External Processing Policy

Policy Name

External Processing

Summary

Sends the incoming HTTP requests or outgoing HTTP responses requests to an external gRPC service for additional processing

Category

Transformation

First Flex Gateway version available

v1.6.0

Returned Status Codes

403 - IP is rejected

Summary

The External Processing policy forwards the incoming HTTP request or outgoing HTTP response to an external gRPC service to modify the headers, trailers, body, or any combination of the three. You can also configure this policy to process either the request, response, or both.

Additionally, the external processing service can request different parts of the HTTP request or response after the initial gRPC request was sent by Flex Gateway to the external processing server. This enables you to send the minimum amount of data necessary. For example, Flex Gateway can initially send only the HTTP requests headers. Then, after some processing, the external processor can request the HTTP request body or trailers from Flex Gateway.

The parameters you set for sending the HTTP headers, trailers, and body only configure what is initially sent. The external processing service has access to all parts of the HTTP request or response regardless of what is configured. Configure the parameters to send all of the information that the processing service needs for every incoming HTTP request or response. For example, if the processing service needs the headers for every request but only needs the body for some of the requests, depending on the information found in the header, only configure the parameters to send the headers.

The External Processing policy is an extension of the External Processing filter native to Envoy. To learn more about the External Processing filter, see External Processing Filter. Not all External Processing filter parameters are available for the External Processing policy. To find what parameters are configurable, see Configuring Policy Parameters.

If other policies modify the HTTP request or response, ensure that you order the policies depending on if these modification should be present when the request is sent to the processing service or upstream service. For more information about ordering policies, see Ordering Policies.

Configuring Policy Parameters

Flex Gateway Local Mode

In Local Mode, you apply the External Processing policy to your API instance via declarative configuration files. Refer to the following policy definition and table of parameters:

- policyRef:
    name: native-ext-proc-flex
  config:
    uri: <string> // REQUIRED
    messageTimeout: <integer> // OPTIONAL, default: 1000
    requestHeaderMode: <string> // OPTIONAL, default: "send"
    responseHeaderMode: <string> // OPTIONAL, default: "send"
    requestBodyMode: <string> // OPTIONAL, default: "none"
    responseBodyMode: <string> // OPTIONAL, default: "none"
    requestTrailerMode: <string> // OPTIONAL, default: "skip"
    responseTrailerMode: <string> // OPTIONAL, default: "skip"
    failureModeAllow: <boolean> // OPTIONAL, default: false
    maxMessageTimeout: <integer> // OPTIONAL, default: 0
    allowModeOverride: <boolean> // OPTIONAL, default: true

Parameter Required or Optional Default Value Description

Parameter	Required or Optional	Default Value	Description
`uri`	Required	NA	External processing server URI. For gRPC type servers, define the URI as `\h2://<ext.authz.com>:<port>`.
`messageTimeout`	Optional	`1000`	Message timeout for the processing server in milliseconds.
`requestHeaderMode`	Optional	`send`	Whether the HTTP requests headers are sent to the processing service. Supported values are `send` and `skip`.
`responseHeaderMode`	Optional	`send`	Whether the HTTP response headers are sent to the processing service. Supported values are `send` and `skip`.
`requestBodyMode`	Optional	`none`	Mode that the HTTP request body is sent in. Supported values are `none`, `streamed`, `buffered`, and `bufferedPartial`. Selecting `none` does not send the request body.
`responseBodyMode`	Optional	`none`	Mode that the HTTP response body is sent in. Supported values are `none`, `streamed`, `buffered`, and `bufferedPartial`. Selecting `none` does not send the request body.
`requestTrailerMode`	Optional	`skip`	Whether the HTTP requests' trailer headers are sent to the processing service. Supported values are `send` and `skip`.
`responseTrailerMode`	Optional	`skip`	Whether the HTTP response trailer headers are sent to the processing service. Supported values are `send` and `skip`.
`failureModeAllow`	Optional	`false`	When `true`, if the gRPC stream prematurely closes or can’t be opened, request processing continues without error.
`maxMessageTimeout`	Optional	0	Specifies the upper bound the processing server can override `messageTimeout`.
`allowModeOverride`	Optional	`true`	Enables the processing server to override the policy configuration. When `true`, the server can override the configuration of the `requestHeaderMode`, `responseHeaderMode`, `requestBodyMode`, `responseBodyMode`, `requestTrailerMode`, and `responseTrailerMode` parameters.

uri

Required

External processing server URI. For gRPC type servers, define the URI as \h2://<ext.authz.com>:<port>.

messageTimeout

Optional

1000

Message timeout for the processing server in milliseconds.

requestHeaderMode

Optional

send

Whether the HTTP requests headers are sent to the processing service. Supported values are send and skip.

responseHeaderMode

Optional

send

Whether the HTTP response headers are sent to the processing service. Supported values are send and skip.

requestBodyMode

Optional

none

Mode that the HTTP request body is sent in. Supported values are none, streamed, buffered, and bufferedPartial. Selecting none does not send the request body.

responseBodyMode

Optional

none

Mode that the HTTP response body is sent in. Supported values are none, streamed, buffered, and bufferedPartial. Selecting none does not send the request body.

requestTrailerMode

Optional

skip

Whether the HTTP requests' trailer headers are sent to the processing service. Supported values are send and skip.

responseTrailerMode

Optional

skip

Whether the HTTP response trailer headers are sent to the processing service. Supported values are send and skip.

failureModeAllow

Optional

false

When true, if the gRPC stream prematurely closes or can’t be opened, request processing continues without error.

maxMessageTimeout

Optional

Specifies the upper bound the processing server can override messageTimeout.

allowModeOverride

Optional

true

Enables the processing server to override the policy configuration. When true, the server can override the configuration of the requestHeaderMode, responseHeaderMode, requestBodyMode, responseBodyMode, requestTrailerMode, and responseTrailerMode parameters.

Leaving a value blank configures the parameter with the default value. If a required parameter doesn’t have a default value, you must configure the parameter.

Resource Configuration Example

This configuration streams the request headers, trailers, and body to the external processing server. This configuration does not send any part of the response to the external processing server.

- policyRef:
    name: native-ext-proc-flex
  config:
    uri: h2://<ext.authz.com>:<port>
    messageTimeout: <integer> // OPTIONAL
    responseHeaderMode: skip
    requestBodyMode: streamed
    responseTrailerMode: skip

Flex Gateway Connected Mode

When you apply the External Processing policy to your API from the UI, configure the following parameters:

Parameter Description

Parameter	Description
External processing server URI	External processing server URI. For gRPC type servers, define the URI as `\h2://<ext.authz.com>:<port>`.
Message timeout	Message timeout for the processing server in milliseconds.
Request header processing mode	Whether the requests headers are sent to the processing service.
Response header processing mode	Whether the response headers are sent to the processing service.
Request body processing mode	Mode that the request body is sent in.
Response body processing mode	Mode that the response body is sent in.
Request trailer processing mode	Whether the requests trailers are sent to the processing service.
Response trailer processing mode	Whether the response trailers are sent to the processing service.
Failure mode allow	When `true`, if the gRPC stream prematurely closes or can’t be opened, request processing continues without error.
Max message timeout	Specifies the upper bound the processing server can override Message timeout.
Allow mode override	Enables the processing server to override the policy configuration. When `true`, the server can override the configuration of the Request header processing mode, Response header processing mode, Request body processing mode, Response body processing mode, Request trailer processing mode, and Response trailer processing mode parameters.

External processing server URI

External processing server URI. For gRPC type servers, define the URI as \h2://<ext.authz.com>:<port>.

Message timeout

Message timeout for the processing server in milliseconds.

Request header processing mode

Whether the requests headers are sent to the processing service.

Response header processing mode

Whether the response headers are sent to the processing service.

Request body processing mode

Mode that the request body is sent in.

Response body processing mode

Mode that the response body is sent in.

Request trailer processing mode

Whether the requests trailers are sent to the processing service.

Response trailer processing mode

Whether the response trailers are sent to the processing service.

Failure mode allow

When true, if the gRPC stream prematurely closes or can’t be opened, request processing continues without error.

Max message timeout

Specifies the upper bound the processing server can override Message timeout.

Allow mode override

Enables the processing server to override the policy configuration. When true, the server can override the configuration of the Request header processing mode, Response header processing mode, Request body processing mode, Response body processing mode, Request trailer processing mode, and Response trailer processing mode parameters.

Leaving a value blank configures the parameter with the default value. If a required parameter doesn’t have a default value, you must configure the parameter.

How This Policy Works

The following diagram demonstrates the order in which requests and responses flow when the External Processing policy is applied:

80%

The client makes an HTTP request to Flex Gateway.
Flex Gateway forwards the initial parts of the client HTTP request that you configure to the external processing service. At this point, the external processing service can request additional parts of the request if Allow mode override is enabled.
After Flex Gateway receives the modified HTTP request, Flex Gateway sends the HTTP request to the upstream API service.
Flex Gateway receives the HTTP response from the upstream API service and forwards the initial parts of the HTTP response that you configure to the external processing service. At this point, the external processing service can request additional parts of the HTTP response.
Flex Gateway returns the modified HTTP response from the external processing service to the client.

By default, if Flex Gateway can’t establish a connection to the gRPC service or if the gRPC service returns an error, the policy fails. To forward requests regardless of connection or error status, enable the Failure mode allow parameter.