I’m tring to validate request body with ext_authz http filter, but I can’t recieve http-body field on my authz service. When I do the same thing on standalone EnvoyProxy, everythin works fine and I get body field of my request. What I’m doing wrong in Istio?
My EnvoyFilter:
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: >
{"apiVersion":"networking.istio.io/v1alpha3","kind":"EnvoyFilter","metadata":{"annotations":{},"name":"ext-authz-grpc","namespace":"ott-demo"},"spec":{"filters":[{"filterConfig":{"grpc_service":{"google_grpc":{"stat_prefix":"ext_authz","target_uri":"localhost:8080"}}},"filterName":"envoy.ext_authz","filterType":"HTTP","insertPosition":{"index":"FIRST"},"listenerMatch":{"listenerProtocol":"HTTP","listenerType":"SIDECAR_OUTBOUND","portNumber":8002}}],"workloadLabels":{"app":"sleep"}}}
creationTimestamp: '2019-08-28T07:48:11Z'
generation: 1
name: ext-authz-grpc
namespace: ott-demo
resourceVersion: '21497400'
selfLink: >-
/apis/networking.istio.io/v1alpha3/namespaces/ott-demo/envoyfilters/ext-authz-grpc
uid: 2f0d7285-c968-11e9-9c6d-fa163e388199
spec:
filters:
- filterConfig:
grpc_service:
google_grpc:
stat_prefix: ext_authz
target_uri: 'localhost:8080'
timeout: 1s
with_request_body:
allow_partial_message: true
max_request_bytes: 8192
filterName: envoy.ext_authz
filterType: HTTP
insertPosition:
index: FIRST
listenerMatch:
listenerProtocol: HTTP
listenerType: SIDECAR_OUTBOUND
portNumber: 8002
workloadLabels:
app: sleep
Request to remote service:
curl -v -X POST -d “msg=Hello world!” --user username:password -H debug:true http://vertx-simple-web-server.ott-demo.svc.cluster.local:8002/post
Request wich I recieve on my gRPC Authz service:
Request: attributes {
source {
address {
socket_address {
address: "10.129.1.4"
port_value: 40706
}
}
}
destination {
address {
socket_address {
address: "172.30.88.86"
port_value: 8002
}
}
}
request {
http {
id: "1397461714216104324"
method: "POST"
headers {
key: "accept"
value: "*/*"
}
headers {
key: "user-agent"
value: "curl/7.60.0"
}
headers {
key: "authorization"
value: "Basic dXNlcm5hbWU6cGFzc3dvcmQ="
}
headers {
key: "content-length"
value: "16"
}
headers {
key: ":method"
value: "POST"
}
headers {
key: ":path"
value: "/post"
}
headers {
key: "x-envoy-decorator-operation"
value: "vertx-simple-web-server.ott-demo.svc.cluster.local:8002/*"
}
headers {
key: "x-forwarded-proto"
value: "http"
}
headers {
key: "content-type"
value: "application/x-www-form-urlencoded"
}
headers {
key: ":authority"
value: "vertx-simple-web-server.ott-demo.svc.cluster.local:8002"
}
headers {
key: "debug"
value: "true"
}
headers {
key: "ott-token"
value: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
}
headers {
key: "x-request-id"
value: "108f255c-c497-9dc9-9260-30f2c90139b5"
}
path: "/post"
host: "vertx-simple-web-server.ott-demo.svc.cluster.local:8002"
size: 16
protocol: "HTTP/1.1"
}
}
}
Rssponse: ok_response {
headers {
header {
key: "OTT-token"
value: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
}
append {
}
}
}