gloo icon indicating copy to clipboard operation
gloo copied to clipboard

Published 20 hours ago verified publisher icon solo-io

Discovery pod fails when applying bearer security scheme

Open ky-rafaels opened this issue 1 year ago • 5 comments

Gloo Edge Product

Enterprise

Gloo Edge Version

1.13.51 - 1.15.x (tested versions)

Kubernetes Version

v1.25

Describe the bug

apispec-new.json

Discovery pod fails when pointing to the apispec attached. In particular logs the error below:

Currently unsupported HTTP authentication protocol type 'http' and scheme 'bearer' in OAS
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x3d10cbd]

goroutine 343 [running]:
github.com/solo-io/solo-projects/projects/discovery/pkg/fds/discoveries/openapi-graphql/graphqlschematranslation.(*OasToGqlTranslator).GetResponseSchemaAndNames(0xc0043bbf00, {0xc002d5cba0, 0x12}, {0x47c3b37, 0x3}, 0xc0031948c0, 0xc001c23a00, 0xc004382150)
	/workspace/solo-projects/projects/discovery/pkg/fds/discoveries/openapi-graphql/graphqlschematranslation/oas3_tools.go:85 +0x23d
github.com/solo-io/solo-projects/projects/discovery/pkg/fds/discoveries/openapi-graphql/graphqlschematranslation.(*OasToGqlTranslator).ProcessOperation(0xc0043bbf00, {0xc002d5cba0, 0x12}, {0x47c3b37, 0x3}, {0xc004856000, 0x36}, 0x0, 0xc0031948c0, 0xc005d666e0, ...)
	/workspace/solo-projects/projects/discovery/pkg/fds/discoveries/openapi-graphql/graphqlschematranslation/preprocess.go:274 +0x2c5
github.com/solo-io/solo-projects/projects/discovery/pkg/fds/discoveries/openapi-graphql/graphqlschematranslation.(*OasToGqlTranslator).TranslateQueryOperation(0xc0043bbf00, 0xc004382150, 0xc001c23a00, {0xc002d5cba0, 0x12}, 0xc005d666e0, 0xc0031948c0)
	/workspace/solo-projects/projects/discovery/pkg/fds/discoveries/openapi-graphql/graphqlschematranslation/preprocess.go:207 +0x109
github.com/solo-io/solo-projects/projects/discovery/pkg/fds/discoveries/openapi-graphql/graphqlschematranslation.(*OasToGqlTranslator).PreprocessOas(0xc0043bbf00, {0xc003905f60, 0x1, 0x1}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
	/workspace/solo-projects/projects/discovery/pkg/fds/discoveries/openapi-graphql/graphqlschematranslation/preprocess.go:46 +0xae5
github.com/solo-io/solo-projects/projects/discovery/pkg/fds/discoveries/openapi-graphql/graphqlschematranslation.(*OasToGqlTranslator).TranslateOpenApiToGraphQL(0xc0043bbf00, {0xc003905f60, 0x1, 0x1}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
	/workspace/solo-projects/projects/discovery/pkg/fds/discoveries/openapi-graphql/graphqlschematranslation/translate_oas.go:134 +0xb2
github.com/solo-io/solo-projects/projects/discovery/pkg/fds/discoveries/openapi-graphql/graphqlschematranslation.(*OasToGqlTranslator).CreateGraphqlSchema(0xc0043bbf00, {0xc003905f60, 0x1, 0x1})
	/workspace/solo-projects/projects/discovery/pkg/fds/discoveries/openapi-graphql/graphqlschematranslation/translate_oas.go:130 +0xbe
github.com/solo-io/solo-projects/projects/discovery/pkg/fds/discoveries/openapi-graphql.(*OpenApiFunctionDiscovery).writeGraphQLApiResource(0xc001c2b940, {0x4d11398, 0xc0030fc360}, 0xc001c23a00)
	/workspace/solo-projects/projects/discovery/pkg/fds/discoveries/openapi-graphql/openapi.go:239 +0x114
github.com/solo-io/solo-projects/projects/discovery/pkg/fds/discoveries/openapi-graphql.(*OpenApiFunctionDiscovery).detectFunctionsFromUrl.func1({0x4d11398, 0xc0030fc360})
	/workspace/solo-projects/projects/discovery/pkg/fds/discoveries/openapi-graphql/openapi.go:214 +0x125
github.com/solo-io/go-utils/contextutils.(*exponentialBackoff).Backoff(0xc000fc5ca0, {0x4d11398, 0xc0030fc360}, 0xc000fc5cc0)
	/go/pkg/mod/github.com/solo-io/[email protected]/contextutils/backoff.go:70 +0x196
github.com/solo-io/solo-projects/projects/discovery/pkg/fds/discoveries/openapi-graphql.(*OpenApiFunctionDiscovery).detectFunctionsFromUrl(0xc001c2b940, {0x4d11328, 0xc001c46550}, {0xc000d76030, 0x2e}, 0xc0018bc5a0)
	/workspace/solo-projects/projects/discovery/pkg/fds/discoveries/openapi-graphql/openapi.go:209 +0x14f
github.com/solo-io/solo-projects/projects/discovery/pkg/fds/discoveries/openapi-graphql.(*OpenApiFunctionDiscovery).DetectFunctions(0xc001c2b940, {0x4d11328, 0xc001c46550}, 0xc005e44ea0, 0x56796f4661304a54, 0xc002d50560)
	/workspace/solo-projects/projects/discovery/pkg/fds/discoveries/openapi-graphql/openapi.go:199 +0x40f
github.com/solo-io/gloo/projects/discovery/pkg/fds.(*updaterUpdater).Run.func3({0x4d02c90, 0xc001c2b940})
	/go/pkg/mod/github.com/solo-io/[email protected]/projects/discovery/pkg/fds/updater.go:364 +0x350
created by github.com/solo-io/gloo/projects/discovery/pkg/fds.(*updaterUpdater).Run
	/go/pkg/mod/github.com/solo-io/[email protected]/projects/discovery/pkg/fds/updater.go:352 +0x8

Seems to be complaining about the securityScheme being used and applied globally:

        "securitySchemes": {
            "bearerAuth": {
                "type": "http",
                "description": "Retrieve bearer token by clicking on the 'Get Token' tab in the main page. Enter your username and password as supplied in your welcome mail. Copy the returned token and paste it into the box below and click 'Authorize' to use the 'Try it out' capability.",
                "scheme": "bearer",
                "bearerFormat": "JWT"
            }
        }
....
    "security": [
        {
            "bearerAuth": []
        }
    ],

Expected Behavior

According to swagger guidelines, the use of bearerAuthentication in this way should be supported https://swagger.io/docs/specification/authentication/bearer-authentication/

Steps to reproduce the bug

  1. create an upstream that points to the apispec attached in this bug report
  2. Discovery pod fails with segmentation fault

Example upstream:

apiVersion: gloo.solo.io/v1
kind: Upstream
metadata:
  labels:
    discovery.solo.io/function_discovery: enabled
  name: jsonapi-test-8080
  namespace: gloo-system
spec:
  kube:
    selector:
      app.kubernetes.io/instance: jsonapi-test
    serviceName: jsonapi-test-spring-native-graphsolo
    serviceNamespace: jsonapi-test
    servicePort: 8080
    serviceSpec:
      rest:
        swaggerInfo:
          url: http://jwks-server.gloo-system:80/apispec.json  #FYI - using an nginx instance to expose apispec 
        transformations:
          retrieveAllCustomers:
            body: {}
            headers:
              :method:
                text: GET
              :path:
                text: /v1/customers?page[number]={{default(page[number], "")}}&page[size]={{default(page[size],
                  "")}}&include={{default(include, "")}}&fields[customers]={{default(fields[customers],
                  "")}}&filter[id]={{default(filter[id], "")}}&filter[name]={{default(filter[name],
                  "")}}
              content-length:
                text: "0"
              content-type: {}
              transfer-encoding: {}
status:
  statuses:
    gloo-system:
      reportedBy: gloo
      state: 1

Additional Environment Detail

No response

Additional Context

No response

ky-rafaels avatar Oct 11 '23 15:10 ky-rafaels

Zendesk ticket #2856 has been linked to this issue.

soloio-bot avatar Oct 18 '23 13:10 soloio-bot

This has been identified by customer as a high priority item

ky-rafaels avatar Nov 26 '23 21:11 ky-rafaels

Looks like the error is being caused by this function returning nil when the content response type is not application/json: https://github.com/solo-io/solo-projects/blob/main/projects/discovery/pkg/fds/discoveries/openapi-graphql/graphqlschematranslation/translate_oas.go#L390-L407

It may be worth getting the openapi from the customer and running this openapi discovery against it.

saiskee avatar Dec 06 '23 19:12 saiskee

@saiskee the openapi spec is in the above issue. Can you please take a look

nmnellis avatar Dec 19 '23 17:12 nmnellis

It likely is the preprocess that needs to change https://github.com/solo-io/solo-projects/blob/main/projects/discovery/pkg/fds/discoveries/openapi-graphql/graphqlschematranslation/preprocess.go#L181

nfuden avatar Jan 30 '24 15:01 nfuden