Skip to content

feat(xds): Add header mutations library #12494

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

feat(xds): Add header mutations library #12494

wants to merge 4 commits into from

Conversation

@sauravzg
Copy link

@sauravzg sauravzg commented Nov 11, 2025

This PR sits on top of #12493, so only the last commit + any fixups need to be reviewed.

This commit introduces a library for handling header mutations as specified by the xDS protocol. This library provides the core functionality for modifying request and response headers based on a set of rules.

The main components of this library are:

  • HeaderMutator: Applies header mutations to Metadata objects.
  • HeaderMutationFilter: Filters header mutations based on a set of configurable rules, such as disallowing mutations of system headers.
  • HeaderMutations: A value class that represents the set of mutations to be applied to request and response headers.
  • HeaderMutationDisallowedException: An exception that is thrown when a disallowed header mutation is attempted.

This commit also includes comprehensive unit tests for the new library.

@sauravzg
feat(xds): Update Envoy proto definitions and add ExtAuthz gRPC service
8107c1b 
This commit updates the Envoy proto definitions to a newer version and adds the generated gRPC code for the `envoy.service.auth.v3.Authorization` service.

The updated proto definitions include changes to the `ext_authz` filter, `GrpcService` configuration, and other related components. This also includes new proto files for gRPC credentials and header mutation rules.

The generated `AuthorizationGrpc.java` file provides the gRPC stub that will be used to communicate with the external authorization service.
This was referenced Nov 11, 2025
Open
Open
Open
Open
@sauravzg sauravzg force-pushed the feat/header-mutations branch from 28baee5 to 7122eb7 Compare November 11, 2025 14:37
@sauravzg
feat(xds): Add configuration objects for ExtAuthz and GrpcService
65f51c0 
This commit introduces configuration objects for the external authorization (ExtAuthz) filter and the gRPC service it uses. These classes provide a structured, immutable representation of the configuration defined in the xDS protobuf messages.

The main new classes are:
- `ExtAuthzConfig`: Represents the configuration for the `ExtAuthz` filter, including settings for the gRPC service, header mutation rules, and other filter behaviors.
- `GrpcServiceConfig`: Represents the configuration for a gRPC service, including the target URI, credentials, and other settings.
- `HeaderMutationRulesConfig`: Represents the configuration for header mutation rules.

This commit also includes parsers to create these configuration objects from the corresponding protobuf messages, as well as unit tests for the new classes.
@sauravzg
feat(xds): Implement request builder for external authorization
99f9b3a 
This commit introduces the `CheckRequestBuilder` library, which is responsible for constructing the `CheckRequest` message sent to the external authorization service.

The `CheckRequestBuilder` gathers information from various sources, including:
- `ServerCall` attributes (local and remote addresses, SSL session).
- `MethodDescriptor` (full method name).
- Request headers.

It uses this information to populate the `AttributeContext` of the `CheckRequest` message, which provides the authorization service with the necessary context to make an authorization decision.

This commit also introduces the `ExtAuthzCertificateProvider`, a helper class for extracting certificate information, such as the principal and PEM-encoded certificate.

Unit tests for the new components are also included.
@sauravzg
feat(xds): Add header mutations library
0ce7b79 
This commit introduces a library for handling header mutations as specified by the xDS protocol. This library provides the core functionality for modifying request and response headers based on a set of rules.

The main components of this library are:
- `HeaderMutator`: Applies header mutations to `Metadata` objects.
- `HeaderMutationFilter`: Filters header mutations based on a set of configurable rules, such as disallowing mutations of system headers.
- `HeaderMutations`: A value class that represents the set of mutations to be applied to request and response headers.
- `HeaderMutationDisallowedException`: An exception that is thrown when a disallowed header mutation is attempted.

This commit also includes comprehensive unit tests for the new library.
@sauravzg sauravzg force-pushed the feat/header-mutations branch from 7122eb7 to 0ce7b79 Compare November 11, 2025 14:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sauravzg