Support ext_authz: Added support for populating the tls_session for extensions.filters.network.ext_authz.v3.ExtAuthz

[marc-barry]

In https://www.envoyproxy.io/docs/envoy/v1.30.0/version_history/v1.30/v1.30.0 and via envoyproxy/envoy#33105 there was support added for the following:

ext_authz: Added support for populating the tls_session check request attribute for network ext_authz by setting include_tls_session to true.

Is there a way I can work around the Go side not supporting that new functionality? It is documented under https://www.envoyproxy.io/docs/envoy/v1.30.0/api-v3/extensions/filters/network/ext_authz/v3/ext_authz.proto#envoy-v3-api-msg-extensions-filters-network-ext-authz-v3-extauthz. I'm trying to find out how I can effectively hack this in while we wait for the go-control-plane to catch up to the latest features of Envoy.

[sunjayBhatia]

Envoy repo APIs are automatically mirrored into this repo, see:

go-control-plane/envoy/extensions/filters/network/ext_authz/v3/ext_authz.pb.go

Line 66 in bc7bb4c

IncludeTlsSession bool `protobuf:"varint,8,opt,name=include_tls_session,json=includeTlsSession,proto3" json:"include_tls_session,omitempty"`

[marc-barry]

Envoy repo APIs are automatically mirrored into this repo, see:

@sunjayBhatia OK. I uses releases under https://github.com/envoyproxy/go-control-plane/releases/tag/v0.12.0 and so I guess I need to bypass that and pull in the latest main branch changes. Is this typically safe to do instead of waiting until a new release is made? At what cadence is a new release created?

[valerian-roche]

We do not create releases regularly recently. There is ongoing work to split the API module to allow independent versioning in #714

[marc-barry]

We do not create releases regularly recently. There is ongoing work to split the API module to allow independent versioning in #714

Thanks for the reference. I'll close this off as I have the information I need and I'll follow #714 for the topic of releases.