-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ext_authz(http): Read headers sent by ExtAuthz service in the next lua filter #33416
Comments
@htuch |
Is the request rejected at this point? If so, the filter after ext_authz won't run. |
Hello @htuch I have failure_mode_allow: true which allows ExtAuthz filter to pass the request to next Lua filter for 5XX but I want to identify (read status code) the cause of ExtAuthz failure in next Lua filter which I am unable to do as all the headers seems to be removed by ExtAuthz filter when it returns 5XX. Mainly I want to identify 2 failures, 500 and 503. our ExtAuthz server returns 500 if there is any failure in processing the request. Also, sometime Envoy doesn't able to reach ExtAuthz server and fails with 503 (reported here with logs #32058). I want to retry for 503 case (connection issue) in the next Lua filter but don't want to retry for 500 case (processing error by ExtAuthz server). How can i identify the status code of ExtAuthz filter in the next Lua filter or any other way I can achieve the same? |
Reading
failure_mdoe_allowed logic and doesn't apply any headers (as done above in
One option might be to enhance |
This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or "no stalebot" or other activity occurs. Thank you for your contributions. |
This issue has been automatically closed because it has not had activity in the last 37 days. If this issue is still valid, please ping a maintainer and ask them to label it as "help wanted" or "no stalebot". Thank you for your contributions. |
We are using ExtAuthz http service, call to ExtAuthz service fails sometime either due to connection issue(call never reaches ExtAuthz service) or due to some problem in the ExtAuthz processing the request.
In ExtAuthz failure case, I want to retry the request which ExtAuthz static configuration doesn't support yet. so I added a Lua filter after ExtAuthz filter which explicitly calls the ExtAuthz service.
In the next Lua filter I am trying to read the headers set by ExtAuthz service but is not readable.
When ExtAuthz service returns 5XX response, next lua filter cannot access the headers set by ExtAuthz service.
When ExtAuthz service returns 200 response, next lua filter can access the headers set by ExtAuthz service.
Is there any way to get the ExtAuthz service headers in next lua filter for failure case?
In below example, I want to read some-status header coming from ExtAuthz service.
Envoy configuration
Lua config
Output When EXTAUTHZ returns 200
Output When EXTAUTHZ returns 500
The text was updated successfully, but these errors were encountered: