error when --explain (stream terminated by RST_STREAM with error code NO_ERROR) #201
Comments
|
This is sadly a known issue and we have not determined a root cause as of yet |
|
Is there any workaround? |
|
We hit the same issue. We host spicedb in k8s cluster with istio. If we access spicedb via istio virtual service, with --explain, we reproduce the same error: If we k8s port-forward k8s service of the spicedb Pods to a local port, then run the zed permission check --explain, against the local port, it then works fine. So it makes us think it is an issue related to networking. |
|
@ldeng-apex Any insight into why istio might be showing that error? |
No idea. Just a guess it is related to istio, based on that the workaround does not go through the istio network routing. |
|
Update: we believe this is due to the debug trace information exceeding the maximum configured allowable size of the HTTP2 trailers; some clients libraries allow this to be overridden, but we're doing more research to determine a long-term solution |
|
This should be addressed now as of https://github.com/authzed/zed/releases/tag/v0.17.0 |
|
Thanks guys! I was just coming to this issue to report that this miraculously started working again after upgrading Spicedb to v1.31.0. Can confirm it is working for @ldeng-apex and I now. |
If we are using zed against authzed.com we can not use the "--explain" flag in a permission check.
There is always this error:
INF debugging requested on check
WRN No debuging information returned for the check
Error: rpc error: code = Internal desc = stream terminated by RST_STREAM with error code: NO_ERROR
We are using zed via brew on an apple m1.
The text was updated successfully, but these errors were encountered: