search

envoyproxy / envoy

Cloud-native high-performance edge/middle/service proxy
https://www.envoyproxy.io
Apache License 2.0
24.35k stars 4.71k forks source link

`route_configuration` defined in SRDS is not being picked up #33519

Open aallawala opened 3 months ago

aallawala commented 3 months ago

If you are reporting any crash or any potential security issue, do not open an issue in this repo. Please report the issue via emailing envoy-security@googlegroups.com where the issue will be triaged appropriately.

Title: The route_configuration field in the type, [envoy.config.route.v3.ScopedRouteConfiguration](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/scoped_route.proto#envoy-v3-api-msg-config-route-v3-scopedrouteconfiguration) is not utilized when it is used via SRDS

Description:

What issue is being seen? Describe what should be happening instead of the bug, for example: Envoy should not crash, the expected value isn't returned, etc.

I have Scoped Routes defined in a ScopedRouteConfiguration with route_configuration defined inline instead of through route_configuration_name. It looks like some config validator is blocking consumption of this field whenever it's read in via SRDS:

Error:

Apr 12 23:23:08 i-0360e1b18781a6b5c envoy-run.sh[27226]: [2024-04-12 23:23:08.017][1][warning][config] [source/extensions/config_subscription/filesystem/filesystem_subscription_impl.cc:60] Filesystem config update rejected: route_configuration_name is empty.

If I specify a route_configuration_name under the srds.yaml config, I get the following error:

Apr 12 23:47:15 i-0360e1b18781a6b5c envoy-run.sh[27226]: [2024-04-12 23:47:15.329][1][warning][config] [source/extensions/config_subscription/filesystem/filesystem_subscription_impl.cc:60] Filesystem config update rejected: Missing config source specifier in envoy::config::core::v3::ConfigSource

Repro steps: I'm utilizing the filesystem xDS mechanisms for setting up Envoy.

srds.yaml (For Scoped Route Discovery Service)

resources:
  - "@type": type.googleapis.com/envoy.config.route.v3.ScopedRouteConfiguration
    name: scoped-route-1
    route_configuration:
      name: route-config-1
      virtual_hosts:
      - name: local_service
        domains: ["*"]
        retry_policy:
          retry_on: connect-failure,reset
        routes:
        - name: route_1
          route:
            cluster: cluster1
    key:
      fragments:
        - string_key: user1

lds.yaml (For Listener Discovery Service)

resources:
  - "@type": type.googleapis.com/envoy.config.listener.v3.Listener
    name: listener_0
    address:
      socket_address:
        address: 0.0.0.0
        port_value: 8000
    filter_chains:
    - filters:
      - name: envoy.filters.network.http_connection_manager
        typed_config:
          "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
          stat_prefix: ingress_http
          codec_type: AUTO
          use_remote_address: true
          common_http_protocol_options:
            idle_timeout: 900s
            headers_with_underscores_action: REJECT_REQUEST
          stream_idle_timeout: 300s
          request_timeout: 300s
          request_headers_timeout: 10s
          http_filters:
          - name: envoy.filters.http.router
            typed_config:
              "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
          scoped_routes:
            name: tenant-scoped-routes
            scoped_rds:
              scoped_rds_config_source:
                path: /etc/envoy/srds/srds.yaml
            scope_key_builder:
              fragments:
                - header_value_extractor:
                    name: X-UserId
                    index: 0

static envoy config:

node:
  cluster: cluster-id
  id: instance-id

admin:
  address:
    socket_address:
      address: 0.0.0.0
      port_value: 8001

dynamic_resources:
  cds_config:
    resource_api_version: V3
    path: /etc/envoy/cds/cds.yaml
  lds_config:
    resource_api_version: V3
    path: /etc/envoy/lds/lds.yaml

Include sample requests, environment, etc. All data and inputs required to reproduce the bug.

Note: The Envoy_collect tool gathers a tarball with debug logs, config and the following admin endpoints: /stats, /clusters and /server_info. Please note if there are privacy concerns, sanitize the data prior to sharing the tarball/pasting.

Admin and Stats Output:

Include the admin output for the following endpoints: /stats, /clusters, /routes, /server_info. For more information, refer to the admin endpoint documentation.

Note: If there are privacy concerns, sanitize the data prior to sharing.

Config:

Include the config used to configure Envoy.

Logs:

Include the access logs and the Envoy logs.

Note: If there are privacy concerns, sanitize the data prior to sharing.

Call Stack:

If the Envoy binary is crashing, a call stack is required. Please refer to the Bazel Stack trace documentation.

adisuissa commented 3 months ago

Thanks for pointing this out. I don't see tests that cover that, so it may be the case.

darshak-patel commented 2 months ago

I am facing the same issue.