my_key)%"). Unfortunately I have not been successful in finding a way to attach this information to the request. The first place I looked at was the lua filter in the http conn manager for this listener, but it doesn't have access to the connection's dynamic metadata.

From what I understand, the dynamicMetadata object that is exposed in the lua handler is the one for the HTTP stream, and there's a separate dynamicMetadata that the lua filter does not have access to for the network connection. Is there any way to attach this TLV to the request as an HTTP header with the current version of Envoy?

Thanks,
Seikun Kambashi

[Relevant Links:]

• AWS network balancer proxy protocol - https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#proxy-protocol
• Lua dynamic metadata - https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/lua_filter#dynamic-metadata-object-api
• Sharing data between filters - https://www.envoyproxy.io/docs/envoy/v1.15.0/intro/arch_overview/advanced/data_sharing_between_filters#dynamic-state
• Extract TLVs from Proxy Protocol v2 and emit to dynamic metadata PR - Extract TLVs from Proxy Protocol v2 and emit to dynamic metadata #11488 (review)

[stale]

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or other activity occurs. Thank you for your contributions.

[blang]

@skambashi could you please share your listeners access log? I'm facing the same problem an documentation is scarce.
Can @songhu please elaborate on how to use the extracted tlvs?
Thanks a lot and merry christmas

[github-actions]

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or "no stalebot" or other activity occurs. Thank you for your contributions.

[github-actions]

This issue has been automatically closed because it has not had activity in the last 37 days. If this issue is still valid, please ping a maintainer and ask them to label it as "help wanted" or "no stalebot". Thank you for your contributions.