diff --git a/internal/xds/translator/extauth.go b/internal/xds/translator/extauth.go index 102497633e0..9720ffb341d 100644 --- a/internal/xds/translator/extauth.go +++ b/internal/xds/translator/extauth.go @@ -147,9 +147,13 @@ func httpService(http *ir.HTTPExtAuthService) *extauthv3.HttpService { var ( uri string headersToBackend []*matcherv3.StringMatcher - service = new(extauthv3.HttpService) + service *extauthv3.HttpService ) + service = &extauthv3.HttpService{ + PathPrefix: http.Path, + } + u := url.URL{ // scheme should be decided by the TLS setting, but we don't have that info now. // It's safe to set it to http because the ext auth filter doesn't use the diff --git a/internal/xds/translator/testdata/out/xds-ir/ext-auth.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/ext-auth.listeners.yaml index e85a6d3b854..083a4a6f3f1 100644 --- a/internal/xds/translator/testdata/out/xds-ir/ext-auth.listeners.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/ext-auth.listeners.yaml @@ -39,6 +39,7 @@ patterns: - exact: header1 - exact: header2 + pathPrefix: /auth serverUri: cluster: securitypolicy/default/policy-for-gateway-1/envoy-gateway/http-backend timeout: 10s