Retrieve DynamicMetadata

[eloycoto]

Hi!

Checking how can I modify/get values from DynamicMetadata, and I did not found a way to retrieve it using Wasm plugin.

The list of filters that are using this feature are the following:
https://www.envoyproxy.io/docs/envoy/latest/configuration/advanced/well_known_dynamic_metadata

An example code that writes this is the following:
https://github.com/envoyproxy/envoy/blob/master/source/extensions/filters/http/jwt_authn/filter.cc#L103-L105

I have tried with get_properties/get_shared_data functions, but I was not able to get any result. I can get/set the information using Lua filter. Checking the wasm code and all proxy_wasm projects, I cannot see any reference to this.

My idea is to use something like FFI, but I'm not sure that can be possible at all:
https://github.com/proxy-wasm/spec/tree/master/abi-versions/vNEXT#foreign-function-interface-ffi

Is there any way to retrieve this information?

Regards.

[kyessenov]

You can read dynamic metadata, e.g. see https://github.com/istio/proxy/blob/master/extensions/common/context.cc#L103. There is no way to write metadata right now, since the implementation relies on filter state instead. We found protobuf-backed metadata was too costly for exchanging data between Wasm filters.

[eloycoto]

I'm trying, but it didn't work, should be like this, no?

self.get_property(vec!["envoy", "filters", "http", "jwt_authn", "0", "key"]);

It is always null :\

[kyessenov]

I think the path should be "metadata", "filter_metadata", "envoy.filters.http.jwt_authn", "my_payload", "iss" for issuer according to https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/filter/http/jwt_authn/v2alpha/config.proto.

[eloycoto]

Ok, gotcha!

I got it working, thanks for the clarification, with the following code works:
envoy.yaml

          http_filters:
          - name: envoy.filters.http.jwt_authn
            config:
              providers:
                keycloak:
                  issuer: http://keycloak:8080/auth/realms/eloycoto
                  payload_in_metadata: eloy
                  from_headers:
                  - name: Authorization
                    value_prefix: "Bearer "
                  audiences:
                  - "admin-cli"
                  remote_jwks:
                    http_uri:
                      uri: http://keycloak:8080/auth/realms/eloycoto/protocol/openid-connect/certs
                      cluster: keycloak
                      timeout: 60s
              rules:
                 - match:
                     prefix: /health
                 - match:
                     prefix: /headers
                   requires:
                     provider_name: keycloak
          - name: envoy.filters.http.wasm
            config:
              config:
                name: "my_plugin"
                root_id: "add_header"
                vm_config:
                  vm_id: "my_vm_id"
                  runtime: "envoy.wasm.runtime.v8"
                  code:
                    local:
                      filename: "/opt/filter.wasm"
                  allow_precompiled: true

And here the call on rust code:

        let data = self.get_property(vec![
            "metadata",
            "filter_metadata",
            "envoy.filters.http.jwt_authn",
            "eloy",
        ]);

Many thanks, closing!