Skip to content

ext_authz: option for clearing route cache of authorized requests #6503

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 18 commits into from
Apr 18, 2019
Merged

ext_authz: option for clearing route cache of authorized requests #6503

merged 18 commits into from
Apr 18, 2019

Conversation

gsagula
Copy link
Member

@gsagula gsagula commented Apr 6, 2019

Description:
This PR adds a configurable option to ext_authz that allows the filter clearing the route cache. This is particularly useful when the authorization response headers are intended to influence the route decision of an authorized request.

Risk Level: Low
Testing: Yes
Docs Changes: Yes
Release Notes: Yes
Fixes: #6481

Gabriel added 6 commits April 6, 2019 00:05
added configuration, logic and tests for clearing route cache in ext_…
fc73857 
…authz filter

Signed-off-by: Gabriel <gsagula@gmail.com>
fixed format and typos
2bd8f95 
Signed-off-by: Gabriel <gsagula@gmail.com>
edited docs and added version history
3db3e57 
Signed-off-by: Gabriel <gsagula@gmail.com>
Merge branch 'master' of https://github.com/envoyproxy/envoy into cle…
b764fad 
…ar-route-cache

Signed-off-by: Gabriel <gsagula@gmail.com>
edited docs
d013c08 
Signed-off-by: Gabriel <gsagula@gmail.com>
changed authentication to authorization
5b17298 
Signed-off-by: Gabriel <gsagula@gmail.com>
Gabriel added 2 commits April 11, 2019 19:06
fixed version history
d30aec5 
Signed-off-by: Gabriel <gsagula@gmail.com>
Merge branch 'master' of https://github.com/envoyproxy/envoy into cle…
a039ef7 
…ar-route-cache

Signed-off-by: Gabriel <gsagula@gmail.com>
dio
dio suggested changes Apr 12, 2019
View reviewed changes
Copy link
Member

@dio dio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry for late review: Thanks @gsagula for working on this! Small nits and a question:

Gabriel added 3 commits April 13, 2019 20:01
code review changes
08e0689 
Signed-off-by: Gabriel <gsagula@gmail.com>
Merge branch 'master' of https://github.com/envoyproxy/envoy into cle…
85a5aaf 
…ar-route-cache

Signed-off-by: Gabriel <gsagula@gmail.com>
Merge branch 'master' of https://github.com/envoyproxy/envoy into cle…
6cf907c 
…ar-route-cache

Signed-off-by: Gabriel <gsagula@gmail.com>
dio
dio previously approved these changes Apr 16, 2019
View reviewed changes
Copy link
Member

@dio dio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice. Thanks!

mattklein123
mattklein123 requested changes Apr 17, 2019
View reviewed changes
Copy link
Member

@mattklein123 mattklein123 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, 2 small comments.

/wait

@mattklein123 mattklein123 self-assigned this Apr 17, 2019
code review changes
f178dd1 
Signed-off-by: Gabriel <gsagula@gmail.com>
Gabriel added 3 commits April 17, 2019 11:22
fixed docs
422619f 
Signed-off-by: Gabriel <gsagula@gmail.com>
Merge branch 'master' of https://github.com/envoyproxy/envoy into cle…
44aace1 
…ar-route-cache

Signed-off-by: Gabriel <gsagula@gmail.com>
fixed version history
071f7d8 
Signed-off-by: Gabriel <gsagula@gmail.com>
Merge branch 'master' of https://github.com/envoyproxy/envoy into cle…
3b4d539 
…ar-route-cache

Signed-off-by: Gabriel <gsagula@gmail.com>
Gabriel added 2 commits April 17, 2019 16:31
Merge branch 'master' of https://github.com/envoyproxy/envoy into cle…
dd88bfc 
…ar-route-cache

Signed-off-by: Gabriel <gsagula@gmail.com>
fixed tests
93838fe 
Signed-off-by: Gabriel <gsagula@gmail.com>
mattklein123
mattklein123 approved these changes Apr 18, 2019
View reviewed changes
Copy link
Member

@mattklein123 mattklein123 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very nice!

@mattklein123 mattklein123 merged commit 0e109cb into envoyproxy:master Apr 18, 2019
mpuncel added a commit to mpuncel/envoy that referenced this pull request Apr 19, 2019
@mpuncel
Merge branch 'master' into mpuncel/hedging-impl
88b2c8b 
* master: (26 commits)
  docs: update docs to recommend /retest repokitteh command (envoyproxy#6655)
  http timeout integration test: wait for 15s for upstream reset (envoyproxy#6646)
  access log: add response code details to the access log formatter (envoyproxy#6626)
  build: add ppc build badge to README (envoyproxy#6629)
  Revert dispatcher stats (envoyproxy#6649)
  Batch implementation with timer (envoyproxy#6452)
  fault filter: reset token bucket on data start (envoyproxy#6627)
  event: update libevent dependency to fix race condition (envoyproxy#6637)
  examples: standardize docker-compose version and yaml extension (envoyproxy#6613)
  quiche: Implement SpdyUnsafeArena using SpdySimpleArena (envoyproxy#6612)
  router: support customizable retry back-off intervals (envoyproxy#6568)
  api: create OpenRCA service proto file (envoyproxy#6497)
  ext_authz: option for clearing route cache of authorized requests (envoyproxy#6503)
  build: update jinja to 2.10.1. (envoyproxy#6623)
  tools: check spelling in pre-push hook (envoyproxy#6631)
  security: blameless postmortem template. (envoyproxy#6553)
  Implementing Endpoint lease for ClusterLoadAssigment (envoyproxy#6477)
  add HTTP integration tests exercising timeouts (envoyproxy#6621)
  event: fix DispatcherImplTest::InitializeStats flake (envoyproxy#6619)
  Add tag extractor for RDS route config name (envoyproxy#6618)
  ...

Signed-off-by: Michael Puncel <mpuncel@squareup.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mattklein123 mattklein123 mattklein123 approved these changes

+1 more reviewer

@dio dio dio left review comments

Reviewers whose approvals may not affect merge requirements
Assignees

@dio dio

@mattklein123 mattklein123

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Headers added in envoy.ext_authz http_filter are not used for route matching
3 participants
@gsagula @dio @mattklein123