We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Describe the bug
The authorino process panics when the user field in a k8s SAR authorization rule is not defined.
user
Help us Reproduce it
apiVersion: kuadrant.io/v1beta2 kind: AuthPolicy metadata: name: sar-protected-api spec: targetRef: group: gateway.networking.k8s.io kind: HTTPRoute name: some-route routeSelectors: - matches: - path: type: PathPrefix value: /some-path rules: authentication: "service-accounts": kubernetesTokenReview: audiences: - "https://example.com" authorization: "k8s-rbac": kubernetesSubjectAccessReview: groups: - "some-group"
{"level":"info","ts":"2024-10-10T14:30:50Z","logger":"authorino","msg":"Observed a panic in reconciler: runtime error: invalid memory address or nil pointer dereference","controller":"authconfig","controllerGroup":"authorino.kuadrant.io","controllerKind":"AuthConfig","AuthConfig":{"name":"ap-3scale-saas-backend-internal-api","namespace":"3scale-saas"},"namespace":"3scale-saas","name":"ap-3scale-saas-backend-internal-api","reconcileID":"23813405-f48b-4cda-a0f9-ef21c5d6aa8c"} panic: runtime error: invalid memory address or nil pointer dereference [recovered] panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x1b5cd9c] goroutine 180 [running]: sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile.func1() /opt/app-root/src/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.16.3/pkg/internal/controller/controller.go:116 +0x1e5 panic({0x1de0b00?, 0x36d5b30?}) /usr/lib/golang/src/runtime/panic.go:914 +0x21f github.com/kuadrant/authorino/controllers.(*AuthConfigReconciler).translateAuthConfig(0xc00067e680, {0x25020a8, 0xc000c40db0}, 0xc00027f4a0) /usr/src/authorino/controllers/auth_config_controller.go:424 +0x1bdc github.com/kuadrant/authorino/controllers.(*AuthConfigReconciler).Reconcile(0xc00067e680, {0x25020a8, 0xc000afdf80}, {{{0xc0003edaa0?, 0x5?}, {0xc00043ae70?, 0xc000736d08?}}}) /usr/src/authorino/controllers/auth_config_controller.go:114 +0x4ee sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile(0x2507490?, {0x25020a8?, 0xc000afdf80?}, {{{0xc0003edaa0?, 0xb?}, {0xc00043ae70?, 0x0?}}}) /opt/app-root/src/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.16.3/pkg/internal/controller/controller.go:119 +0xb7 sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler(0xc0007c14a0, {0x25020e0, 0xc0007b1270}, {0x1ebbba0?, 0xc0000a87a0?}) /opt/app-root/src/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.16.3/pkg/internal/controller/controller.go:316 +0x3cc sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem(0xc0007c14a0, {0x25020e0, 0xc0007b1270}) /opt/app-root/src/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.16.3/pkg/internal/controller/controller.go:266 +0x1af sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2() /opt/app-root/src/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.16.3/pkg/internal/controller/controller.go:227 +0x79 created by sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2 in goroutine 93 /opt/app-root/src/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.16.3/pkg/internal/controller/controller.go:223 +0x565
Expected behavior
Don't panic and report the error somehow (logs, conditions or even reject the AuthPolicy/AuthConfig).
Environment (please complete the following information):
Additional context
Slack conversation https://kubernetes.slack.com/archives/C05J0D0V525/p1728554107621359
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Describe the bug
The authorino process panics when the
user
field in a k8s SAR authorization rule is not defined.Help us Reproduce it
Expected behavior
Don't panic and report the error somehow (logs, conditions or even reject the AuthPolicy/AuthConfig).
Environment (please complete the following information):
Additional context
Slack conversation https://kubernetes.slack.com/archives/C05J0D0V525/p1728554107621359
The text was updated successfully, but these errors were encountered: