Unable to set failOpen in EEP in v1.4.2 #6559
Description
Description:
What issue is being seen? Describe what should be happening instead of
the bug, for example: The expected value isn't returned, etc.
This configuration doesnt work on v1.4.2, but worked earlier
apiVersion: gateway.envoyproxy.io/v1alpha1
kind: EnvoyExtensionPolicy
metadata:
name: ext-proc-example
spec:
targetRefs:
- group: gateway.networking.k8s.io
kind: HTTPRoute
name: myapp
extProc:
- backendRefs:
- name: grpc-ext-proc
port: 9002
failOpen: true
Its failing with
The EnvoyExtensionPolicy "ext-proc-example" is invalid: spec.extProc[0]: Invalid value: "object": no such key: processingMode evaluating rule: If FullDuplexStreamed body processing mode is used, FailOpen must be false.
I can also reproduce this on main with tests
+ desc: "valid ExtProc with request attributes and failOpen true",
+ mutate: func(sp *egv1a1.EnvoyExtensionPolicy) {
+ sp.Spec = egv1a1.EnvoyExtensionPolicySpec{
+ ExtProc: []egv1a1.ExtProc{
+ {
+ BackendCluster: egv1a1.BackendCluster{
+ BackendRefs: []egv1a1.BackendRef{
+ {
+ BackendObjectReference: gwapiv1.BackendObjectReference{
+ Name: "grpc-proc-service",
+ Port: ptr.To(gwapiv1.PortNumber(80)),
+ },
+ },
+ },
+ },
+ ProcessingMode: &egv1a1.ExtProcProcessingMode{
+ Request: &egv1a1.ProcessingModeOptions{
+ Attributes: []string{"request.headers"},
+ },
+ },
+ FailOpen: ptr.To(true),
+ },
+ },
+ PolicyTargetReferences: egv1a1.PolicyTargetReferences{
+ TargetRef: &gwapiv1a2.LocalPolicyTargetReferenceWithSectionName{
+ LocalPolicyTargetReference: gwapiv1a2.LocalPolicyTargetReference{
+ Group: "gateway.networking.k8s.io",
+ Kind: "Gateway",
+ Name: "eg",
+ },
+ },
+ },
+ }
+ },
+ wantErrors: []string{},
+ },
+ {
+ desc: "valid ExtProc with response attributes and failOpen true",
+ mutate: func(sp *egv1a1.EnvoyExtensionPolicy) {
+ sp.Spec = egv1a1.EnvoyExtensionPolicySpec{
+ ExtProc: []egv1a1.ExtProc{
+ {
+ BackendCluster: egv1a1.BackendCluster{
+ BackendRefs: []egv1a1.BackendRef{
+ {
+ BackendObjectReference: gwapiv1.BackendObjectReference{
+ Name: "grpc-proc-service",
+ Port: ptr.To(gwapiv1.PortNumber(80)),
+ },
+ },
+ },
+ },
+ ProcessingMode: &egv1a1.ExtProcProcessingMode{
+ Response: &egv1a1.ProcessingModeOptions{
+ Attributes: []string{"response.headers"},
+ },
+ },
+ FailOpen: ptr.To(true),
+ },
+ },
+ PolicyTargetReferences: egv1a1.PolicyTargetReferences{
+ TargetRef: &gwapiv1a2.LocalPolicyTargetReferenceWithSectionName{
+ LocalPolicyTargetReference: gwapiv1a2.LocalPolicyTargetReference{
+ Group: "gateway.networking.k8s.io",
+ Kind: "Gateway",
+ Name: "eg",
+ },
+ },
+ },
+ }
+ },
+ wantErrors: []string{},
+ },
+ {
+ desc: "valid ExtProc with failOpen true",
+ mutate: func(sp *egv1a1.EnvoyExtensionPolicy) {
+ sp.Spec = egv1a1.EnvoyExtensionPolicySpec{
+ ExtProc: []egv1a1.ExtProc{
+ {
+ BackendCluster: egv1a1.BackendCluster{
+ BackendRefs: []egv1a1.BackendRef{
+ {
+ BackendObjectReference: gwapiv1.BackendObjectReference{
+ Name: "grpc-proc-service",
+ Port: ptr.To(gwapiv1.PortNumber(80)),
+ },
+ },
+ },
+ },
+ FailOpen: ptr.To(true),
+ },
+ },
+ PolicyTargetReferences: egv1a1.PolicyTargetReferences{
+ TargetRef: &gwapiv1a2.LocalPolicyTargetReferenceWithSectionName{
+ LocalPolicyTargetReference: gwapiv1a2.LocalPolicyTargetReference{
+ Group: "gateway.networking.k8s.io",
+ Kind: "Gateway",
+ Name: "eg",
+ },
+ },
+ },
+ }
+ },
+ wantErrors: []string{},
+ },
Seeing these tests fail with
--- FAIL: TestEnvoyExtensionPolicyTarget (0.07s)
--- FAIL: TestEnvoyExtensionPolicyTarget/valid_ExtProc_with_request_attributes_and_failOpen_true (0.00s)
envoyextensionpolicy_test.go:1214: Unexpected response while creating EnvoyExtensionPolicy; got err=
EnvoyExtensionPolicy.gateway.envoyproxy.io "eep-1752859436635326000" is invalid: spec.extProc[0]: Invalid value: "object": no such key: response evaluating rule: If FullDuplexStreamed body processing mode is used, FailOpen must be false.
;want error=[]
--- FAIL: TestEnvoyExtensionPolicyTarget/valid_ExtProc_with_response_attributes_and_failOpen_true (0.00s)
envoyextensionpolicy_test.go:1214: Unexpected response while creating EnvoyExtensionPolicy; got err=
EnvoyExtensionPolicy.gateway.envoyproxy.io "eep-1752859436636447000" is invalid: spec.extProc[0]: Invalid value: "object": no such key: request evaluating rule: If FullDuplexStreamed body processing mode is used, FailOpen must be false.
;want error=[]
--- FAIL: TestEnvoyExtensionPolicyTarget/valid_ExtProc_with_failOpen_true (0.00s)
envoyextensionpolicy_test.go:1214: Unexpected response while creating EnvoyExtensionPolicy; got err=
EnvoyExtensionPolicy.gateway.envoyproxy.io "eep-1752859436637492000" is invalid: spec.extProc[0]: Invalid value: "object": no such key: processingMode evaluating rule: If FullDuplexStreamed body processing mode is used, FailOpen must be false.
;want error=[]
FAIL
Repro steps:
Include sample requests, environment, etc. All data and inputs
required to reproduce the bug.
Note: If there are privacy concerns, sanitize the data prior to
sharing.
Environment:
Include the environment like gateway version, envoy version and so on.
Logs:
Include the access logs and the Envoy logs.