ext authz: the auth check is skipped when the direct response is set #17502
Description
Title: ext authz: the auth check is skipped when the direct response is set
Description:
Repro steps:
filter_chains:
- filters:
# The HTTP connection manager is the only network filter.
- name: envoy.filters.network.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
stat_prefix: ingress_http
route_config:
name: local_route
virtual_hosts:
- name: local_service
domains: ["*"]
routes:
- match:
path: "/"
direct_response:
status: 200
typed_per_filter_config:
envoy.filters.http.ext_authz:
"@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthzPerRoute
disabled: true
http_filters:
- name: envoy.filters.http.ext_authz
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz
http_service:
server_uri:
uri: 127.0.0.1:33334
cluster: auth_cluster
timeout: 0.25s
with_request_body:
max_request_bytes: 1024
allow_partial_message: true
pack_as_bytes: true
- name: envoy.filters.http.router
Expect the envoy will call to auth_cluster to do the auth. But actually, it always returns 200 directly.