From ab6d6d6ac6e89266a039e98f9c91ee62a5e0730a Mon Sep 17 00:00:00 2001 From: Saurabh Mohan Date: Tue, 20 Feb 2018 11:57:49 -0800 Subject: [PATCH 1/5] Add unauthorized boolean the accesslog. Signed-off-by: Saurabh Mohan --- envoy/config/filter/accesslog/v2/accesslog.proto | 3 +++ 1 file changed, 3 insertions(+) diff --git a/envoy/config/filter/accesslog/v2/accesslog.proto b/envoy/config/filter/accesslog/v2/accesslog.proto index cb7783ad2..56935d3ec 100644 --- a/envoy/config/filter/accesslog/v2/accesslog.proto +++ b/envoy/config/filter/accesslog/v2/accesslog.proto @@ -147,6 +147,9 @@ message ResponseFlags { // Indicates that the request was rate-limited locally. bool rate_limited = 12; + + // Indicates that the request was deemed unauthorized and denied. + bool unauthorized_denied = 13; } // [#not-implemented-hide:] Not configuration. TBD how to doc proto APIs. From ed60e39cd9c2ebba135d610cae060838e6b004d1 Mon Sep 17 00:00:00 2001 From: Saurabh Mohan Date: Fri, 23 Feb 2018 14:13:27 -0800 Subject: [PATCH 2/5] Add proposal for unauthorized with enum. Signed-off-by: Saurabh Mohan --- envoy/config/filter/accesslog/v2/accesslog.proto | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/envoy/config/filter/accesslog/v2/accesslog.proto b/envoy/config/filter/accesslog/v2/accesslog.proto index 56935d3ec..388574fb1 100644 --- a/envoy/config/filter/accesslog/v2/accesslog.proto +++ b/envoy/config/filter/accesslog/v2/accesslog.proto @@ -148,8 +148,18 @@ message ResponseFlags { // Indicates that the request was rate-limited locally. bool rate_limited = 12; + // Reasons why the request was unauthorized + enum UnauthorizedType { + // The request was denied by the external authorization service. + EXTERNAL_SERVICE = 0; + } + // Indicates that the request was deemed unauthorized and denied. - bool unauthorized_denied = 13; + message Unauthorized { + bool is_unauthorized; + UnauthorizedType reason; + } + Unauthorized unauthorized_denied = 13; } // [#not-implemented-hide:] Not configuration. TBD how to doc proto APIs. From 092798f848fb93619069357895660fb7041e026c Mon Sep 17 00:00:00 2001 From: Saurabh Mohan Date: Fri, 23 Feb 2018 17:14:09 -0800 Subject: [PATCH 3/5] Remove boolean is_unauthorized. Signed-off-by: Saurabh Mohan --- envoy/config/filter/accesslog/v2/accesslog.proto | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/envoy/config/filter/accesslog/v2/accesslog.proto b/envoy/config/filter/accesslog/v2/accesslog.proto index c3ad74df0..bccd9a996 100644 --- a/envoy/config/filter/accesslog/v2/accesslog.proto +++ b/envoy/config/filter/accesslog/v2/accesslog.proto @@ -150,14 +150,15 @@ message ResponseFlags { // Reasons why the request was unauthorized enum UnauthorizedType { + // Default is permitted + PERMITTED = 0; // The request was denied by the external authorization service. - EXTERNAL_SERVICE = 0; + EXTERNAL_SERVICE = 1; } // Indicates that the request was deemed unauthorized and denied. message Unauthorized { - bool is_unauthorized; - UnauthorizedType reason; + UnauthorizedType reason = 1; } Unauthorized unauthorized_denied = 13; } From 59753d7c46772bdd53150fb41c400c999f1320e1 Mon Sep 17 00:00:00 2001 From: Saurabh Mohan Date: Tue, 27 Feb 2018 22:07:04 -0800 Subject: [PATCH 4/5] Address review comment. Signed-off-by: Saurabh Mohan --- .../config/filter/accesslog/v2/accesslog.proto | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/envoy/config/filter/accesslog/v2/accesslog.proto b/envoy/config/filter/accesslog/v2/accesslog.proto index bccd9a996..86a7363a7 100644 --- a/envoy/config/filter/accesslog/v2/accesslog.proto +++ b/envoy/config/filter/accesslog/v2/accesslog.proto @@ -148,18 +148,18 @@ message ResponseFlags { // Indicates that the request was rate-limited locally. bool rate_limited = 12; - // Reasons why the request was unauthorized - enum UnauthorizedType { - // Default is permitted - PERMITTED = 0; - // The request was denied by the external authorization service. - EXTERNAL_SERVICE = 1; - } - - // Indicates that the request was deemed unauthorized and denied. message Unauthorized { + // Reasons why the request was unauthorized + enum UnauthorizedType { + UNAUTHORIZED_TYPE_UNSPECIFIED = 0; + // The request was denied by the external authorization service. + EXTERNAL_SERVICE = 1; + } + UnauthorizedType reason = 1; } + + // Indicates that the request was deemed unauthorized and denied. Unauthorized unauthorized_denied = 13; } From 62c8673dfd102a46bce13482ee29c958fc09ff54 Mon Sep 17 00:00:00 2001 From: Saurabh Mohan Date: Wed, 28 Feb 2018 09:47:31 -0800 Subject: [PATCH 5/5] Use better names. Signed-off-by: Saurabh Mohan --- envoy/config/filter/accesslog/v2/accesslog.proto | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/envoy/config/filter/accesslog/v2/accesslog.proto b/envoy/config/filter/accesslog/v2/accesslog.proto index 86a7363a7..acc7fad0f 100644 --- a/envoy/config/filter/accesslog/v2/accesslog.proto +++ b/envoy/config/filter/accesslog/v2/accesslog.proto @@ -150,17 +150,17 @@ message ResponseFlags { message Unauthorized { // Reasons why the request was unauthorized - enum UnauthorizedType { - UNAUTHORIZED_TYPE_UNSPECIFIED = 0; + enum Reason { + REASON_UNSPECIFIED = 0; // The request was denied by the external authorization service. EXTERNAL_SERVICE = 1; } - UnauthorizedType reason = 1; + Reason reason = 1; } - // Indicates that the request was deemed unauthorized and denied. - Unauthorized unauthorized_denied = 13; + // Indicates if the request was deemed unauthorized and the reason for it. + Unauthorized unauthorized_details = 13; } // [#not-implemented-hide:] Not configuration. TBD how to doc proto APIs.