Cannot detect partial body content sent in ext_authz call with allow_partial_message #6487
Description
Description:
With support for the request body in ext_authz (#5676) it seems impossible to detect if partial content is delivered to the ext_authz call if the content is streamed (e.g., no Content-Length header to compare against). This makes dealing with partial content difficult as any parser may fail due to partial truncation (vs it just being bad data).
I'd like there to be a way to detect this. Perhaps passing a flag in the call indicating the body is partial?
Repro steps:
Setting up ext_authz with the new with_request_body setting https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/filter/http/ext_authz/v2/ext_authz.proto#envoy-api-msg-config-filter-http-ext-authz-v2-buffersettings
Setting a small limit of 10 bytes to reproduce:
- name: envoy.ext_authz
config:
grpc_service:
envoy_grpc:
cluster_name: grpc-service
timeout: 0.2s
failure_mode_allow: true
with_request_body:
max_request_bytes: 10
allow_partial_message: true
If allow_partial_message is false and the body is larger than max_request_bytes, then a 413 is returned and no ext_authz call is made. This will not work for me, so I need this set true. When this is set true, the call is made with only the first 10 bytes. This can be detected if there is a Content-Length HTTP header (i.e., C-L header is larger than body data length), but not if the content is streamed such as with Transfer-Encoding: chunked where there is no C-L to compare against.
For example send this:
curl -vv -H "Transfer-Encoding: chunked" -H "Content-Type: application/json" --data-binary '{"foo":"bar"}' 'http://localhost:8000/test'
And the truncated JSON ({"foo":"ba) will not parse. Here it seems impossible to know if the client sent the bad data or if the data was just truncated.
cc @gsagula