search

Unleash / unleash-proxy

Unleash Proxy is used to safely integrate frontend application with Unleash in a secure and scaleable way.
https://docs.getunleash.io/sdks/unleash-proxy
Apache License 2.0
48 stars 42 forks source link

Unleash Proxy does not return Feature flags for dev environment #137

Closed rmntrvn closed 1 year ago

rmntrvn commented 1 year ago

Describe the bug

Feature Flags have been created in the Gitlab repository named test-feature1 (for All Environments) and test-feature2 (for dev environments).

Unleash-proxy is configured with this repository - the following environment variables are set:

-env:
   -name: UNLEASH_ENVIRONMENT
     value:dev
   -name: UNLEASH_API_TOKEN
     value: some_gitlab_access_api_token
   -name: UNLEASH_PROXY_CLIENT_KEYS
     value: W0JHeVYSFwyBXEY7IV8BHogSx3L
   - name: UNLEASH_URL
     value: https://gitlab.domain/api/v4/feature_flags/unleash/8113
   - name: LOG_LEVEL
     value: info
   - name: UNLEASH_APP_NAME
     value: some_app_name
   -name: UNLEASH_INSTANCE_ID
     value: some_instance_id
   - name: JSON_LOGGER
     value: "true"

When I try to get Feature Flags from unleash-proxy I only get test-feature1 (For All Environments) and not for test-feature2 (for dev).

$ curl --silent unleash-proxy-app-dev.ingress-domain.lan/proxy -H "Authorization: W0JHeVYSFwyBXEY7IV8BHogSx3L" | jq
{
   "toggles": [
     {
       "name": "test-feature1",
       "enabled": true
       "variant": {
         "name": "disabled",
         "enabled": false
       }
     }
   ]
}

If you set the Feature Flags for test-feature2 to All Environments, then the query returns two Feature Flags.

test-feature1 (For All Environments) and test-feature2 (For dev) are both enabled.

How to get Feature Flag from request to unleash proxy for dev environment?

Steps to reproduce the bug

No response

Expected behavior

Should return flags for dev environments.

Logs, error output, etc.

No response

Screenshots

No response

Additional context

No response

Unleash version

0.13.1

Subscription type

Open source

Hosting type

Self-hosted

SDK information (language and version)

No response

tyson-phillips commented 1 year ago

I encounter similar behavior. Toggles are requested from the proxy specifically for the development environment using an API username specific to the development environment, but production environment toggles are returned instead.

kwasniew commented 1 year ago

I don't know the details how gitlab wraps Unleash API but if you talk to a regular Unleash backend you create an API access token only for ONE environment:

Screenshot 2023-05-19 at 21 02 26

Your token will look like this if it's a token for all projects: *:development.5211c6176c765a80bfda1e624a4f0834c86ae41e886efe1073abbea8

Your token will look like this if it's a token for one project (in this case a project called default): default:development.c999344fd5057bb5f5b7b41b98f4ff239cd4f65c666ca4baf031db86

Please note that each token contains the name of the environment it allows to talk to. In the above 2 cases it's development, so you'll only be able to fetch the toggles for the development environment with those tokens.

Here's a link to our docs for the client tokens: https://docs.getunleash.io/reference/api-tokens-and-client-keys#client-tokens

rmntrvn commented 1 year ago

I found the Gitlab documentation. According to which, to run unleash proxy, you need the following:

Unleash Proxy example

As of Unleash Proxy version 0.2, the proxy is compatible with feature flags. To run a Docker container to connect to your project's feature flags, run the following command:Unleash Proxy example As of Unleash Proxy version 0.2, the proxy is compatible with feature flags. To run a Docker container to connect to your project's feature flags, run the following command:

docker run \
  -e UNLEASH_PROXY_SECRETS=<secret> \
  -e UNLEASH_URL=<project feature flags URL> \
  -e UNLEASH_INSTANCE_ID=<project feature flags instance ID> \
  -e UNLEASH_APP_NAME=<project environment> \
  -e UNLEASH_API_TOKEN=<tokenNotUsed> \
  -p 3000:3000 \
  unleashorg/unleash-proxy
Variable Value
UNLEASH_PROXY_SECRETS Shared secret used to configure an Unleash Proxy client.
UNLEASH_URL Your project's API URL. For more details, read Get access credentials.
UNLEASH_INSTANCE_ID Your project's Instance ID. For more details, read Get access credentials.
UNLEASH_APP_NAME The name of the environment the application runs in. For more details, read Get access credentials.
UNLEASH_API_TOKEN Required to start the Unleash Proxy, but not used to connect to GitLab. Can be set to any value. Variable

Value

UNLEASH_PROXY_SECRETS Shared secret used to configure an Unleash Proxy client.

UNLEASH_URL Your project's API URL. For more details, read Get access credentials.

UNLEASH_INSTANCE_ID Your project's Instance ID. For more details, read Get access credentials.

UNLEASH_APP_NAME The name of the environment the application runs in. For more details, read Get access credentials.

UNLEASH_API_TOKEN Required to start the Unleash Proxy, but not used to connect to GitLab. Can be set to any value.

There is a limitation when using the Unleash Proxy where each proxy instance can request flags only for the environment named in UNLEASH_APP_NAME. The Proxy sends this to GitLab on behalf of the client, which means the client can't override it.

Thus, earlier I specified the Gitlab Access Token for the UNLEASH_API_TOKEN value, although I could specify any value. And UNLEASH_APP_NAME indicated the value of CI_PROJECT_NAME, but it was necessary to specify the name of the environment.

My problem is solved.

kwasniew commented 1 year ago

@rmntrvn Thanks for letting us know. It looks like more people stumbled upon this issue: https://gitlab.com/gitlab-org/gitlab/-/issues/354087. Anyway I'm closing this ticket for now since Unleash itself can't do anything about it.