External Processing Service

    This API feature is currently work-in-progress. API features marked as work-in-progress are not considered stable, are not covered by the threat model, are not supported by the security team, and are subject to breaking changes. Do not use this feature without understanding each of the previous points.

    A service that can access and modify HTTP requests and responses as part of a filter chain. The overall external processing protocol works like this:

    1. Envoy sends to the service information about the HTTP request.

    2. The service sends back a ProcessingResponse message that directs Envoy to either stop processing, continue without it, or send it the next chunk of the message body.

    3. If so requested, Envoy sends the server chunks of the message body, or the entire body at once. In either case, the server sends back a ProcessingResponse after each message it receives.

    4. If so requested, Envoy sends the server the HTTP trailers, and the server sends back a ProcessingResponse.

    5. At this point, request processing is done, and we pick up again at step 1 when Envoy receives a response from the upstream server.

    6. At any point above, if the server closes the gRPC stream cleanly, then Envoy proceeds without consulting the server.

    In other words, the process is a request/response conversation, but using a gRPC stream to make it easier for the server to maintain state.

    This represents the different types of messages that Envoy can send to an external processing server.

    async_mode

    (bool) Specify whether the filter that sent this request is running in synchronous or asynchronous mode. The choice of synchronous or asynchronous mode can be set in the filter configuration, and defaults to false.

    • A value of “false” indicates that the server must respond to this message by either sending back a matching ProcessingResponse message, or by closing the stream.

    • A value of “true” indicates that the server must not respond to this message, although it may still close the stream to indicate that no more messages are needed.

    request_headers

    () Information about the HTTP request headers, as well as peer info and additional properties. Unless “async_mode” is true, the server must send back a HeaderResponse message, an ImmediateResponse message, or close the stream.

    Each request message will include one of the following sub-messages. Which ones are set for a particular HTTP request/response depend on the processing mode.

    Precisely one of request_headers, , request_body, , request_trailers, must be set.

    response_headers

    (service.ext_proc.v3.HttpHeaders) Information about the HTTP response headers, as well as peer info and additional properties. Unless “async_mode” is true, the server must send back a HeaderResponse message or close the stream.

    Each request message will include one of the following sub-messages. Which ones are set for a particular HTTP request/response depend on the processing mode.

    Precisely one of , response_headers, , response_body, , response_trailers must be set.

    request_body

    () A chunk of the HTTP request body. Unless “async_mode” is true, the server must send back a BodyResponse message, an ImmediateResponse message, or close the stream.

    Each request message will include one of the following sub-messages. Which ones are set for a particular HTTP request/response depend on the processing mode.

    Precisely one of request_headers, , request_body, , request_trailers, must be set.

    response_body

    (service.ext_proc.v3.HttpBody) A chunk of the HTTP request body. Unless “async_mode” is true, the server must send back a BodyResponse message or close the stream.

    Each request message will include one of the following sub-messages. Which ones are set for a particular HTTP request/response depend on the processing mode.

    Precisely one of , response_headers, , response_body, , response_trailers must be set.

    request_trailers

    () The HTTP trailers for the request path. Unless “async_mode” is true, the server must send back a TrailerResponse message or close the stream.

    This message is only sent if the trailers processing mode is set to “SEND”. If there are no trailers on the original downstream request, then this message will only be sent (with empty trailers waiting to be populated) if the processing mode is set before the request headers are sent, such as in the filter configuration.

    Each request message will include one of the following sub-messages. Which ones are set for a particular HTTP request/response depend on the processing mode.

    Precisely one of request_headers, , request_body, , request_trailers, must be set.

    response_trailers

    (service.ext_proc.v3.HttpTrailers) The HTTP trailers for the response path. Unless “async_mode” is true, the server must send back a TrailerResponse message or close the stream.

    This message is only sent if the trailers processing mode is set to “SEND”. If there are no trailers on the original downstream request, then this message will only be sent (with empty trailers waiting to be populated) if the processing mode is set before the request headers are sent, such as in the filter configuration.

    Each request message will include one of the following sub-messages. Which ones are set for a particular HTTP request/response depend on the processing mode.

    Precisely one of , response_headers, , response_body, , response_trailers must be set.

    service.ext_proc.v3.ProcessingResponse

    [service.ext_proc.v3.ProcessingResponse proto]

    For every ProcessingRequest received by the server with the “async_mode” field set to false, the server must send back exactly one ProcessingResponse message.

    1. "request_headers": "{...}",
    2. "response_headers": "{...}",
    3. "request_body": "{...}",
    4. "response_body": "{...}",
    5. "request_trailers": "{...}",
    6. "response_trailers": "{...}",
    7. "immediate_response": "{...}",
    8. "mode_override": "{...}"
    9. }

    request_headers

    () The server must send back this message in response to a message with the “request_headers” field set.

    response_headers

    (service.ext_proc.v3.HeadersResponse) The server must send back this message in response to a message with the “response_headers” field set.

    Precisely one of , response_headers, , response_body, , response_trailers, must be set.

    request_body

    (service.ext_proc.v3.BodyResponse) The server must send back this message in response to a message with the “request_body” field set.

    Precisely one of , response_headers, , response_body, , response_trailers, must be set.

    response_body

    (service.ext_proc.v3.BodyResponse) The server must send back this message in response to a message with the “response_body” field set.

    Precisely one of , response_headers, , response_body, , response_trailers, must be set.

    request_trailers

    (service.ext_proc.v3.TrailersResponse) The server must send back this message in response to a message with the “request_trailers” field set.

    Precisely one of , response_headers, , response_body, , response_trailers, must be set.

    response_trailers

    (service.ext_proc.v3.TrailersResponse) The server must send back this message in response to a message with the “response_trailers” field set.

    Precisely one of , response_headers, , response_body, , response_trailers, must be set.

    immediate_response

    (service.ext_proc.v3.ImmediateResponse) If specified, attempt to create a locally generated response, send it downstream, and stop processing additional filters and ignore any additional messages received from the remote server for this request or response. If a response has already started – for example, if this message is sent response to a “response_body” message – then this will either ship the reply directly to the downstream codec, or reset the stream.

    Precisely one of , response_headers, , response_body, , response_trailers, must be set.

    mode_override

    (extensions.filters.http.ext_proc.v3.ProcessingMode) Override how parts of the HTTP request and response are processed for the duration of this particular request/response only. Servers may use this to intelligently control how requests are processed based on the headers and other metadata that they see.

    service.ext_proc.v3.HttpHeaders

    [service.ext_proc.v3.HttpHeaders proto]

    This message is sent to the external server when the HTTP request and responses are first received.

    1. {
    2. "headers": "{...}",
    3. "end_of_stream": "..."

    headers

    () The HTTP request headers. All header keys will be lower-cased, because HTTP header keys are case-insensitive.

    end_of_stream

    (bool) If true, then there is no message body associated with this request or response.

    service.ext_proc.v3.HttpBody

    [service.ext_proc.v3.HttpBody proto]

    This message contains the message body that Envoy sends to the external server.

    1. {
    2. "body": "...",
    3. "end_of_stream": "..."
    4. }

    body

    ()

    end_of_stream

    (bool)

    This message contains the trailers.

    trailers

    (config.core.v3.HeaderMap)

    service.ext_proc.v3.HeadersResponse

    [service.ext_proc.v3.HeadersResponse proto]

    This message must be sent in response to an HttpHeaders message.

    1. "response": "{...}"
    2. }

    response

    ()

    service.ext_proc.v3.TrailersResponse

    This message must be sent in response to an HttpTrailers message.

    1. {
    2. "header_mutation": "{...}"
    3. }

    header_mutation

    (service.ext_proc.v3.HeaderMutation) Instructions on how to manipulate the trailers

    service.ext_proc.v3.BodyResponse

    [service.ext_proc.v3.BodyResponse proto]

    This message must be sent in response to an HttpBody message.

    1. {
    2. "response": "{...}"

    ()

    [service.ext_proc.v3.CommonResponse proto]

    This message contains common fields between header and body responses.

    status

    () If set, provide additional direction on how the Envoy proxy should handle the rest of the HTTP filter chain.

    header_mutation

    (service.ext_proc.v3.HeaderMutation) Instructions on how to manipulate the headers. When responding to an HttpBody request, header mutations will only take effect if the current processing mode for the body is BUFFERED.

    body_mutation

    () Replace the body of the last message sent to the remote server on this stream. If responding to an HttpBody request, simply replace or clear the body chunk that was sent with that request. Body mutations only take effect in response to “body” messages and are ignored otherwise.

    clear_route_cache

    (bool) Clear the route cache for the current request. This is necessary if the remote server modified headers that are used to calculate the route.

    Enum service.ext_proc.v3.CommonResponse.ResponseStatus

    [service.ext_proc.v3.CommonResponse.ResponseStatus proto]

    CONTINUE

    (DEFAULT) ⁣Apply the mutation instructions in this message to the request or response, and then continue processing the filter stream as normal. This is the default.

    CONTINUE_AND_REPLACE

    ⁣Apply the specified header mutation, replace the body with the body specified in the body mutation (if present), and do not send any further messages for this request or response even if the processing mode is configured to do so.

    When used in response to a request_headers or response_headers message, this status makes it possible to either completely replace the body while discarding the original body, or to add a body to a message that formerly did not have one.

    In other words, this response makes it possible to turn an HTTP GET into a POST, PUT, or PATCH.

    service.ext_proc.v3.ImmediateResponse

    [service.ext_proc.v3.ImmediateResponse proto]

    This message causes the filter to attempt to create a locally generated response, send it downstream, stop processing additional filters, and ignore any additional messages received from the remote server for this request or response. If a response has already started, then this will either ship the reply directly to the downstream codec, or reset the stream.

    1. {
    2. "status": "{...}",
    3. "headers": "{...}",
    4. "body": "...",
    5. "grpc_status": "{...}",
    6. "details": "..."
    7. }

    status

    (, REQUIRED) The response code to return

    headers

    (service.ext_proc.v3.HeaderMutation) Apply changes to the default headers, which will include content-type.

    body

    () The message body to return with the response which is sent using the text/plain content type, or encoded in the grpc-message header.

    grpc_status

    (service.ext_proc.v3.GrpcStatus) If set, then include a gRPC status trailer.

    details

    () A string detailing why this local reply was sent, which may be included in log and debug output.

    service.ext_proc.v3.GrpcStatus

    This message specifies a gRPC status for an ImmediateResponse message.

    1. {
    2. "status": "..."
    3. }

    status

    (uint32) The actual gRPC status

    Change HTTP headers or trailers by appending, replacing, or removing headers.

    1. {
    2. "set_headers": [],
    3. }

    set_headers

    (repeated config.core.v3.HeaderValueOption) Add or replace HTTP headers. Attempts to set the value of any “x-envoy” header, and attempts to set the “:method”, “:authority”, “:scheme”, or “host” headers will be ignored.

    remove_headers

    (repeated ) Remove these HTTP headers. Attempts to remove system headers – any header starting with “:”, plus “host” – will be ignored.

    service.ext_proc.v3.BodyMutation

    Replace the entire message body chunk received in the corresponding HttpBody message with this new body, or clear the body.

    body

    (bytes) The entire body to replace

    Only one of , clear_body may be set.

    clear_body

    Only one of , clear_body may be set.