ext_authz, docs: Authorization is automatically included in allowed_h…

…eaders (envoyproxy#17051) From https://github.com/envoyproxy/envoy/blob/0a55eb90060664ffa01229a8cd7c1fedcbc0599d/source/extensions/filters/common/ext_authz/ext_authz_http_impl.cc#L132-L133 Authorization header from client request is included in request to the authorization service. Signed-off-by: Dhi Aurrahman <[email protected]>
twghu · Jun 23, 2021 · d526e38 · d526e38
1 parent b7833f0
commit d526e38
Show file tree

Hide file tree

Showing 4 changed files with 52 additions and 40 deletions.
diff --git a/api/envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto b/api/envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto
@@ -215,18 +215,21 @@ message AuthorizationRequest {
   option (udpa.annotations.versioning).previous_message_type =
       "envoy.config.filter.http.ext_authz.v2.AuthorizationRequest";
 
-  // Authorization request will include the client request headers that have a correspondent match
-  // in the :ref:`list <envoy_v3_api_msg_type.matcher.v3.ListStringMatcher>`. Note that in addition to the
-  // user's supplied matchers:
+  // Authorization request includes the client request headers that have a correspondent match
+  // in the :ref:`list <envoy_v3_api_msg_type.matcher.v3.ListStringMatcher>`.
   //
-  // 1. *Host*, *Method*, *Path* and *Content-Length* are automatically included to the list.
+  // .. note::
+  //
+  //   In addition to the the user's supplied matchers, ``Host``, ``Method``, ``Path``,
+  //   ``Content-Length``, and ``Authorization`` are **automatically included** to the list.
+  //
+  // .. note::
   //
-  // 2. *Content-Length* will be set to 0 and the request to the authorization service will not have
-  // a message body. However, the authorization request can include the buffered client request body
-  // (controlled by :ref:`with_request_body
-  // <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.with_request_body>` setting),
-  // consequently the value of *Content-Length* of the authorization request reflects the size of
-  // its payload size.
+  //   By default, ``Content-Length`` header is set to ``0`` and the request to the authorization
+  //   service has no message body. However, the authorization request *may* include the buffered
+  //   client request body (controlled by :ref:`with_request_body
+  //   <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.with_request_body>`
+  //   setting) hence the value of its ``Content-Length`` reflects the size of its payload size.
   //
   type.matcher.v3.ListStringMatcher allowed_headers = 1;
 

diff --git a/api/envoy/extensions/filters/http/ext_authz/v4alpha/ext_authz.proto b/api/envoy/extensions/filters/http/ext_authz/v4alpha/ext_authz.proto
diff --git a/generated_api_shadow/envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto b/generated_api_shadow/envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto
diff --git a/generated_api_shadow/envoy/extensions/filters/http/ext_authz/v4alpha/ext_authz.proto b/generated_api_shadow/envoy/extensions/filters/http/ext_authz/v4alpha/ext_authz.proto