search

solo-io / gloo

The Feature-rich, Kubernetes-native, Next-Generation API Gateway Built on Envoy
https://docs.solo.io/
Apache License 2.0
4.08k stars 437 forks source link

Badly encoded apikey causes gloo dpanic #10143

Open kevin-shelaga opened 2 days ago

kevin-shelaga commented 2 days ago

Gloo Edge Product

Enterprise

Gloo Edge Version

1.17.1

Kubernetes Version

1.28

Describe the bug

If apikey auth is used and one of the apikey secret data is badly encoded it can cause a dpanic in gloo.

{"level":"dpanic","ts":"2024-09-25T21:46:52.187Z","logger":"gloo-ee.v1.event_loop.setup.gloosnapshot.event_loop.extAuthTranslatorSyncer","caller":"extauth/extauth_translator_syncer.go:111","msg":"error trying to hash snapshot resources for extauth translation","version":"1.17.1","error":"marshalling envoy snapshot components: string field contains invalid UTF-8","errorVerbose":"marshalling envoy snapshot components\n\tgloosnapshot.ApiSyncers.Sync:/go/pkg/mod/github.com/solo-io/gloo@v1.17.4/projects/gloo/pkg/api/v1/gloosnapshot/api_event_loop.sk.go:50\n\tsyncer.(*translatorSyncer).Sync:/go/pkg/mod/github.com/solo-io/gloo@v1.17.4/projects/gloo/pkg/syncer/translator_syncer.go:139\n\tsyncer.(*translatorSyncer).syncExtensions:/go/pkg/mod/github.com/solo-io/gloo@v1.17.4/projects/gloo/pkg/syncer/translator_syncer.go:165\n\textauth.(*translatorSyncerExtension).Sync:/go/src/github.com/solo-io/solo-projects/projects/gloo/pkg/syncer/extauth/extauth_translator_syncer.go:109\n\ttranslator.EnvoyCacheResourcesListToFnvHa...
{"level":"dpanic","ts":"2024-09-25T21:47:03.282Z","caller":"translator/translator.go:348","msg":"marshalling envoy snapshot components: string field contains invalid UTF-8","stacktrace":"[github.com/solo-io/gloo/projects/gloo/pkg/translator.EnvoyCacheResourcesListToFnvHash](http://github.com/solo-io/gloo/projects/gloo/pkg/translator.EnvoyCacheResourcesListToFnvHash)\n\t/go/pkg/mod/github.com/solo-io/gloo@v1.17.4/projects/gloo/pkg/translator/translator.go:348\ngithub.com/solo-io/solo-projects/projects/gloo/pkg/syncer/extauth.(*translatorSyncerExtension).Sync\n\t/go/src/github.com/solo-io/solo-projects/projects/gloo/pkg/syncer/extauth/extauth_translator_syncer.go:109\ngithub.com/solo-io/gloo/projects/gloo/pkg/syncer.(*translatorSyncer).syncExtensions\n\t/go/pkg/mod/github.com/solo-io/gloo@v1.17.4/projects/gloo/pkg/syncer/translator_syncer.go:165\ngithub.com/solo-io/gloo/projects/gloo/pkg/syncer.(*translatorSyncer).Sync\n\t/go/pkg/mod/github.com/solo-io/gloo@v1.17.4/projects/gloo/pkg/syncer/translator_syncer.go:139\ngithub.com/solo-io/gloo/projects/gloo/pkg/api/v1/gloosnapshot.ApiSyncers.Sync\n\t/go/pkg

Expected Behavior

Gloo should log an error and not crash

Steps to reproduce the bug

secret snippet 

data:
  api-key: zde1ogq5ngqtztqzys00nzvlltkyyzitywu2ywy5ytdlzjzm
type: extauth.solo.io/apikey

Additional Environment Detail

No response

Additional Context

Envoy config dump found here: https://solo-io.zendesk.com/agent/tickets/4585

┆Issue is synchronized with this Asana task by Unito

soloio-bot commented 1 day ago

Zendesk ticket #4585 has been linked to this issue.

DuncanDoyle commented 4 hours ago

Reproducer here: https://github.com/DuncanDoyle/gg-10143