Validate ext_authz OkResponse header append actions#40650
Merged
CI (Envoy) / Mobile/Android
skipped
Aug 25, 2025 in 0s
Check was skipped
This check was not triggered in this CI run
Details
Request (pr/40650/main@57a968b)
57a968b 
#40650 merge main@6fde43c
Validate ext_authz OkResponse header append actions
Commit Message: Validate ext_authz OkResponse header append actions
Additional Description:This PR adds validation (and removes sentinel value check) to the ext authz grpc client. If an invalid header append action is found and validate_mutations is true, the response and thus downstream request will be rejected. If validation_mutations is false, invalid actions are ignored.
Risk Level: low
Testing: unit / integration tests added
Environment
Request variables
| Key | Value |
|---|---|
| ref | c42f1e4 |
| sha | 57a968b |
| pr | 40650 |
| base-sha | 6fde43c |
| actor | @antoniovleonti |
| message | Validate ext_authz OkResponse header append actions... |
| started | 1756156532.951364 |
| target-branch | main |
| trusted | false |
Build image
Container image/s (as used in this CI run)
| Key | Value |
|---|---|
| default | envoyproxy/envoy-build-ubuntu:f4a881a1205e8e6db1a57162faf3df7aed88eae8 |
| mobile | envoyproxy/envoy-build-ubuntu:mobile-f4a881a1205e8e6db1a57162faf3df7aed88eae8 |
Version
Envoy version (as used in this CI run)
| Key | Value |
|---|---|
| major | 1 |
| minor | 36 |
| patch | 0 |
| dev | true |
Loading