-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
internal redirects: support passing headers from response to request #30793
internal redirects: support passing headers from response to request #30793
Conversation
CC @envoyproxy/api-shepherds: Your approval is needed for changes made to |
I'm not particularly excited about the field name, so I'm happy to take suggestions for a better name if desired. Also, I feel like I don't understand the lifetimes for the header maps very well, so I defaulted to using SetCopy(). I'm happy to change those if that helps at all. |
At least one of the failed checks looks to be a flake in the test infrastructure, btw. |
/lgtm api |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Matt, adding you back for 2 more API comments, then you can clear again :-)
docs/root/intro/arch_overview/http/http_connection_management.rst
Outdated
Show resolved
Hide resolved
/wait on CI and comments |
77ee6a9
to
ff92313
Compare
I've been fighting a bit with the pre-push checks because they don't work on M2 Macs, which is my primary development environment for this work. I think things will pass now, at least. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LG modulo a few remaining nits
/wait
This adds a new (repeated) field in the internal redirect policy, "response_headers_to_preserve". When set, the headers named there will be copied from the response that triggers an internal redirect into the request that follows. This allows some limited information passing through the internal redirect system. The current system is faithful to the idea that internal redirects are purely a latency optimization, and should behave similarly to if the redirect had been passed to the downstream user-agent. This does violate that idea. Other proxies, such as Nginx, have a much more flexible way of handling internal redirects that allows a fair bit of information passing like this. This should allow implementations to adopt Envoy that are using this kind of information passing, with reduced needs to rearchitect. Fixes: envoyproxy#30441 Fixes: envoyproxy#16777 Signed-off-by: Ryan Anderson <ryan.anderson@snowflake.com> Signed-off-by: Ryan Anderson <ryan@michonline.com>
Signed-off-by: Ryan Anderson <ryan@michonline.com>
Signed-off-by: Ryan Anderson <ryan@michonline.com>
Signed-off-by: Ryan Anderson <ryan@michonline.com>
Signed-off-by: Ryan Anderson <ryan@michonline.com>
Signed-off-by: Ryan Anderson <ryan@michonline.com>
Signed-off-by: Ryan Anderson <ryan@michonline.com>
Signed-off-by: Ryan Anderson <ryan@michonline.com>
Signed-off-by: Ryan Anderson <ryan@michonline.com>
Signed-off-by: Ryan Anderson <ryan@michonline.com>
Signed-off-by: Ryan Anderson <ryan@michonline.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry for holiday delay. still almost there - adding a secondary reviewer since they can review in parallel to my last nits.
Signed-off-by: Ryan Anderson <ryan@michonline.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A few small comments.
Signed-off-by: Ryan Anderson <ryan@michonline.com>
Signed-off-by: Ryan Anderson <ryan@michonline.com>
Signed-off-by: Ryan Anderson <ryan@michonline.com>
LGTM, though it looks like this needs a main merge. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM modulo one nit and the main merge
Signed-off-by: Ryan Anderson <ryan@michonline.com>
/wait |
…-request Signed-off-by: Ryan Anderson <ryan@michonline.com>
Fixed the merge conflicts in the changelog since I think this is hopefully done now. |
…-request Signed-off-by: Ryan Anderson <ryan@michonline.com>
I don't think the latest changes caused any of these test failures, so if someone can retrigger the tests, that would be great. (The tests failed after I did the conflict-merge for the changelog, which ... seems unlikely to cause the failures seen, lol.) |
/retry-azp (Not sure if that will work, but worth a shot) |
/retest :-) |
Commit Message:
This adds a new (repeated) field in the internal redirect policy, "response_headers_to_copy". When set, the headers named there will be copied from the response that triggers an internal redirect into the request that follows.
This allows some limited information passing through the internal redirect system.
The current system is faithful to the idea that internal redirects are purely a latency optimization, and should behave similarly to if the redirect had been passed to the downstream user-agent. This does violate that idea.
Other proxies, such as Nginx, have a much more flexible way of handling internal redirects that allows a fair bit of information passing like this. This should allow implementations to adopt Envoy that are using this kind of information passing, with reduced needs to rearchitect.
Risk Level: Low
Testing: Various tests added. Manual test done as well.
Docs Changes: Docs updated to reflect the additional features.
Release Notes: Release notes updated.
Fixes: #30441
Fixes: #16777
API Considerations: Requires configuration, so default is no behavior change. Otherwise, I believe everything else is covered or not relevant.