istio.io/istio@v0.0.0-20240520182934-d79c90f27776/releasenotes/notes/authz-ext-authz.yaml

istio.io/istio@v0.0.0-20240520182934-d79c90f27776/releasenotes/notes/authz-ext-authz.yaml (about)

     1  apiVersion: release-notes/v2
     2  kind: feature
     3  area: security
     4  issue:
     5  - https://github.com/istio/api/pull/1926
     6  docs:
     7  - '[reference] https://istio.io/latest/docs/reference/config/istio.mesh.v1alpha1/#MeshConfig-ExtensionProvider-EnvoyExternalAuthorizationHttpProvider'
     8  releaseNotes:
     9  - |
    10    Improved the experimental [External Authorization](https://istio.io/latest/docs/tasks/security/authorization/authz-custom/) feature with new capabilities:
    11    - **Added** the `timeout` field to configure the timeout (default is 10m) between the ext_authz filter and the external service.
    12    - **Added** the `include_additional_headers_in_check` field to send additional headers to the external service.
    13    - **Added** the `include_request_body_in_check` field to send the body to the external service.
    14    - **Supported** prefix and suffix match in the `include_request_headers_in_check`, `headers_to_upstream_on_allow` and `headers_to_downstream_on_deny` field.
    15    - **Deprecated** the `include_headers_in_check` field with the new `include_request_headers_in_check` field for better naming.