EnvoyExtensionPolicy support metadata_options in ExtProc

[zirain]

this's useful when we're trying to use metadata to share info across filters(e.g. envoy.filters.http.jwt_authn)

cc @envoyproxy/gateway-maintainers WDYT?

[guydc]

+1

I would actually recommend exposing some additional ext-proc options: #3170, #3247 . Notably, attributes also provide metadata about the connection/request that could be useful for extensions to have the required context for processing traffic.

[arkodg]

-1 on this
to use metadata_options, the user would also need to add custom modifications to other parts of envoy as well that are not exposed by the EG API and would need EnvoyPatchPolicy or Extension Manager

[zirain]

-1 on this to use metadata_options, the user would also need to add custom modifications to other parts of envoy as well that are not exposed by the EG API and would need EnvoyPatchPolicy or Extension Manager

why need that? it's a common case to use metadata(e.g. envoy.filters.http.jwt_authn) in ExtProc.

[arkodg]

-1 on this to use metadata_options, the user would also need to add custom modifications to other parts of envoy as well that are not exposed by the EG API and would need EnvoyPatchPolicy or Extension Manager

why need that? it's a common case to use metadata(e.g. envoy.filters.http.jwt_authn) in ExtProc.

How would the user configure the metadata in the JWT filter ? Wouldn't they need some extension mechanism to do it ?

[zirain]

-1 on this to use metadata_options, the user would also need to add custom modifications to other parts of envoy as well that are not exposed by the EG API and would need EnvoyPatchPolicy or Extension Manager

why need that? it's a common case to use metadata(e.g. envoy.filters.http.jwt_authn) in ExtProc.

How would the user configure the metadata in the JWT filter ? Wouldn't they need some extension mechanism to do it ?

no, no

[zirain]

a demo configuration looks like following:

#                  - name: envoy.filters.http.jwt_authn
#                    typedConfig:
#                      "@type": type.googleapis.com/envoy.extensions.filters.http.jwt_authn.v3.JwtAuthentication
#                      providers:
#                        "jwt1":
#                          forward: true
#                          local_jwks:
#                            filename: /etc/envoy/jwks.json
#                          payloadInMetadata: "playload"
#                      requirementMap:
#                        "route":
#                          providerName: jwt1
#                  - name: envoy.filters.http.set_metadata
#                    typed_config:
#                      "@type": type.googleapis.com/envoy.extensions.filters.http.set_metadata.v3.Config
#                      metadata_namespace: "test1"
#                      value:
#                        key1: val1

[github-actions]

This issue has been automatically marked as stale because it has not had activity in the last 30 days.