Add docs for dynamic_metadata feature in opa-envoy-plugin #6389
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
✅ Deploy Preview for openpolicyagent ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
docs/content/envoy-primer.md
Outdated
| @@ -101,13 +101,14 @@ With the input value above, the answer is: | |||
| ## Example Policy with Additional Controls | |||
|
|
|||
| The `allow` variable in the above policy returns a `boolean` decision to indicate whether a request should be allowed or not. | |||
| If you want, you can also control the HTTP status sent to the upstream or downstream client, along with the response body, and the response headers. To do that, you can write rules like the ones below to fill in values for variables with the following types: | |||
| If you want, you can also control the HTTP status sent to the upstream or downstream client, along with the response body, and the response headers. You can also set `DynamicMetadata` in the `CheckResponse`. To do that, you can write rules like the ones below to fill in values for variables with the following types: | |||
There was a problem hiding this comment.
What about something like
If you want, you can also control the HTTP status sent to the upstream or downstream client, along with the response body, the response headers. Response metadata can also be set for consumption by the next Envoy filter.
docs/content/envoy-primer.md
Outdated
|
|
||
| * `headers` is an object whose keys are strings and values are strings. In case the request is denied, the object represents the HTTP response headers to be sent to the downstream client. If the request is allowed, the object represents additional request headers to be sent to the upstream. | ||
| * `response_headers_to_add` is an object whose keys are strings and values are strings. It defines the HTTP response headers to be sent to the downstream client when a request is allowed. | ||
| * `request_headers_to_remove` is an array of strings which describes the HTTP headers to remove from the original request before dispatching it to the upstream when a request is allowed. | ||
| * `body` is a string which represents the response body data sent to the downstream client when a request is denied. | ||
| * `status_code` is a number which represents the HTTP response status code sent to the downstream client when a request is denied. | ||
| * `dynamic_metadata` is an object whose keys are strings and values can be strings, objects, or numbers. It will set the `DynamicMetadata` in the `CheckResponse` returned by the `opa-envoy-plugin` and can be consumed elsewhere in the envoy filter chain. |
There was a problem hiding this comment.
bool, strings, numbers, objects or arrays
There was a problem hiding this comment.
forgot about arrays 😵💫
docs/content/envoy-primer.md
Outdated
| @@ -207,6 +210,7 @@ When Envoy receives a policy decision, it expects a JSON object with the followi | |||
| * `request_headers_to_remove` (optional): is an array of string header names | |||
| * `http_status` (optional): a number representing the HTTP status code | |||
| * `body` (optional): the response body | |||
| * `dynamic_metadata` (optional): an object to be added to the `CheckResponse`'s `DynamicMetadata` field. | |||
There was a problem hiding this comment.
an object representing dynamic metadata to be consumed by the next Envoy filter.
tjons
force-pushed
the
6209-opa-envoy-plugin-dynamic-metadata-docs
branch
from
bbe7e26
to
185b186
Compare
|
@ashutosh-narkar thanks for the review! updated accordingly... let me know if you are ready for me to squash commits |
Signed-off-by: tjons <[email protected]>
Signed-off-by: tjons <[email protected]>
ashutosh-narkar
force-pushed
the
6209-opa-envoy-plugin-dynamic-metadata-docs
branch
from
185b186
to
d6b6f3b
Compare
|
Merge after open-policy-agent/opa-envoy-plugin#479. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Why the changes in this PR are needed?
Corresponding docs changes for open-policy-agent/opa-envoy-plugin#479
What are the changes in this PR?
Add
dynamic_metadataas a supportedresultkeyword in theopa-envoy-plugindocs, and provide a small example.Notes to assist PR review:
see open-policy-agent/opa-envoy-plugin#479 for implementation.
Further comments:
N/A