Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Gloo failing with v1.Secret: unknown field "tls.crt" / "ca.crt" #3652

Closed
estahn opened this issue Sep 22, 2020 · 10 comments · Fixed by #3917
Closed

Gloo failing with v1.Secret: unknown field "tls.crt" / "ca.crt" #3652

estahn opened this issue Sep 22, 2020 · 10 comments · Fixed by #3917
Assignees
@sam-heilbron
Labels
Type: Bug Something isn't working

Comments

@estahn
Copy link

estahn commented Sep 22, 2020

Describe the bug

Gloo crashes with the following error message:

{"level":"fatal","ts":1600740799.3195164,"logger":"gloo-ee","caller":"setuputils/main_setup.go:89","msg":"error in setup: starting snapshot watch: initial Secret list: reading secret data into *v1.Secret: unknown field \"tls.crt\" in v1.Secret","version":"1.5.0-beta11","stacktrace":"github.com/solo-io/gloo/pkg/utils/setuputils.Main\n\t/go/pkg/mod/github.com/solo-io/gloo@v1.5.0-beta25/pkg/utils/setuputils/main_setup.go:89\ngithub.com/solo-io/solo-projects/projects/gloo/pkg/setup.Main\n\t/workspace/solo-projects/projects/gloo/pkg/setup/setup.go:49\nmain.main\n\t/workspace/solo-projects/projects/gloo/cmd/main.go:11\nruntime.main\n\t/usr/local/go/src/runtime/proc.go:203"}

cert-manager creates a Kubernetes secret in the following format:

---
apiVersion: v1
data:
  ca.crt: ''
  tls.crt: ''
  tls.key: ''
kind: Secret
metadata:
  name: sandbox-tls
  namespace: cert-manager
type: kubernetes.io/tls

To Reproduce
Steps to reproduce the behavior:

  1. Create a secret in above format.
  2. Use it in a Virtual Service.
  3. See error

Expected behavior
A working integration with cert-manager.

Additional context
Add any other context about the problem here, e.g.

  • Gloo version: Gloo EE 1.5.0-beta11
  • Kubernetes version: 1.16
@estahn estahn added the Type: Bug Something isn't working label Sep 22, 2020
@bdecoste
Copy link
Contributor

bdecoste commented Oct 2, 2020

I have recreated this following doc here: https://cert-manager.io/docs/installation/

With validation enabled:

$ kubectl -n gloo-system edit vs default
error: virtualservices.gateway.solo.io "default" could not be patched: admission webhook "gateway.gloo-system.svc" denied the request: resource incompatible with current Gloo snapshot: [Listener Error: SSLConfigError. Reason: SSL secret not found: list did not find secret gloo-system.cert-manager-tls; Listener Error: SSLConfigError. Reason: SSL secret not found: list did not find secret gloo-system.cert-manager-tls]

$ kubectl -n gloo-system get secret cert-manager-tls
NAME               TYPE                DATA   AGE
cert-manager-tls   kubernetes.io/tls   3      5m41s

$ kubectl -n gloo-system get secret cert-manager-tls -o yaml
apiVersion: v1
data:
  ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURORENDQWh5Z0F3SUJBZ0lSQUl5dVZZU2NNc3A2em1qQzUxUEQ5UjB3RFFZSktvWklodmNOQVFFTEJRQXcKTERFUU1BNEdBMVVFQ2hNSGMyOXNieTVwYnpFWU1CWUdBMVVFQXhNUFptOXZMbVY0WVcxd2JHVXVZMjl0TUI0WApEVEl3TVRBd01qRTJNakUxTWxvWERUSXdNVEl6TVRFMk1qRTFNbG93TERFUU1BNEdBMVVFQ2hNSGMyOXNieTVwCmJ6RVlNQllHQTFVRUF4TVBabTl2TG1WNFlXMXdiR1V1WTI5dE1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0MKQVE4QU1JSUJDZ0tDQVFFQXNGODJaWHhqZXhpaWI1eEUvUzJmSEpTbllhNkVKcHNpamorMWdiOXlORTRNTmNEWgpQYmhFeEV6SkFOQi9CZGpRQ1lOa2ZRVng0Q2dlM1lObE13OGIwMDZTQzJKaFhnOGFYRlR5eWYzbXJYRFBSR3FlCjhNT1JiS1A4N3ByRzdzWWJkcE5GZ2x6QXpXeDdTNmY2cTQ4dXlzdmd4aU5nQUtPM2JpNnZTUUJ0eUx6VFJGSzMKaWdpdGc2cFBidGI0aWw0WDZxL09IRUhRdytHdVo3dWZtazhBYXI4c2VXYTlrTmYxT3VZRkJEcWhXTlhYdjIxWQpkUUlzY0tFaWRYbjdkWFdOZmdzaWZpMGtzZWovd2JVQlJvSXh4ekdSWFJselNZcm9FcmJlWnhyM2VYWjZKdEtiCnlsdElxMWJZakRhQ0NMbG1WbXJkOW82R3grSE1sbjIvSnN0akp3SURBUUFCbzFFd1R6QWRCZ05WSFNVRUZqQVUKQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0RBWURWUjBUQVFIL0JBSXdBREFnQmdOVkhSRUVHVEFYZ2c5bQpiMjh1WlhoaGJYQnNaUzVqYjIySEJIOEFBQUV3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQURwL3NNYzZkSXpOCmFrNDUyVUJha0U3WHd1NWtJL2tjK3FaRXc5eHQ3WEtMVElVeWRrZzB2SzNPUSsvWGN0ZXRQNkhham8zZFRJTlUKRzdGM2U0azBVV2dlNFV0Q25oanpGQ0lZemFsUkhKWVJOc0Nzdlc1M1RJR3FUUUU2SDU0aGtQaEliMEFGV3BwZgo3cEI0UnU0Ri9PR2d4Tmc0emJwMWtYUkZHVXZNTWpqdGtiSjJIWjRvL21pUGV1NTZlTzRIZjUvUDJDaWcycDFICnpxZTBZek5KSHVGWEdRa1hxbnZzR3hWRE5XT2Z1bG1NRWVNVjJJblhOVkxEYjl1UmRpd1FWMDJUaUp3K1JvQjkKV2dQVldaM2RpTUpXYWlwdXpXNGRxR0pXZFR2RjBiQ0Q5TXh2TTVUOGdzZ01YaXlpZ3JkUGhWeWRDR0w5ZjNUQgpxVXBRSXk3RDA2ST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURORENDQWh5Z0F3SUJBZ0lSQUl5dVZZU2NNc3A2em1qQzUxUEQ5UjB3RFFZSktvWklodmNOQVFFTEJRQXcKTERFUU1BNEdBMVVFQ2hNSGMyOXNieTVwYnpFWU1CWUdBMVVFQXhNUFptOXZMbVY0WVcxd2JHVXVZMjl0TUI0WApEVEl3TVRBd01qRTJNakUxTWxvWERUSXdNVEl6TVRFMk1qRTFNbG93TERFUU1BNEdBMVVFQ2hNSGMyOXNieTVwCmJ6RVlNQllHQTFVRUF4TVBabTl2TG1WNFlXMXdiR1V1WTI5dE1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0MKQVE4QU1JSUJDZ0tDQVFFQXNGODJaWHhqZXhpaWI1eEUvUzJmSEpTbllhNkVKcHNpamorMWdiOXlORTRNTmNEWgpQYmhFeEV6SkFOQi9CZGpRQ1lOa2ZRVng0Q2dlM1lObE13OGIwMDZTQzJKaFhnOGFYRlR5eWYzbXJYRFBSR3FlCjhNT1JiS1A4N3ByRzdzWWJkcE5GZ2x6QXpXeDdTNmY2cTQ4dXlzdmd4aU5nQUtPM2JpNnZTUUJ0eUx6VFJGSzMKaWdpdGc2cFBidGI0aWw0WDZxL09IRUhRdytHdVo3dWZtazhBYXI4c2VXYTlrTmYxT3VZRkJEcWhXTlhYdjIxWQpkUUlzY0tFaWRYbjdkWFdOZmdzaWZpMGtzZWovd2JVQlJvSXh4ekdSWFJselNZcm9FcmJlWnhyM2VYWjZKdEtiCnlsdElxMWJZakRhQ0NMbG1WbXJkOW82R3grSE1sbjIvSnN0akp3SURBUUFCbzFFd1R6QWRCZ05WSFNVRUZqQVUKQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0RBWURWUjBUQVFIL0JBSXdBREFnQmdOVkhSRUVHVEFYZ2c5bQpiMjh1WlhoaGJYQnNaUzVqYjIySEJIOEFBQUV3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQURwL3NNYzZkSXpOCmFrNDUyVUJha0U3WHd1NWtJL2tjK3FaRXc5eHQ3WEtMVElVeWRrZzB2SzNPUSsvWGN0ZXRQNkhham8zZFRJTlUKRzdGM2U0azBVV2dlNFV0Q25oanpGQ0lZemFsUkhKWVJOc0Nzdlc1M1RJR3FUUUU2SDU0aGtQaEliMEFGV3BwZgo3cEI0UnU0Ri9PR2d4Tmc0emJwMWtYUkZHVXZNTWpqdGtiSjJIWjRvL21pUGV1NTZlTzRIZjUvUDJDaWcycDFICnpxZTBZek5KSHVGWEdRa1hxbnZzR3hWRE5XT2Z1bG1NRWVNVjJJblhOVkxEYjl1UmRpd1FWMDJUaUp3K1JvQjkKV2dQVldaM2RpTUpXYWlwdXpXNGRxR0pXZFR2RjBiQ0Q5TXh2TTVUOGdzZ01YaXlpZ3JkUGhWeWRDR0w5ZjNUQgpxVXBRSXk3RDA2ST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
  tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcGdJQkFBS0NBUUVBc0Y4MlpYeGpleGlpYjV4RS9TMmZISlNuWWE2RUpwc2lqaisxZ2I5eU5FNE1OY0RaClBiaEV4RXpKQU5CL0JkalFDWU5rZlFWeDRDZ2UzWU5sTXc4YjAwNlNDMkpoWGc4YVhGVHl5ZjNtclhEUFJHcWUKOE1PUmJLUDg3cHJHN3NZYmRwTkZnbHpBeld4N1M2ZjZxNDh1eXN2Z3hpTmdBS08zYmk2dlNRQnR5THpUUkZLMwppZ2l0ZzZwUGJ0YjRpbDRYNnEvT0hFSFF3K0d1Wjd1Zm1rOEFhcjhzZVdhOWtOZjFPdVlGQkRxaFdOWFh2MjFZCmRRSXNjS0VpZFhuN2RYV05mZ3NpZmkwa3Nlai93YlVCUm9JeHh6R1JYUmx6U1lyb0VyYmVaeHIzZVhaNkp0S2IKeWx0SXExYllqRGFDQ0xsbVZtcmQ5bzZHeCtITWxuMi9Kc3RqSndJREFRQUJBb0lCQVFDVWlCcXZiUW42YU15agpZZDlYdUV2L0xkR29tZWdBK3pVbXh0Qjg3RldwWnZFeGM2K0FJdWNHeWdPZEEvbDFXeG9ZYU9iL3dzNGNFSzJ0CnJ6SlN4YTZSVGVJQVpHSExiTHl1ZFh2aVVFa3NWNHkxK1hUUkhtSWlOQmlXZVJKL2s2Y2RQUG1VeDdnM1I5eXQKNGxGZ21ieTJYT3gyOE9Pd3BpK2NRd1NyWGdrV3UwakhwTElERG1aSFFwZjdaalVZMHlscnVOc29HNmJ1cVFFRAozemNSLzMvY0NwUjBHUVdGZ213SXpnd1BJdlNnWm5IcjRQYzdOQ3hxRUhCTU9pZFU2RGpwMlpOWmkwM0E2L3Q4CnRwQkRiczZBR1FCYU5jWEFpRGc3K3dOeVIyVGpIeUdlNkRqRmZRUDBGdDVFdWFVUWh2OG4vejJ3ZHN4TDdWZjAKblZtOXprdkJBb0dCQU02NUp5WktERDdBRFMvaGY3cHplYmE4NWpPbzJKaTc3U2RLbUZ4ZW9VdWVvMVIyUjFjdAphaCtwanNXaEZtY3JQWjJMbHkra0hSQWY4SzRtNi9aVUVOdjJhdU45bWMxbDZXYXkwK1Qvb2FLajZZM2JtVWRNClE1ckhKMlpWaE95aXMzT1Y0eGlwRjdlMlBLQzlZdVhEeWFkeGltT3lOemN4ZjRBY2V3ejQ3TE1sQW9HQkFOcHAKN3laWXFRS2xTeDdrdkZzNUIzamxNaXp4c09ucEZTVnRFSldSU21aV1NJU2pxSk9ONFNlMUVLWGFMMDREd3RDeQpib0Z4NHJ6UGRmYUh1WnFqWVhBczBHTDdQUWlsM1BUdWNEN1o1aFErdmg5bE1tVm15RnNkMUdxSmlnK0tNUmwvCjdwK0crK2dCUXFkTUdZTHFUWVFmR3R0OCszeU1XNGI4S0J0NVJWRmJBb0dCQUw3TFJxWGhPL0lDZ1dsS3YvK1AKS3F3TkpvNVJiUzl5YTB5VFhaSUxTT1VwVW1mWERyc1lVRlZPd2xZRytrMVlMSE1tN2UvcmtXTmJoMkRFelkyNQpReUl4Q2JCVE1VdlFucDNKdVNZbkJjQzlkZ2NXd2g1NjlmNTVoeFM5STRUZ0dhNDVqYk1xQlpqcVdvU2twdzJYCktad2dmL0RLQUlveFpoTVF0a1ZmemQ3OUFvR0JBTXpJZkZFQTJkNUFLckhabHYwVStIdVNzYnZRRktjTVFpWm8KSHgrTkxTdk1oSXZRZ3JOdVdJZ0pUWVdqajZ6ZSs5Ny9IWHRDMDJ0aVBPRWNHcHJ4eXQ4Sk5ZMUlzTTRWN1ppOApvd05hL0UxSkVxdVBEM1JoclVNNU1idCtIN000UjViNEN6MEpxOUM0dGN6MEhndFFNY1BLQWoxKzdyQzFUTy9BCkpyNnpzcGwzQW9HQkFLTW1lUTZGM0lnTEM0QzRJUmxmSHluakZFNkhGbkpscVpSelVpaGd2V243eTQyYkRiTFAKU0x1d05mbnpxeFowTGllUjczT0JPa2plVEJ5bWxQeGZPTjUvYkJRS21tVE1LQ2YxbEYxVVNrYy8yNjR0MkFteQo2VEFiWlErcTY4Zmh5OGZtTDF2UUREMUxrZDdEcFFSSjJZN1R1aFIxVGhFU1M2NjlIZ0ljTUVPNAotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
kind: Secret
metadata:
  annotations:
    cert-manager.io/alt-names: foo.example.com
    cert-manager.io/certificate-name: example-certificate
    cert-manager.io/common-name: foo.example.com
    cert-manager.io/ip-sans: 127.0.0.1
    cert-manager.io/issuer-group: cert-manager.io
    cert-manager.io/issuer-kind: Issuer
    cert-manager.io/issuer-name: selfsigned-issuer
    cert-manager.io/uri-sans: ""
    resource_kind: '*v1.Secret'
  creationTimestamp: "2020-10-02T16:21:52Z"
  name: cert-manager-tls
  namespace: gloo-system
  resourceVersion: "21295735"
  selfLink: /api/v1/namespaces/gloo-system/secrets/cert-manager-tls
  uid: 61aa851b-04cb-11eb-b365-42010ab40033
type: kubernetes.io/tls

Without validation:

{"level":"fatal","ts":1601656164.8377416,"logger":"fds","caller":"setuputils/main_setup.go:89","msg":"error in setup: starting snapshot watch: initial Secret list: reading secret data into *v1.Secret: unknown field \"ca.crt\" in v1.Secret","version":"1.4.15","stacktrace":"github.com/solo-io/gloo/pkg/utils/setuputils.Main\n\t/workspace/gloo/pkg/utils/setuputils/main_setup.go:89\ngithub.com/solo-io/gloo/projects/discovery/pkg/fds/setup.Main\n\t/workspace/gloo/projects/discovery/pkg/fds/setup/setup.go:14\nmain.run.func2\n\t/workspace/gloo/projects/discovery/cmd/main.go:23"}

@bdecoste
Copy link
Contributor

bdecoste commented Oct 2, 2020

If there are 2 failures and 1 is an Inja failure then only the Inja failure is reported. Also. even though there is a rejection the proxy object is still returned.


$ curl -k -XPOST -d @validation-test-list.json -H 'Content-Type: application/json' https://localhost:8443/validation
{"response":{"uid":"1234","allowed":false,"status":{"metadata":{},"message":"resource incompatible with current Gloo snapshot: [VirtualHost Error: ProcessingError. Reason: invalid virtual host [gloo-system_invalid-vs-2]: envoy validation mode output: [external/envoy/source/server/config_validation/server.cc:60] error initializing configuration '': Failed to parse response template: Failed to parse header template ':status': [inja.exception.parser_error] expected statement close, got '}'\n, error: exit status 1]","details":{"name":"invalid-vs-list","kind":"List","causes":[{"message":"VirtualHost Error ProcessingError: invalid virtual host [gloo-system_invalid-vs-2]: envoy validation mode output: [external/envoy/source/server/config_validation/server.cc:60] error initializing configuration '': Failed to parse response template: Failed to parse header template ':status': [inja.exception.parser_error] expected statement close, got '}'\n, error: exit status 1"}]}}},"proxies":[{"listeners":[{"name":"listener-::-8080","bind_address":"::","bind_port":8080,"ListenerType":{"http_listener":{"virtual_hosts":[{"name":"gloo-system.invalid-vs-2","routes":[{"matchers":[{"PathSpecifier":{"prefix":"/api"}}],"Action":{"route_action":{"Destination":{"single":{"DestinationType":{"upstream":{"name":"default-petstore-8080","namespace":"gloo-system"}}}}}},"metadata":{"fields":{"sources":{"Kind":{"list_value":{"values":[{"Kind":{"struct_value":{"fields":{"kind":{"Kind":{"string_value":"*v1.RouteTable"}},"name":{"Kind":{"string_value":"rt1"}},"namespace":{"Kind":{"string_value":"gloo-system"}},"observedGeneration":{"Kind":{"number_value":2}}}}}},{"Kind":{"struct_value":{"fields":{"kind":{"Kind":{"string_value":"*v1.VirtualService"}},"name":{"Kind":{"string_value":"invalid-vs-2"}},"namespace":{"Kind":{"string_value":"gloo-system"}},"observedGeneration":{"Kind":{}}}}}}]}}}}}}],"options":{"transformations":{"response_transformation":{"TransformationType":{"transformation_template":{"headers":{":status":{"text":"{% if default(data.error.message, \"\") != \"\" }400{% else %}{{ header(\":status\") }}{% endif %}"}},"BodyTransformation":null}}}}},"metadata":{"fields":{"sources":{"Kind":{"list_value":{"values":[{"Kind":{"struct_value":{"fields":{"kind":{"Kind":{"string_value":"*v1.VirtualService"}},"name":{"Kind":{"string_value":"invalid-vs-2"}},"namespace":{"Kind":{"string_value":"gloo-system"}},"observedGeneration":{"Kind":{}}}}}}]}}}}}}],"options":{"http_connection_manager_settings":{"stream_idle_timeout":120000000000,"idle_timeout":120000000000}}}},"use_proxy_proto":{},"metadata":{"fields":{"sources":{"Kind":{"list_value":{"values":[{"Kind":{"struct_value":{"fields":{"kind":{"Kind":{"string_value":"*v1.Gateway"}},"name":{"Kind":{"string_value":"gateway-proxy"}},"namespace":{"Kind":{"string_value":"gloo-system"}},"observedGeneration":{"Kind":{"number_value":486}}}}}}]}}}}}},{"name":"listener-::-8443","bind_address":"::","bind_port":8443,"ListenerType":{"http_listener":{"virtual_hosts":[{"name":"gloo-system.default","domains":["*"],"routes":[{"matchers":[{"PathSpecifier":{"exact":"/v7/insights/providers"}}],"Action":{"direct_response_action":{"status":200,"body":"DIRECT_ACTION_RESPONSE"}},"metadata":{"fields":{"sources":{"Kind":{"list_value":{"values":[{"Kind":{"struct_value":{"fields":{"kind":{"Kind":{"string_value":"*v1.VirtualService"}},"name":{"Kind":{"string_value":"default"}},"namespace":{"Kind":{"string_value":"gloo-system"}},"observedGeneration":{"Kind":{"number_value":325}}}}}}]}}}}}},{"matchers":[{"PathSpecifier":{"regex":"\\/v7\\/insights\\/providers\\/(\\d+)"}}],"Action":{"route_action":{"Destination":{"single":{"DestinationType":{"upstream":{"name":"default-httpbin-8080","namespace":"gloo-system"}}}}}},"options":{"transformations":{"request_transformation":{"TransformationType":{"header_body_transform":{}}}},"prefix_rewrite":{"value":"/patch"},"HostRewriteType":null,"cors":{"allow_origin":["*"],"allow_methods":["GET","OPTIONS","POST"],"allow_headers":["*"],"expose_headers":["origin"],"max_age":"1d"},"jwt":{"disable":true},"extauth":{"Spec":{"disable":true}},"staged_transformations":{"early":{"response_transforms":[{"response_transformation":{"TransformationType":{"transformation_template":{"BodyTransformation":{"body":{"text":"{% if header(\":status\") == \"401\" %}{ \"error\": \"Custom Auth Message\" }{% else %}{{ body() }}{% endif %}"}},"parse_body_behavior":1}}}}]}}},"metadata":{"fields":{"sources":{"Kind":{"list_value":{"values":[{"Kind":{"struct_value":{"fields":{"kind":{"Kind":{"string_value":"*v1.VirtualService"}},"name":{"Kind":{"string_value":"default"}},"namespace":{"Kind":{"string_value":"gloo-system"}},"observedGeneration":{"Kind":{"number_value":325}}}}}}]}}}}}},{"matchers":[{"PathSpecifier":{"regex":"^\\/enterprises\\/[^/]*\\/tenants\\/[^/]*\\/credentials$"},"methods":["GET","POST"]},{"PathSpecifier":{"regex":"^\\/enterprises\\/[^/]*\\/tenants\\/[^/]*\\/credentials\\/[^/]*$"},"methods":["GET","PUT","DELETE"]},{"PathSpecifier":{"regex":"^\\/enterprises\\/[^/]*\\/tenants\\/[^/]*\\/auth_info$"},"methods":["GET"]},{"PathSpecifier":{"exact":"/invites/accept"},"methods":["POST"]},{"PathSpecifier":{"regex":"^\\/enterprises\\/[^/]*\\/tenants$"},"methods":["GET","POST","OPTIONS","PATCH"]},{"PathSpecifier":{"regex":"^\\/enterprises\\/[^/]*\\/tenants\\/[^/]*$"},"methods":["GET","DELETE"]},{"PathSpecifier":{"regex":"^\\/enterprises\\/[^/]*\\/tenants\\/[^/]*\\/users$"},"methods":["GET","PATCH"]},{"PathSpecifier":{"regex":"^\\/enterprises\\/[^/]*\\/tenants\\/[^/]*\\/invites$"},"methods":["POST"]},{"PathSpecifier":{"regex":"^\\/enterprises\\/[^/]*\\/tenants\\/[^/]*\\/users/[^/]*$"},"methods":["DELETE"]},{"PathSpecifier":{"regex":"^\\/enterprises\\/[^/]*$"},"methods":["DELETE"]},{"PathSpecifier":{"regex":"^\\/enterprises\\/[^/]*\\/invites$"},"methods":["POST"]},{"PathSpecifier":{"regex":"^\\/enterprises\\/[^/]*\\/users$"},"methods":["GET","PATCH"]},{"PathSpecifier":{"regex":"^\\/enterprises\\/[^/]*\\/users/[^/]*$"},"methods":["DELETE"]}],"Action":{"route_action":{"Destination":{"single":{"DestinationType":{"upstream":{"name":"default-httpbin-8080","namespace":"gloo-system"}}}}}},"options":{"prefix_rewrite":{"value":"/patch"},"HostRewriteType":null,"cors":{"allow_origin":["*"],"allow_methods":["GET","POST"],"allow_headers":["origin","authorization"],"expose_headers":["origin"],"max_age":"1d","allow_credentials":true},"waf":{"disabled":true},"jwt":{"disable":true},"rbac":{"disable":true},"extauth":{"Spec":{"disable":true}}},"metadata":{"fields":{"sources":{"Kind":{"list_value":{"values":[{"Kind":{"struct_value":{"fields":{"kind":{"Kind":{"string_value":"*v1.VirtualService"}},"name":{"Kind":{"string_value":"default"}},"namespace":{"Kind":{"string_value":"gloo-system"}},"observedGeneration":{"Kind":{"number_value":325}}}}}}]}}}}}},{"matchers":[{"PathSpecifier":{"prefix":"/canary"}}],"Action":{"route_action":{"Destination":{"multi":{"destinations":[{"destination":{"DestinationType":{"upstream":{"name":"default-petstore-8080","namespace":"gloo-system"}}},"weight":5},{"destination":{"DestinationType":{"upstream":{"name":"default-petstore-v2-8080","namespace":"gloo-system"}}},"weight":5}]}}}},"options":{"prefix_rewrite":{"value":"/api/pets"},"HostRewriteType":null,"waf":{"disabled":true},"jwt":{"disable":true},"rbac":{"disable":true},"extauth":{"Spec":{"disable":true}}},"metadata":{"fields":{"sources":{"Kind":{"list_value":{"values":[{"Kind":{"struct_value":{"fields":{"kind":{"Kind":{"string_value":"*v1.VirtualService"}},"name":{"Kind":{"string_value":"default"}},"namespace":{"Kind":{"string_value":"gloo-system"}},"observedGeneration":{"Kind":{"number_value":325}}}}}}]}}}}}},{"matchers":[{"PathSpecifier":{"prefix":"/httpbin/"},"methods":["GET","POST","OPTIONS","PATCH"]}],"Action":{"route_action":{"Destination":{"single":{"DestinationType":{"upstream":{"name":"default-httpbin-8080","namespace":"gloo-system"}}}}}},"options":{"prefix_rewrite":{"value":"/"},"HostRewriteType":{"auto_host_rewrite":{"value":true}},"cors":{"allow_origin":["*"],"allow_methods":["GET","POST"],"allow_headers":["origin","authorization"],"expose_headers":["origin"],"max_age":"1d","allow_credentials":true},"jwt":{"disable":true},"rbac":{"disable":true},"extauth":{"Spec":{"disable":true}}},"metadata":{"fields":{"sources":{"Kind":{"list_value":{"values":[{"Kind":{"struct_value":{"fields":{"kind":{"Kind":{"string_value":"*v1.VirtualService"}},"name":{"Kind":{"string_value":"default"}},"namespace":{"Kind":{"string_value":"gloo-system"}},"observedGeneration":{"Kind":{"number_value":325}}}}}}]}}}}}},{"matchers":[{"PathSpecifier":{"prefix":"/dynamic-metadata"}}],"Action":{"route_action":{"Destination":{"single":{"DestinationType":{"upstream":{"name":"default-petstore-8080","namespace":"gloo-system"}}}}}},"options":{"transformations":{"request_transformation":{"TransformationType":{"transformation_template":{"BodyTransformation":null,"dynamic_metadata_values":[{"key":"matchers","value":{"text":"{% if \"404\" == \"404\" %}spl{% else %}spl{% endif %}"}},{"key":"central-id","value":{"text":"test"}},{"key":"pod_name","value":{"text":"{{ env(\"POD_NAME\") }}"}}]}}}},"prefix_rewrite":{"value":"/api/pets"},"HostRewriteType":{"auto_host_rewrite":{"value":true}},"jwt":{"disable":true},"rbac":{"disable":true},"extauth":{"Spec":{"disable":true}}},"metadata":{"fields":{"sources":{"Kind":{"list_value":{"values":[{"Kind":{"struct_value":{"fields":{"kind":{"Kind":{"string_value":"*v1.VirtualService"}},"name":{"Kind":{"string_value":"default"}},"namespace":{"Kind":{"string_value":"gloo-system"}},"observedGeneration":{"Kind":{"number_value":325}}}}}}]}}}}}},{"matchers":[{"PathSpecifier":{"exact":"/early-trans-auth"}}],"Action":{"route_action":{"Destination":{"single":{"DestinationType":{"upstream":{"name":"default-petstore-8080","namespace":"gloo-system"}}}}}},"options":{"prefix_rewrite":{"value":"/api/pets"},"HostRewriteType":null,"jwt":{"disable":true},"extauth":{"Spec":{}},"staged_transformations":{"early":{"request_transforms":[{"request_transformation":{"TransformationType":{"transformation_template":{"extractors":{"tempauth1":{"Source":{"header":"authorization"},"regex":".*"}},"headers":{"authorization":{"text":"{% if header(\"authorization\") == \"foo\" %}basic dXNlcjpwYXNzd29yZA=={% else %}{{ header(\"authorization\") }}{% endif %}"}},"BodyTransformation":null}}}}]},"regular":{"response_transforms":[{"response_transformation":{"TransformationType":{"transformation_template":{"headers":{":status":{"text":"{% if header(\":status:\") == \"200\" %}201{% else %}{{ header(\":status:\") }}{% endif %}"}},"BodyTransformation":null}}}}]}}},"metadata":{"fields":{"sources":{"Kind":{"list_value":{"values":[{"Kind":{"struct_value":{"fields":{"kind":{"Kind":{"string_value":"*v1.VirtualService"}},"name":{"Kind":{"string_value":"default"}},"namespace":{"Kind":{"string_value":"gloo-system"}},"observedGeneration":{"Kind":{"number_value":325}}}}}}]}}}}}},{"matchers":[{"PathSpecifier":{"exact":"/regular-trans-auth"}}],"Action":{"route_action":{"Destination":{"single":{"DestinationType":{"upstream":{"name":"default-petstore-8080","namespace":"gloo-system"}}}}}},"options":{"prefix_rewrite":{"value":"/api/pets"},"HostRewriteType":null,"jwt":{"disable":true},"extauth":{"Spec":{}},"staged_transformations":{"regular":{"request_transforms":[{"request_transformation":{"TransformationType":{"transformation_template":{"headers":{"Authorization":{"text":"{% if header(\"Authorization\") == \"foo\" %}basic dXNlcjpwYXNzd29yZA=={% else %}{{ header(\"Authorization\") }}{% endif %}"}},"BodyTransformation":null}}}}]}}},"metadata":{"fields":{"sources":{"Kind":{"list_value":{"values":[{"Kind":{"struct_value":{"fields":{"kind":{"Kind":{"string_value":"*v1.VirtualService"}},"name":{"Kind":{"string_value":"default"}},"namespace":{"Kind":{"string_value":"gloo-system"}},"observedGeneration":{"Kind":{"number_value":325}}}}}}]}}}}}},{"matchers":[{"PathSpecifier":{"exact":"/jwt-pets"}}],"Action":{"route_action":{"Destination":{"single":{"DestinationType":{"upstream":{"name":"default-petstore-8080","namespace":"gloo-system"}}}}}},"options":{"prefix_rewrite":{"value":"/api/pets"},"HostRewriteType":null,"jwt":{},"extauth":{"Spec":{"disable":true}},"staged_transformations":{"early":{"response_transforms":[{"response_transformation":{"TransformationType":{"transformation_template":{"BodyTransformation":{"body":{"text":"{% if body() == \"Jwt is expired\" %}modified{% else %}original{% endif %}"}},"parse_body_behavior":1}}}}]}}},"metadata":{"fields":{"sources":{"Kind":{"list_value":{"values":[{"Kind":{"struct_value":{"fields":{"kind":{"Kind":{"string_value":"*v1.VirtualService"}},"name":{"Kind":{"string_value":"default"}},"namespace":{"Kind":{"string_value":"gloo-system"}},"observedGeneration":{"Kind":{"number_value":325}}}}}}]}}}}}},{"matchers":[{"PathSpecifier":{"exact":"/basic-auth-transform"}}],"Action":{"route_action":{"Destination":{"single":{"DestinationType":{"upstream":{"name":"default-petstore-8080","namespace":"gloo-system"}}}}}},"options":{"prefix_rewrite":{"value":"/api/pets"},"HostRewriteType":null,"jwt":{"disable":true},"extauth":{"Spec":{}},"staged_transformations":{"regular":{"response_transforms":[{"response_transformation":{"TransformationType":{"transformation_template":{"headers":{":status":{"text":"{% if header(\":status\") == \"200\" %}201{% else %}{{ header(\":status\") }}{% endif %}"}},"BodyTransformation":{"body":{"text":"{% if header(\":status\") == \"200\" %}FOO!!!!{% else %}BAR!!!!{% endif %}"}}}}}}]}}},"metadata":{"fields":{"sources":{"Kind":{"list_value":{"values":[{"Kind":{"struct_value":{"fields":{"kind":{"Kind":{"string_value":"*v1.VirtualService"}},"name":{"Kind":{"string_value":"default"}},"namespace":{"Kind":{"string_value":"gloo-system"}},"observedGeneration":{"Kind":{"number_value":325}}}}}}]}}}}}},{"matchers":[{"PathSpecifier":{"exact":"/auth"}}],"Action":{"route_action":{"Destination":{"single":{"DestinationType":{"upstream":{"name":"default-petstore-8080","namespace":"gloo-system"}}}}}},"options":{"prefix_rewrite":{"value":"/api/pets"},"HostRewriteType":null,"jwt":{"disable":true},"extauth":{"Spec":{}}},"metadata":{"fields":{"sources":{"Kind":{"list_value":{"values":[{"Kind":{"struct_value":{"fields":{"kind":{"Kind":{"string_value":"*v1.VirtualService"}},"name":{"Kind":{"string_value":"default"}},"namespace":{"Kind":{"string_value":"gloo-system"}},"observedGeneration":{"Kind":{"number_value":325}}}}}}]}}}}}},{"matchers":[{"PathSpecifier":{"exact":"/rate-limit-envoy"}}],"Action":{"route_action":{"Destination":{"single":{"DestinationType":{"upstream":{"name":"default-petstore-8080","namespace":"gloo-system"}}}}}},"options":{"prefix_rewrite":{"value":"/api/pets"},"HostRewriteType":null,"ratelimit":{"rate_limits":[{"actions":[{"ActionSpecifier":{"generic_key":{"descriptor_value":"bucket"}}}]}]},"jwt":{"disable":true},"rbac":{"disable":true},"extauth":{"Spec":{"disable":true}}},"metadata":{"fields":{"sources":{"Kind":{"list_value":{"values":[{"Kind":{"struct_value":{"fields":{"kind":{"Kind":{"string_value":"*v1.VirtualService"}},"name":{"Kind":{"string_value":"default"}},"namespace":{"Kind":{"string_value":"gloo-system"}},"observedGeneration":{"Kind":{"number_value":325}}}}}}]}}}}}},{"matchers":[{"PathSpecifier":{"prefix":"/oauth-gloo-callback"}}],"Action":{"route_action":{"Destination":{"single":{"DestinationType":{"upstream":{"name":"default-petstore-8080","namespace":"gloo-system"}}}}}},"options":{"HostRewriteType":null,"jwt":{"disable":true}},"metadata":{"fields":{"sources":{"Kind":{"list_value":{"values":[{"Kind":{"struct_value":{"fields":{"kind":{"Kind":{"string_value":"*v1.VirtualService"}},"name":{"Kind":{"string_value":"default"}},"namespace":{"Kind":{"string_value":"gloo-system"}},"observedGeneration":{"Kind":{"number_value":325}}}}}}]}}}}}},{"matchers":[{"PathSpecifier":{"prefix":"/echo"}}],"Action":{"route_action":{"Destination":{"single":{"DestinationType":{"upstream":{"name":"echo-postman","namespace":"gloo-system"}}}}}},"options":{"prefix_rewrite":{"value":"/get"},"HostRewriteType":{"auto_host_rewrite":{"value":true}},"jwt":{"disable":true},"extauth":{"Spec":{"disable":true}}},"metadata":{"fields":{"sources":{"Kind":{"list_value":{"values":[{"Kind":{"struct_value":{"fields":{"kind":{"Kind":{"string_value":"*v1.VirtualService"}},"name":{"Kind":{"string_value":"default"}},"namespace":{"Kind":{"string_value":"gloo-system"}},"observedGeneration":{"Kind":{"number_value":325}}}}}}]}}}}}},{"matchers":[{"PathSpecifier":{"exact":"/exact"}}],"Action":{"route_action":{"Destination":{"single":{"DestinationType":{"upstream":{"name":"default-petstore-8080","namespace":"gloo-system"}}}}}},"options":{"transformations":{"response_transformation":{"TransformationType":{"transformation_template":{"BodyTransformation":{"body":{"text":"{% if header(\":status\") == \"200\" %}foo{% else %}bar{% endif %}"}}}}}},"prefix_rewrite":{"value":"/api/pets"},"HostRewriteType":null,"jwt":{"disable":true},"extauth":{"Spec":{"disable":true}}},"metadata":{"fields":{"sources":{"Kind":{"list_value":{"values":[{"Kind":{"struct_value":{"fields":{"kind":{"Kind":{"string_value":"*v1.VirtualService"}},"name":{"Kind":{"string_value":"default"}},"namespace":{"Kind":{"string_value":"gloo-system"}},"observedGeneration":{"Kind":{"number_value":325}}}}}}]}}}}}},{"matchers":[{"PathSpecifier":{"exact":"/waf-pets"},"headers":[{"name":"upgrade"}]}],"Action":{"route_action":{"Destination":{"single":{"DestinationType":{"upstream":{"name":"default-petstore-8080","namespace":"gloo-system"}}}}}},"options":{"prefix_rewrite":{"value":"/api/pets"},"HostRewriteType":null,"jwt":{"disable":true},"extauth":{"Spec":{"disable":true}}},"metadata":{"fields":{"sources":{"Kind":{"list_value":{"values":[{"Kind":{"struct_value":{"fields":{"kind":{"Kind":{"string_value":"*v1.VirtualService"}},"name":{"Kind":{"string_value":"default"}},"namespace":{"Kind":{"string_value":"gloo-system"}},"observedGeneration":{"Kind":{"number_value":325}}}}}}]}}}}}},{"matchers":[{"PathSpecifier":{"exact":"/waf-pets"}}],"Action":{"route_action":{"Destination":{"single":{"DestinationType":{"upstream":{"name":"default-petstore-8080","namespace":"gloo-system"}}}}}},"options":{"prefix_rewrite":{"value":"/api/pets"},"HostRewriteType":null,"waf":{"custom_intervention_message":"404 NOT FOUND","core_rule_set":{"CustomSettingsType":{"custom_settings_string":"SecRuleEngine DetectionOnly\nSecRequestBodyAccess On\nSecResponseBodyAccess On\nSecAuditLogParts AHKZ\nSecAuditLogFormat JSON\nSecDebugLog /dev/stdout\nSecDebugLogLevel 9\nSecDefaultAction \"phase:1,log,auditlog,deny,status:403\"\nSecDefaultAction \"phase:2,log,auditlog,deny,status:403\"\nSecAction \\\n  \"id:900990,\\\n    phase:1,\\\n    nolog,\\\n    pass,\\\n    t:none,\\\n    setvar:tx.crs_setup_version=310\"\nSecAction \\\n  \"id:900200,\\\n    phase:1,\\\n    nolog,\\\n    pass,\\\n    t:none,\\\n    setvar:'tx.allowed_methods=GET OPTIONS POST PUT PATCH DELETE'\"\n"}},"audit_logging":{"action":2}},"jwt":{"disable":true},"extauth":{"Spec":{"disable":true}}},"metadata":{"fields":{"sources":{"Kind":{"list_value":{"values":[{"Kind":{"struct_value":{"fields":{"kind":{"Kind":{"string_value":"*v1.VirtualService"}},"name":{"Kind":{"string_value":"default"}},"namespace":{"Kind":{"string_value":"gloo-system"}},"observedGeneration":{"Kind":{"number_value":325}}}}}}]}}}}}},{"matchers":[{"PathSpecifier":{"exact":"/waf-echo"}}],"Action":{"route_action":{"Destination":{"single":{"DestinationType":{"upstream":{"name":"echo-postman","namespace":"gloo-system"}}}}}},"options":{"prefix_rewrite":{"value":"/get"},"HostRewriteType":null,"waf":{"custom_intervention_message":"404 NOT FOUND","core_rule_set":{"CustomSettingsType":{"custom_settings_string":"SecRuleEngine DetectionOnly\nSecRequestBodyAccess On\nSecAuditLogParts AHKZ\nSecAuditLogFormat JSON\nSecDebugLog /dev/stdout\nSecDebugLogLevel 9\nSecDefaultAction \"phase:1,log,deny,status:403\"\nSecDefaultAction \"phase:2,log,deny,status:403\"\nSecAction \\\n  \"id:900990,\\\n    phase:1,\\\n    nolog,\\\n    pass,\\\n    t:none,\\\n    setvar:tx.crs_setup_version=310\"\nSecAction \\\n  \"id:900200,\\\n    phase:1,\\\n    nolog,\\\n    pass,\\\n    t:none,\\\n    setvar:'tx.allowed_methods=GET OPTIONS POST PUT PATCH DELETE'\"\n"}}},"jwt":{"disable":true},"extauth":{"Spec":{"disable":true}}},"metadata":{"fields":{"sources":{"Kind":{"list_value":{"values":[{"Kind":{"struct_value":{"fields":{"kind":{"Kind":{"string_value":"*v1.VirtualService"}},"name":{"Kind":{"string_value":"default"}},"namespace":{"Kind":{"string_value":"gloo-system"}},"observedGeneration":{"Kind":{"number_value":325}}}}}}]}}}}}},{"matchers":[{"PathSpecifier":{"exact":"/shadow"}}],"Action":{"route_action":{"Destination":{"single":{"DestinationType":{"upstream":{"name":"default-petstore-8080","namespace":"gloo-system"}}}}}},"options":{"prefix_rewrite":{"value":"/api/pets"},"shadowing":{"upstream":{"name":"default-petstore-v2-8080","namespace":"gloo-system"},"percentage":100},"HostRewriteType":{"host_rewrite":"foo.example.com"},"jwt":{"disable":true},"extauth":{"Spec":{"disable":true}}},"metadata":{"fields":{"sources":{"Kind":{"list_value":{"values":[{"Kind":{"struct_value":{"fields":{"kind":{"Kind":{"string_value":"*v1.VirtualService"}},"name":{"Kind":{"string_value":"default"}},"namespace":{"Kind":{"string_value":"gloo-system"}},"observedGeneration":{"Kind":{"number_value":325}}}}}}]}}}}}},{"matchers":[{"PathSpecifier":{"prefix":"/api/pets"}}],"Action":{"route_action":{"Destination":{"single":{"DestinationType":{"upstream":{"name":"default-petstore-8080","namespace":"gloo-system"}}}}}},"options":{"HostRewriteType":null,"jwt":{"disable":true},"extauth":{"Spec":{"disable":true}}},"metadata":{"fields":{"sources":{"Kind":{"list_value":{"values":[{"Kind":{"struct_value":{"fields":{"kind":{"Kind":{"string_value":"*v1.VirtualService"}},"name":{"Kind":{"string_value":"default"}},"namespace":{"Kind":{"string_value":"gloo-system"}},"observedGeneration":{"Kind":{"number_value":325}}}}}}]}}}}}},{"matchers":[{"PathSpecifier":{"prefix":"/simple"}}],"Action":{"route_action":{"Destination":{"single":{"DestinationType":{"upstream":{"name":"default-petstore-8080","namespace":"gloo-system"}}}}}},"options":{"prefix_rewrite":{"value":"/api/pets"},"HostRewriteType":null,"jwt":{"disable":true},"extauth":{"Spec":{"disable":true}}},"metadata":{"fields":{"sources":{"Kind":{"list_value":{"values":[{"Kind":{"struct_value":{"fields":{"kind":{"Kind":{"string_value":"*v1.VirtualService"}},"name":{"Kind":{"string_value":"default"}},"namespace":{"Kind":{"string_value":"gloo-system"}},"observedGeneration":{"Kind":{"number_value":325}}}}}}]}}}}}},{"matchers":[{"PathSpecifier":{"prefix":"/delay"}}],"Action":{"route_action":{"Destination":{"single":{"DestinationType":{"upstream":{"name":"slow","namespace":"gloo-system"}}}}}},"options":{"HostRewriteType":{"auto_host_rewrite":{"value":true}},"jwt":{"disable":true},"extauth":{"Spec":{"disable":true}}},"metadata":{"fields":{"sources":{"Kind":{"list_value":{"values":[{"Kind":{"struct_value":{"fields":{"kind":{"Kind":{"string_value":"*v1.VirtualService"}},"name":{"Kind":{"string_value":"default"}},"namespace":{"Kind":{"string_value":"gloo-system"}},"observedGeneration":{"Kind":{"number_value":325}}}}}}]}}}}}},{"matchers":[{"PathSpecifier":{"exact":"/oidc"}}],"Action":{"route_action":{"Destination":{"single":{"DestinationType":{"upstream":{"name":"default-petstore-8080","namespace":"gloo-system"}}}}}},"options":{"prefix_rewrite":{"value":"/api/pets"},"HostRewriteType":null,"jwt":{"disable":true}},"metadata":{"fields":{"sources":{"Kind":{"list_value":{"values":[{"Kind":{"struct_value":{"fields":{"kind":{"Kind":{"string_value":"*v1.VirtualService"}},"name":{"Kind":{"string_value":"default"}},"namespace":{"Kind":{"string_value":"gloo-system"}},"observedGeneration":{"Kind":{"number_value":325}}}}}}]}}}}}}],"options":{"retries":{"retry_on":"5xx","num_retries":3},"header_manipulation":{"request_headers_to_remove":["x-powered-by"]},"jwt":{"providers":{"valid":{"jwks":{"Jwks":{"remote":{"url":"http://jwt.example.com/auth/realms/solo/protocol/openid-connect/certs","upstream_ref":{"name":"default-keycloak-8080","namespace":"gloo-system"},"cache_duration":{"seconds":3600}}}},"audiences":["account"],"issuer":"http://35.203.154.113/auth/realms/solo","keep_token":true,"claims_to_headers":[{"claim":"email","header":"emailheader"},{"claim":"sub","header":"subheader"}]}}},"extauth":{"Spec":{"config_ref":{"name":"opa-bundle","namespace":"gloo-system"}}}},"metadata":{"fields":{"sources":{"Kind":{"list_value":{"values":[{"Kind":{"struct_value":{"fields":{"kind":{"Kind":{"string_value":"*v1.VirtualService"}},"name":{"Kind":{"string_value":"default"}},"namespace":{"Kind":{"string_value":"gloo-system"}},"observedGeneration":{"Kind":{"number_value":325}}}}}}]}}}}}}],"options":{"http_connection_manager_settings":{"use_remote_address":{},"stream_idle_timeout":1105000000000,"idle_timeout":1104000000000,"upgrades":[{"UpgradeType":{"websocket":{"enabled":{"value":true}}}}]},"proxy_latency":{"measure_request_internally":true,"response":1,"emit_dynamic_metadata":{"value":true}}}}},"ssl_configurations":[{"SslSecrets":{"secret_ref":{"name":"tls","namespace":"gloo-system"}}}],"use_proxy_proto":{},"options":{"access_logging_service":{"access_log":[{"OutputDestination":{"file_sink":{"path":"/dev/stdout","OutputFormat":{"json_format":{"fields":{"access":{"Kind":{"string_value":"ACCESS"}},"authority":{"Kind":{"string_value":"%REQ(:AUTHORITY)%"}},"centralId":{"Kind":{"string_value":"%DYNAMIC_METADATA(io.solo.transformation:central-id)%"}},"clientId":{"Kind":{"string_value":"%REQ(CUSTOM-CLIENT-ID)%"}},"downstreamRemoteAddress":{"Kind":{"string_value":"%DOWNSTREAM_REMOTE_ADDRESS%"}},"duration":{"Kind":{"string_value":"%DURATION%"}},"error":{"Kind":{"string_value":"%DYNAMIC_METADATA(io.solo.transformation:error)%"}},"host":{"Kind":{"string_value":"%REQ(:HOST)%"}},"httpMethod":{"Kind":{"string_value":"%REQ(:METHOD)%"}},"matcher":{"Kind":{"string_value":"%DYNAMIC_METADATA(io.solo.transformation:matchers)%"}},"path":{"Kind":{"string_value":"%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%"}},"pod":{"Kind":{"string_value":"%DYNAMIC_METADATA(io.solo.transformation:pod)%"}},"podName":{"Kind":{"string_value":"%DYNAMIC_METADATA(io.solo.transformation:pod_name)%"}},"protocol":{"Kind":{"string_value":"%PROTOCOL%"}},"requestDuration":{"Kind":{"string_value":"%REQUEST_DURATION%"}},"requestId":{"Kind":{"string_value":"%REQ(X-REQUEST-ID)%"}},"requestOut":{"Kind":{"string_value":"%DYNAMIC_METADATA(io.solo.filters.http.proxy_latency:request_out)%"}},"requestOutInternal":{"Kind":{"string_value":"%DYNAMIC_METADATA(io.solo.filters.http.proxy_latency:request_out_internal)%"}},"responseCode":{"Kind":{"string_value":"%RESPONSE_CODE%"}},"responseDuration":{"Kind":{"string_value":"%RESPONSE_DURATION%"}},"startTime":{"Kind":{"string_value":"%START_TIME%"}},"upstream":{"Kind":{"string_value":"%UPSTREAM_CLUSTER%"}},"upstreamDuration":{"Kind":{"string_value":"%RESPONSE_DURATION%"}},"upstreamHost":{"Kind":{"string_value":"%UPSTREAM_HOST%"}},"upstreamLocalAddress":{"Kind":{"string_value":"%UPSTREAM_LOCAL_ADDRESS%"}},"wafLog":{"Kind":{"string_value":"%FILTER_STATE(io.solo.modsecurity.audit_log)%"}}}}}}}}]},"per_connection_buffer_limit_bytes":{"value":10000000}},"metadata":{"fields":{"sources":{"Kind":{"list_value":{"values":[{"Kind":{"struct_value":{"fields":{"kind":{"Kind":{"string_value":"*v1.Gateway"}},"name":{"Kind":{"string_value":"gateway-proxy-ssl"}},"namespace":{"Kind":{"string_value":"gloo-system"}},"observedGeneration":{"Kind":{"number_value":526}}}}}}]}}}}}},{"name":"listener-::-15443","bind_address":"::","bind_port":15443,"ListenerType":{"tcp_listener":{"tcp_hosts":[{"name":"failover","ssl_config":{"SslSecrets":{"secret_ref":{"name":"failover-downstream","namespace":"gloo-system"}}},"destination":{"Destination":{"forward_sni_cluster_name":{}}}}]}},"metadata":{"fields":{"sources":{"Kind":{"list_value":{"values":[{"Kind":{"struct_value":{"fields":{"kind":{"Kind":{"string_value":"*v1.Gateway"}},"name":{"Kind":{"string_value":"failover-gateway"}},"namespace":{"Kind":{"string_value":"gloo-system"}},"observedGeneration":{"Kind":{"number_value":100}}}}}}]}}}}}}],"status":{},"metadata":{"name":"gateway-proxy","namespace":"gloo-system"}}]}

@bdecoste
Copy link
Contributor

bdecoste commented Oct 2, 2020

validation-test-list-2.tar.gz

@bdecoste
Copy link
Contributor

bdecoste commented Oct 2, 2020

validation-test-list-1.tar.gz

@marcogschmidt marcogschmidt mentioned this issue Oct 23, 2020
Open
@estahn
Copy link
Author

estahn commented Nov 4, 2020

Any updates on this?

@EItanya
Copy link
Member

EItanya commented Nov 4, 2020

Hello, sorry for the delayed response. The issue is happening here. Our secret converter does not currently handle the optional ca.crt. This should be a relatively simple change.

@estahn
Copy link
Author

estahn commented Nov 17, 2020

Hi Guys, can we get this going? Happy to submit a PR.

@EItanya
Copy link
Member

EItanya commented Nov 17, 2020

A PR would be awesome, and we'd be happy to help. I linked above to the offending code.

@kdorosh
Copy link
Contributor

kdorosh commented Nov 23, 2020
edited

Hi guys, thanks for offering to jump on a PR, but I think someone on the Solo side will be starting on this task sometime this week.

@solo-changelog-bot solo-changelog-bot bot mentioned this issue Nov 23, 2020
Merged
8 tasks
@estahn
Copy link
Author

estahn commented Nov 23, 2020

@kdorosh That is great news. Unfortunately (or fortunately in this case), I was side-tracked by some other issues.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sam-heilbron sam-heilbron

Labels
Type: Bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Support optional ca.crt in secret converter solo-io/gloo
5 participants
@estahn @bdecoste @EItanya @sam-heilbron @kdorosh