-
Notifications
You must be signed in to change notification settings - Fork 7.7k
/
authz-ext-authz.yaml
15 lines (15 loc) · 1.04 KB
/
authz-ext-authz.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
apiVersion: release-notes/v2
kind: feature
area: security
issue:
- https://github.com/istio/api/pull/1926
docs:
- '[reference] https://istio.io/latest/docs/reference/config/istio.mesh.v1alpha1/#MeshConfig-ExtensionProvider-EnvoyExternalAuthorizationHttpProvider'
releaseNotes:
- |
Improved the experimental [External Authorization](https://istio.io/latest/docs/tasks/security/authorization/authz-custom/) feature with new capabilities:
- **Added** the `timeout` field to configure the timeout (default is 10m) between the ext_authz filter and the external service.
- **Added** the `include_additional_headers_in_check` field to send additional headers to the external service.
- **Added** the `include_request_body_in_check` field to send the body to the external service.
- **Supported** prefix and suffix match in the `include_request_headers_in_check`, `headers_to_upstream_on_allow` and `headers_to_downstream_on_deny` field.
- **Deprecated** the `include_headers_in_check` field with the new `include_request_headers_in_check` field for better naming.