Open roivaz opened 1 month ago
Describe the bug
The authorino process panics when the user field in a k8s SAR authorization rule is not defined.
user
Help us Reproduce it
apiVersion: kuadrant.io/v1beta2 kind: AuthPolicy metadata: name: sar-protected-api spec: targetRef: group: gateway.networking.k8s.io kind: HTTPRoute name: some-route routeSelectors: - matches: - path: type: PathPrefix value: /some-path rules: authentication: "service-accounts": kubernetesTokenReview: audiences: - "https://example.com" authorization: "k8s-rbac": kubernetesSubjectAccessReview: groups: - "some-group"
{"level":"info","ts":"2024-10-10T14:30:50Z","logger":"authorino","msg":"Observed a panic in reconciler: runtime error: invalid memory address or nil pointer dereference","controller":"authconfig","controllerGroup":"authorino.kuadrant.io","controllerKind":"AuthConfig","AuthConfig":{"name":"ap-3scale-saas-backend-internal-api","namespace":"3scale-saas"},"namespace":"3scale-saas","name":"ap-3scale-saas-backend-internal-api","reconcileID":"23813405-f48b-4cda-a0f9-ef21c5d6aa8c"} panic: runtime error: invalid memory address or nil pointer dereference [recovered] panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x1b5cd9c] goroutine 180 [running]: sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile.func1() /opt/app-root/src/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.16.3/pkg/internal/controller/controller.go:116 +0x1e5 panic({0x1de0b00?, 0x36d5b30?}) /usr/lib/golang/src/runtime/panic.go:914 +0x21f github.com/kuadrant/authorino/controllers.(*AuthConfigReconciler).translateAuthConfig(0xc00067e680, {0x25020a8, 0xc000c40db0}, 0xc00027f4a0) /usr/src/authorino/controllers/auth_config_controller.go:424 +0x1bdc github.com/kuadrant/authorino/controllers.(*AuthConfigReconciler).Reconcile(0xc00067e680, {0x25020a8, 0xc000afdf80}, {{{0xc0003edaa0?, 0x5?}, {0xc00043ae70?, 0xc000736d08?}}}) /usr/src/authorino/controllers/auth_config_controller.go:114 +0x4ee sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile(0x2507490?, {0x25020a8?, 0xc000afdf80?}, {{{0xc0003edaa0?, 0xb?}, {0xc00043ae70?, 0x0?}}}) /opt/app-root/src/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.16.3/pkg/internal/controller/controller.go:119 +0xb7 sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler(0xc0007c14a0, {0x25020e0, 0xc0007b1270}, {0x1ebbba0?, 0xc0000a87a0?}) /opt/app-root/src/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.16.3/pkg/internal/controller/controller.go:316 +0x3cc sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem(0xc0007c14a0, {0x25020e0, 0xc0007b1270}) /opt/app-root/src/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.16.3/pkg/internal/controller/controller.go:266 +0x1af sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2() /opt/app-root/src/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.16.3/pkg/internal/controller/controller.go:227 +0x79 created by sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2 in goroutine 93 /opt/app-root/src/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.16.3/pkg/internal/controller/controller.go:223 +0x565
Expected behavior
Don't panic and report the error somehow (logs, conditions or even reject the AuthPolicy/AuthConfig).
Environment (please complete the following information):
Additional context
Slack conversation https://kubernetes.slack.com/archives/C05J0D0V525/p1728554107621359
Describe the bug
The authorino process panics when the
userfield in a k8s SAR authorization rule is not defined.Help us Reproduce it
Expected behavior
Don't panic and report the error somehow (logs, conditions or even reject the AuthPolicy/AuthConfig).
Environment (please complete the following information):
Additional context
Slack conversation https://kubernetes.slack.com/archives/C05J0D0V525/p1728554107621359