Closed jvanz closed 1 month ago
Here's the logs from the policy-server,
To simulate this issue, we can use the standalone policy server with the following policies.yaml
{
"clusterwide-user-group": {
"namespacedName": {
"Namespace": "",
"Name": "user-group"
},
"url": "ghcr.io/kubewarden/policies/user-group-psp:v0.6.0",
"policyMode": "protect",
"allowedToMutate": true,
"settings": {
"validate_container_image_configuration": true,
}
}
}
The command to run the policy server can be:
./target/release/policy-server --log-level debug --policies policies.yml --policy-timeout 2
After that, the issue can be trigger using the following request:
And curl command:
curl -XPOST --json @request-pretty.json http://localhost:3000/validate/clusterwide-user-group
In the policy server log, it's possible to see the error:
If I increase the --policy-timeout
to 4
the issue does not happens anymore in my local environment. It looks like that network requests are consuming a lot of time.
As this is not an issue in the policy itself and we documented this behavior in the policy README file. I consider this issue fixed. I'm closing it now.
Is there an existing issue for this?
Current Behavior
During the testing of the
v1.15.0
release candidates we found that the policy is crashing (versionv0.6.0
) when requesting the container image configuration from the registry:We need to investigate if this is an issue in the policy or in the new capability.
Expected Behavior
The policy should evaluate the requests without crashing.
Steps To Reproduce
v0.6.0
Environment
No response
Anything else?
No response