search

solo-io / gloo

The Feature-rich, Kubernetes-native, Next-Generation API Gateway Built on Envoy
https://docs.solo.io/
Apache License 2.0
4.09k stars 438 forks source link

Passthrough server returns timeout but extAuth server does not show the problem #5565

Open antonioberben opened 2 years ago

antonioberben commented 2 years ago

Describe the bug When configuring passthrough server, in case there is a timeout between extAtuh and passthrough servers, the first one does not show errors about the reason why the Authorization failed even adding LOG_LEVEL to debug

It just returns 401 Unauthorized

Example of log trace and output:

To Reproduce Steps to reproduce the behavior:

  1. After installing gloo, configure the extAuth to debug log level 
    - name: LOG_LEVEL
  value: debug
  2. Install a service which will return always 504 Timeout (in the attached zip there is echo-service.yaml) Notice that the echo-service is an envoy proxy always returning 504 From echo-service.yaml: 
                              abort:
                            http_status: 504
                            percentage:
                              numerator: 100
  3. Configure the VS and AtuhConfig: 
    apiVersion: gateway.solo.io/v1
kind: VirtualService
metadata:
name: demo
namespace: gloo-system
spec:
virtualHost:
domains:
  - '*'
options:
  extauth:
    configRef:
      name: passthrough-auth
      namespace: gloo-system
routes:
  - matchers:
      - prefix: /
    routeAction:
        single:
          upstream:
            name: default-httpbin-80 # HERE YOU UPSTREAM
            namespace: gloo-system
---
apiVersion: enterprise.gloo.solo.io/v1
kind: AuthConfig
metadata:
name: passthrough-auth
namespace: gloo-system
spec:
configs:
- passThroughAuth:
  http:
    url: http://echo-primary.default.svc.cluster.local:8181
    connectionTimeout: 3s
  4. port-forward 
    kubectl -n gloo-system port-forward svc/gateway-proxy 8081:80
  5. curl the service (in our case, httpbin application) 
    curl -I localhost:8081/get
  6. You will retrieve 401 Unauthorized

Expected behavior

In the extAuth logs we do not show the reason why the communication failed.

Additional context source.zip Add any other context about the problem here, e.g.

github-actions[bot] commented 4 months ago

This issue has been marked as stale because of no activity in the last 180 days. It will be closed in the next 180 days unless it is tagged "no stalebot" or other activity occurs.