Skip to content
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions source/extensions/filters/http/ext_authz/ext_authz.cc
Original file line number Diff line number Diff line change
Expand Up @@ -346,6 +346,8 @@ void Filter::onComplete(Filters::Common::ExtAuthz::ResponsePtr&& response) {
config_->httpContext().codeStats().chargeResponseStat(info, false);
}

decoder_callbacks_->streamInfo().setResponseFlag(

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This makes sense.

Optional: Mind to add a comment for future readers, that is why we set it prior to calling sendLocalReply.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

also can put setResponseFlag and sendLocalReply into a inline method, but currently this is enough for me.

StreamInfo::ResponseFlag::UnauthorizedExternalService);
decoder_callbacks_->sendLocalReply(
response->status_code, response->body,
[&headers = response->headers_to_set,
Expand All @@ -365,8 +367,6 @@ void Filter::onComplete(Filters::Common::ExtAuthz::ResponsePtr&& response) {
}
},
absl::nullopt, Filters::Common::ExtAuthz::ResponseCodeDetails::get().AuthzDenied);
decoder_callbacks_->streamInfo().setResponseFlag(
StreamInfo::ResponseFlag::UnauthorizedExternalService);
break;
}

Expand Down
10 changes: 6 additions & 4 deletions test/extensions/filters/http/ext_authz/ext_authz_test.cc
Original file line number Diff line number Diff line change
Expand Up @@ -1916,14 +1916,15 @@ TEST_P(HttpFilterTestParam, DeniedResponseWith401) {
Invoke([&](Filters::Common::ExtAuthz::RequestCallbacks& callbacks,
const envoy::service::auth::v3::CheckRequest&, Tracing::Span&,
const StreamInfo::StreamInfo&) -> void { request_callbacks_ = &callbacks; }));

EXPECT_CALL(filter_callbacks_.stream_info_,
setResponseFlag(Envoy::StreamInfo::ResponseFlag::UnauthorizedExternalService));
EXPECT_EQ(Http::FilterHeadersStatus::StopAllIterationAndWatermark,
filter_->decodeHeaders(request_headers_, false));

Http::TestResponseHeaderMapImpl response_headers{{":status", "401"}};
EXPECT_CALL(filter_callbacks_, encodeHeaders_(HeaderMapEqualRef(&response_headers), true));
EXPECT_CALL(filter_callbacks_, continueDecoding()).Times(0);
EXPECT_CALL(filter_callbacks_.stream_info_,
setResponseFlag(Envoy::StreamInfo::ResponseFlag::UnauthorizedExternalService));

Filters::Common::ExtAuthz::Response response{};
response.status = Filters::Common::ExtAuthz::CheckStatus::Denied;
Expand All @@ -1948,14 +1949,15 @@ TEST_P(HttpFilterTestParam, DeniedResponseWith403) {
Invoke([&](Filters::Common::ExtAuthz::RequestCallbacks& callbacks,
const envoy::service::auth::v3::CheckRequest&, Tracing::Span&,
const StreamInfo::StreamInfo&) -> void { request_callbacks_ = &callbacks; }));

EXPECT_CALL(filter_callbacks_.stream_info_,
setResponseFlag(Envoy::StreamInfo::ResponseFlag::UnauthorizedExternalService));
EXPECT_EQ(Http::FilterHeadersStatus::StopAllIterationAndWatermark,
filter_->decodeHeaders(request_headers_, false));

Http::TestResponseHeaderMapImpl response_headers{{":status", "403"}};
EXPECT_CALL(filter_callbacks_, encodeHeaders_(HeaderMapEqualRef(&response_headers), true));
EXPECT_CALL(filter_callbacks_, continueDecoding()).Times(0);
EXPECT_CALL(filter_callbacks_.stream_info_,
setResponseFlag(Envoy::StreamInfo::ResponseFlag::UnauthorizedExternalService));

Filters::Common::ExtAuthz::Response response{};
response.status = Filters::Common::ExtAuthz::CheckStatus::Denied;
Expand Down