From 22615d252af6caf35180cd7a1b33f2a85498e464 Mon Sep 17 00:00:00 2001
From: Saurabh Mohan <saurabh+github@tigera.io>
Date: Fri, 9 Feb 2018 17:25:04 -0800
Subject: [PATCH 1/3] Fix up comments in external authorization configuration.

Signed-off-by: Saurabh Mohan <saurabh+github@tigera.io>
---
 envoy/config/filter/http/ext_authz/v2/ext_authz.proto    | 6 +++---
 envoy/config/filter/network/ext_authz/v2/ext_authz.proto | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/envoy/config/filter/http/ext_authz/v2/ext_authz.proto b/envoy/config/filter/http/ext_authz/v2/ext_authz.proto
index caa2fd9b4..c32b2793a 100644
--- a/envoy/config/filter/http/ext_authz/v2/ext_authz.proto
+++ b/envoy/config/filter/http/ext_authz/v2/ext_authz.proto
@@ -14,13 +14,13 @@ import "validate/validate.proto";
 message ExtAuthz {
 
   // The external authorization gRPC service configuration.
+  // Note: Only works with :ref:`Envoy's in-built gRPC client <envoy_api_msg_core.GrpcService.EnvoyGrpc>`
   envoy.api.v2.core.GrpcService grpc_service = 1;
 
   // The filter's behaviour in case the external authorization service does
   // not respond back. If set to true then in case of failure to get a
-  // response back from the authorization service allow the traffic.
+  // response back from the authorization service or getting a response that is NOT denied then
+  // traffic will be permitted.
   // Defaults to false.
-  // If set to true and the response from the authorization service is NOT
-  // Denied then the traffic will be permitted.
   bool failure_mode_allow = 2;
 }
diff --git a/envoy/config/filter/network/ext_authz/v2/ext_authz.proto b/envoy/config/filter/network/ext_authz/v2/ext_authz.proto
index eb0fe7f0c..c068f4a4c 100644
--- a/envoy/config/filter/network/ext_authz/v2/ext_authz.proto
+++ b/envoy/config/filter/network/ext_authz/v2/ext_authz.proto
@@ -16,13 +16,13 @@ message ExtAuthz {
   string stat_prefix = 1 [(validate.rules).string.min_bytes = 1];
 
   // The external authorization gRPC service configuration.
+  // Note: Only works with :ref:`Envoy's in-built gRPC client <envoy_api_msg_core.GrpcService.EnvoyGrpc>`
   envoy.api.v2.core.GrpcService grpc_service = 2;
 
   // The filter's behaviour in case the external authorization service does
   // not respond back. If set to true then in case of failure to get a
-  // response back from the authorization service allow the traffic.
+  // response back from the authorization service or getting a response that is NOT denied then
+  // traffic will be permitted.
   // Defaults to false.
-  // If set to true and the response from the authorization service is NOT
-  // Denied then the traffic will be permitted.
   bool failure_mode_allow = 3;
 }

From bdbc5273fd4ba20c1c17c21cd813716e203e72ea Mon Sep 17 00:00:00 2001
From: Saurabh Mohan <saurabh+github@tigera.io>
Date: Sun, 11 Feb 2018 20:50:43 -0800
Subject: [PATCH 2/3] Remove comment about limitation to envoy client of gRPC.

Signed-off-by: Saurabh Mohan <saurabh+github@tigera.io>
---
 envoy/config/filter/http/ext_authz/v2/ext_authz.proto    | 1 -
 envoy/config/filter/network/ext_authz/v2/ext_authz.proto | 1 -
 2 files changed, 2 deletions(-)

diff --git a/envoy/config/filter/http/ext_authz/v2/ext_authz.proto b/envoy/config/filter/http/ext_authz/v2/ext_authz.proto
index c32b2793a..ced2db47a 100644
--- a/envoy/config/filter/http/ext_authz/v2/ext_authz.proto
+++ b/envoy/config/filter/http/ext_authz/v2/ext_authz.proto
@@ -14,7 +14,6 @@ import "validate/validate.proto";
 message ExtAuthz {
 
   // The external authorization gRPC service configuration.
-  // Note: Only works with :ref:`Envoy's in-built gRPC client <envoy_api_msg_core.GrpcService.EnvoyGrpc>`
   envoy.api.v2.core.GrpcService grpc_service = 1;
 
   // The filter's behaviour in case the external authorization service does
diff --git a/envoy/config/filter/network/ext_authz/v2/ext_authz.proto b/envoy/config/filter/network/ext_authz/v2/ext_authz.proto
index c068f4a4c..aa2763305 100644
--- a/envoy/config/filter/network/ext_authz/v2/ext_authz.proto
+++ b/envoy/config/filter/network/ext_authz/v2/ext_authz.proto
@@ -16,7 +16,6 @@ message ExtAuthz {
   string stat_prefix = 1 [(validate.rules).string.min_bytes = 1];
 
   // The external authorization gRPC service configuration.
-  // Note: Only works with :ref:`Envoy's in-built gRPC client <envoy_api_msg_core.GrpcService.EnvoyGrpc>`
   envoy.api.v2.core.GrpcService grpc_service = 2;
 
   // The filter's behaviour in case the external authorization service does

From 5344264344abfa57ddb5616649da4668d2d615fe Mon Sep 17 00:00:00 2001
From: Saurabh Mohan <saurabh+github@tigera.io>
Date: Mon, 12 Feb 2018 12:40:38 -0800
Subject: [PATCH 3/3] Limit to 80 column.

Signed-off-by: Saurabh Mohan <saurabh+github@tigera.io>
---
 envoy/config/filter/http/ext_authz/v2/ext_authz.proto    | 7 ++++---
 envoy/config/filter/network/ext_authz/v2/ext_authz.proto | 7 ++++---
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/envoy/config/filter/http/ext_authz/v2/ext_authz.proto b/envoy/config/filter/http/ext_authz/v2/ext_authz.proto
index ced2db47a..8365c054e 100644
--- a/envoy/config/filter/http/ext_authz/v2/ext_authz.proto
+++ b/envoy/config/filter/http/ext_authz/v2/ext_authz.proto
@@ -9,7 +9,8 @@ import "validate/validate.proto";
 
 // [#not-implemented-hide:]
 // External Authorization filter calls out to an external service over the
-// gRPC Authorization API defined by :ref:`external_auth <envoy_api_msg_auth.CheckRequest>`.
+// gRPC Authorization API defined by
+// :ref:`external_auth <envoy_api_msg_auth.CheckRequest>`.
 // A failed check will cause this filter to return 403 Forbidden.
 message ExtAuthz {
 
@@ -18,8 +19,8 @@ message ExtAuthz {
 
   // The filter's behaviour in case the external authorization service does
   // not respond back. If set to true then in case of failure to get a
-  // response back from the authorization service or getting a response that is NOT denied then
-  // traffic will be permitted.
+  // response back from the authorization service or getting a response that
+  // is NOT denied then traffic will be permitted.
   // Defaults to false.
   bool failure_mode_allow = 2;
 }
diff --git a/envoy/config/filter/network/ext_authz/v2/ext_authz.proto b/envoy/config/filter/network/ext_authz/v2/ext_authz.proto
index aa2763305..f6716386f 100644
--- a/envoy/config/filter/network/ext_authz/v2/ext_authz.proto
+++ b/envoy/config/filter/network/ext_authz/v2/ext_authz.proto
@@ -9,7 +9,8 @@ import "validate/validate.proto";
 
 // [#not-implemented-hide:]
 // External Authorization filter calls out to an external service over the
-// gRPC Authorization API defined by :ref:`external_auth <envoy_api_msg_auth.CheckRequest>`.
+// gRPC Authorization API defined by
+// :ref:`external_auth <envoy_api_msg_auth.CheckRequest>`.
 // A failed check will cause this filter to close the TCP connection.
 message ExtAuthz {
   // The prefix to use when emitting statistics.
@@ -20,8 +21,8 @@ message ExtAuthz {
 
   // The filter's behaviour in case the external authorization service does
   // not respond back. If set to true then in case of failure to get a
-  // response back from the authorization service or getting a response that is NOT denied then
-  // traffic will be permitted.
+  // response back from the authorization service or getting a response that
+  // is NOT denied then traffic will be permitted.
   // Defaults to false.
   bool failure_mode_allow = 3;
 }