haproxy-consul-connect icon indicating copy to clipboard operation
haproxy-consul-connect copied to clipboard

Published 20 hours ago verified publisher icon haproxytech

Intentions not working

Open pvyaka01 opened this issue 4 years ago • 4 comments

Build from latest master. When i run with -enable-intentions, this is what i see in the logs and connections are not going through. Works without using that flag but intentions are not honored.

ERRO[0018] error calling POST /v2/services/haproxy/configuration/filters?parent_type=frontend&parent_name=front_downstream&transaction_id=8eae2a31-e9c3-4d14-97c0-6a255c51c798: response was 422: "{"code":602,"message":"index in body is required"}" INFO[0021] handling new configuration ERRO[0021] error calling POST /v2/services/haproxy/configuration/filters?parent_type=frontend&parent_name=front_downstream&transaction_id=95c05b05-1380-47fb-9ca4-5ea7e7707e24: response was 422: "{"code":602,"message":"index in body is required"}" INFO[0024] handling new configuration ERRO[0024] error calling POST /v2/services/haproxy/configuration/filters?parent_type=frontend&parent_name=front_downstream&transaction_id=2d8d70f8-568c-409c-a555-f0c422bb5e5b: response was 422: "{"code":602,"message":"index in body is required"}" INFO[0027] handling new configuration ERRO[0027] error calling POST /v2/services/haproxy/configuration/filters?parent_type=frontend&parent_name=front_downstream&transaction_id=339c6bb3-14c2-487a-b092-75e234741fa6: response was 422: "{"code":602,"message":"index in body is required"}"

pvyaka01 avatar May 06 '20 02:05 pvyaka01

Can you dump the intentions for the target service?

pierresouchay avatar May 06 '20 06:05 pierresouchay

Works with this: consul intention get dashboard counting Source: dashboard Destination: counting Action: allow ID: 7078703f-adc9-754e-6d1f-e6e73b0ad3e1 Created At: Wednesday, 06-May-20 15:47:32 UTC

And works with this too: consul intention get dashboard counting Source: dashboard Destination: counting Action: deny ID: 7078703f-adc9-754e-6d1f-e6e73b0ad3e1 Created At: Wednesday, 06-May-20 15:47:32 UTC

In other words, "deny" intention is not honored and calls are going through.

pvyaka01 avatar May 06 '20 18:05 pvyaka01

@pvyaka01 Timestamps and IDs are identical, this is not a dump, right? What are the exact conditions? Only Deny? Intention Allow modified to be Deny?

pierresouchay avatar May 06 '20 21:05 pierresouchay

Sorry...how do i do the dump of intentions?  And yes, modified allow to deny.

Thanks On Wednesday, May 6, 2020 Pierre Souchay [email protected] wrote:

@pvyaka01 Timestamps and IDs are identical, this is not a dump, right? What are the exact conditions? Only Deny? Intention Allow modified to be Deny?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.

pvyaka01 avatar May 07 '20 01:05 pvyaka01