Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ext_authz: Support filter naming and per-filter statistics #12666

Closed
danielmittelman opened this issue Aug 15, 2020 · 1 comment · Fixed by #13215
Closed

ext_authz: Support filter naming and per-filter statistics #12666

danielmittelman opened this issue Aug 15, 2020 · 1 comment · Fixed by #13215
Labels
area/ext_authz help wanted Needs help!

Comments

@danielmittelman
Copy link

Title: Support filter naming and per-filter statistics

Description:
My HTTP filter chain contains multiple instances of ext_authz, each fulfilling a completely different task.

My real-life use case:

http_filters:
  # Filter #1 - WAF sidecar
  - name: envoy.filters.http.ext_authz
    config: {...}

  # Filter #2 - request authorization service
  - name: envoy.filters.http.ext_authz
    config: {...}

In this case, I can access relevant statistics about the External Authorization executions in general, but I cannot distinguish between the two external services, and most importantly I cannot measure the allow/deny rates of each of the filters.

My suggestion is to have the option of naming each of the filters, and having that name added as a dimension to the statistics produced by the filter, for example:

http_filters:
  # Filter #1 - WAF sidecar
  - name: envoy.filters.http.ext_authz
    config:
      filter_stat_name: waf
      ...

  # Filter #2 - request authorization service
  - name: envoy.filters.http.ext_authz
    config:
      filter_stat_name: authorizer
      ...
@dio
Copy link
Member

dio commented Aug 15, 2020

I think this is a reasonable ask. And i believe saw some TODOs related to this.

@dio dio mentioned this issue Sep 22, 2020
Merged
htuch pushed a commit that referenced this issue Sep 30, 2020
@dio
ext_authz: Allow to set additional prefix for HTTP filter stats (#13215)
720348b 
This patch allows setting an additional prefix for HTTP filter stats. This lets the emitted statistics from configured ext_authz HTTP filters in an HTTP filter chain can be distinguished from each other.

Risk Level: Low
Testing: Added a test on additional prefix.
Docs Changes: Added
Release Notes: Added

Fixes #12666

Signed-off-by: Dhi Aurrahman <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/ext_authz help wanted Needs help!
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

ext_authz: Allow to set additional prefix for HTTP filter stats
3 participants
@dio @mattklein123 @danielmittelman