Verify that the secrets were created successfully and have the same label:
kubectl get secret -l team=infrastructure -A
NAMESPACE NAME TYPE DATA AGE
gloo-system infra-apikey extauth.solo.io/apikey 1 25m
gloo-system infra-apikey-bad extauth.solo.io/apikey 1 22m
Create "AuthConfig" with the following specs:
auth_config.yaml
failed to translate ext auth config: 1 error occurred:
no API key found on API key secret [gloo-system.infra-apikey-bad]
Reported By: gloo
State: Rejected
Events:
The impact is that, even with at least one valid secret, all authenticated calls will fail with a 403 UAEX, since extauth will report "Auth Server does not contain auth configuration with the given ID" for the respective authconfig.
Is this expected or Gloo EE should have rejected just the malformed secret and accept the others ?
Gloo Edge Product
Enterprise
Gloo Edge Version
1.16
Kubernetes Version
1.28.5
Describe the bug
During creating of an AuthConfig object if one of the secrets used in AuthConfig is malformed, all secrets will be rejected
Expected Behavior
Gloo should only reject malformed secrets and accept good ones
Steps to reproduce the bug
infra-apikey.yaml
infra-apikey-bad.yaml
Verify that the secrets were created successfully and have the same label:
Create "AuthConfig" with the following specs: auth_config.yaml
Check the status of the authconfig object:
kubectl describe authconfig -n gloo-system Name: apikey-auth Namespace: gloo-system Labels:
Annotations:
API Version: enterprise.gloo.solo.io/v1
Kind: AuthConfig
Metadata:
Creation Timestamp: 2024-03-29T18:23:25Z
Generation: 4
Resource Version: 176230
UID: e0772bdd-a8d3-4605-a23e-e6bfa0d70f9f
Spec:
Configs:
API Key Auth:
Header Name: api-key
Label Selector:
Team: infrastructure
Status:
Statuses:
Gloo - System:
Reason: 1 error occurred:
no API key found on API key secret [gloo-system.infra-apikey-bad]
Reported By: gloo State: Rejected Events:
The impact is that, even with at least one valid secret, all authenticated calls will fail with a 403 UAEX, since extauth will report "Auth Server does not contain auth configuration with the given ID" for the respective authconfig.
Is this expected or Gloo EE should have rejected just the malformed secret and accept the others ?
Additional Environment Detail
No response
Additional Context
No response