Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Intentions not working #46

Open
pvyaka01 opened this issue May 6, 2020 · 4 comments
Open

Intentions not working #46

pvyaka01 opened this issue May 6, 2020 · 4 comments

Comments

@pvyaka01
Copy link

pvyaka01 commented May 6, 2020

Build from latest master.
When i run with -enable-intentions, this is what i see in the logs and connections are not going through. Works without using that flag but intentions are not honored.

ERRO[0018] error calling POST /v2/services/haproxy/configuration/filters?parent_type=frontend&parent_name=front_downstream&transaction_id=8eae2a31-e9c3-4d14-97c0-6a255c51c798: response was 422: "{"code":602,"message":"index in body is required"}"
INFO[0021] handling new configuration
ERRO[0021] error calling POST /v2/services/haproxy/configuration/filters?parent_type=frontend&parent_name=front_downstream&transaction_id=95c05b05-1380-47fb-9ca4-5ea7e7707e24: response was 422: "{"code":602,"message":"index in body is required"}"
INFO[0024] handling new configuration
ERRO[0024] error calling POST /v2/services/haproxy/configuration/filters?parent_type=frontend&parent_name=front_downstream&transaction_id=2d8d70f8-568c-409c-a555-f0c422bb5e5b: response was 422: "{"code":602,"message":"index in body is required"}"
INFO[0027] handling new configuration
ERRO[0027] error calling POST /v2/services/haproxy/configuration/filters?parent_type=frontend&parent_name=front_downstream&transaction_id=339c6bb3-14c2-487a-b092-75e234741fa6: response was 422: "{"code":602,"message":"index in body is required"}"
@pierresouchay
Copy link
Collaborator

Can you dump the intentions for the target service?

@pvyaka01
Copy link
Author

pvyaka01 commented May 6, 2020
edited

Works with this:
consul intention get dashboard counting
Source: dashboard
Destination: counting
Action: allow
ID: 7078703f-adc9-754e-6d1f-e6e73b0ad3e1
Created At: Wednesday, 06-May-20 15:47:32 UTC

And works with this too:
consul intention get dashboard counting
Source: dashboard
Destination: counting
Action: deny
ID: 7078703f-adc9-754e-6d1f-e6e73b0ad3e1
Created At: Wednesday, 06-May-20 15:47:32 UTC

In other words, "deny" intention is not honored and calls are going through.

@pierresouchay
Copy link
Collaborator

@pvyaka01 Timestamps and IDs are identical, this is not a dump, right?
What are the exact conditions?
Only Deny?
Intention Allow modified to be Deny?

@pvyaka01
Copy link
Author

pvyaka01 commented May 7, 2020 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pvyaka01 @pierresouchay