-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
support for envoy ext_proc in OPA #6639
Comments
Thanks for filing this request.
Currently you would have to use the From the ext_proc docs this is a WIP but most functionality seems to be implemented. |
Currently, the user would have to do ext_authz filter (and implement ext_authz protocol on their side) for authz, and then ext_proc filter for body transformation etc (and implement ext_proc protocol on their side). This is going to lead to toil and a situation where they refuse to use one or other due to additional work involved. ext_proc is marked as production ready. What part of it is WIP? |
Thanks for the context.
From https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/ext_proc_filter
|
Async mode is completely irrelevant for OPA. async is an enhancement for observability use cases. Could we get some estimate on how long it would take to support this? |
This seems like a good addition. If you'd like to contribute the feature that would be great! We'd be happy to help with any questions, reviews etc. We could also leave this open for sometime for other folks in the community wanting this feature as well to chime in and perhaps submit a contribution. |
This issue has been automatically marked as inactive because it has not had any activity in the last 30 days. Although currently inactive, the issue could still be considered and actively worked on in the future. More details about the use-case this issue attempts to address, the value provided by completing it or possible solutions to resolve it would help to prioritize the issue. |
OPA currently supports Envoy's ext_authz protocol (unary gRPC). Envoy now has a more extensible and stream based protocol for extensibility (ext_proc) that provides a structured way to interpose on request headers/body etc. This feature request is to add support for the Envoy ext_proc protocol to OPA's envoy plugin. The main benefit of this feature is that as an end user, I will have to use only one extensibility protocol in Envoy that can be used for multiple purposes: authorization, body transformation or any kind of traffic mutation.
The text was updated successfully, but these errors were encountered: