Support to add custom timeout for external auth service

[sekar-saravanan]

Description:

Hello Team,

I have configured an external gRPC auth service via the SecurityPolicy as shown below:

spec:
  extAuth:
    failOpen: false
    grpc:
      backendRef:
        group: ""
        kind: Service
        name: gateway-auth-service-headless
        namespace: seceng
        port: 3000

By default, the external auth timeout is set to 10 seconds and the envoy config json is below.

"http_filters": [
                    {
                      "disabled": true,
                      "name": "envoy.filters.http.ext_authz/securitypolicy/devops/eg-validator",
                      "typed_config": {
                        "@type": "type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz",
                        "grpc_service": {
                          "envoy_grpc": {
                            "authority": "gateway-auth-service-headless.seceng:3000",
                            "cluster_name": "securitypolicy/devops/eg-validator/extauth/0"
                          },
                          "timeout": "10s"
                        },
                        "transport_api_version": "V3"
                      }
                    }
]

I would like to set some custom timeout like 500 milliseconds. Is there any way to override this default timeout? If not, can we provide a support to override this?

Thank you.

[sudiptob2]

Hey @arkodg would like to give it a shot.

[sekar-saravanan]

Would it be possible to include this support in the 1.5 release?