Uploaded image for project: 'Maistra'
  1. Maistra
  2. MAISTRA-1974

2.0 SMCP Denial and white list Mixer Policy task failed No destination sets found

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • maistra-2.0.0
    • maistra-2.0.0
    • None
    • None
    • MAISTRA 2.0.0

    Description

      I tested latest 2.0 build Mixer Policy tasks Rate Limits and Control Headers and Routing cases passed successfully with 2.0 SMCP. Thanks for your fix, Rob Cernich

      However , Mixer policy task
      https://istio.io/v1.6/docs/tasks/policy-enforcement/denial-and-list/#simple-denials
      https://istio.io/v1.6/docs/tasks/policy-enforcement/denial-and-list/#attribute-based-whitelists-or-blacklists

      Failed with 2.0 SMCP

      See istio-policy-mixer.log

      2020-10-31T02:10:13.185622Z info adapters adapter closed all scheduled daemons and workers

      {"adapter": "denyreviewsv3handler.bookinfo"}

      2020-10-31T02:10:45.163672Z info adapters Installing updated list with 2 entries

      {"adapter": "whitelist.bookinfo"}

      2020-10-31T02:10:45.163985Z warn No destination sets found for the default namespace 'istio-system'.
      2020-10-31T02:10:51.264251Z warn No destination sets found for the default namespace 'istio-system'.
      2020-10-31T02:17:05.487034Z warn No destination sets found for the default namespace 'istio-system'.

      Could we check if we missed a destination set when we enable Mixer in 2.0 SMCP ?

      Build Info:
      OCP 4.6.1
      OSSM 2.0.0
      SMCP v2.0

      How to produce:
      1. Deploy 2.0 operator and 2.0 SMCP on OCP 4.6.1
      2. Deploy bookinfo app in bookinfo ns
      3. After applying samples/bookinfo/networking/virtual-service-all-v1.yaml and samples/bookinfo/networking/virtual-service-reviews-jason-v2-v3.yaml, bookinfo productpage works fine and shows red star ratings.

      4. Simple denials failed. After applying samples/bookinfo/policy/mixer-rule-deny-label.yaml,
      Expected result : If you are logged out or logged in as any user other than “jason” you will no longer see red ratings stars
      Actual result, productpage still shows shows red star ratings.

      5. Similar failure when applying samples/bookinfo/policy/mixer-rule-deny-whitelist.yaml
      I didn't get "after logging in as “jason” you see black stars"

      IP-based whitelists or blacklists works fine with 2.0 SMCP. That sub task passed.

      Expected behavior:
      2.0 SMCP Mixer policy task should work as the v1.1 SMCP does.

      Attachments

        Issue Links

          relates to

          Bug - A problem that impairs or prevents the functions of the product. MAISTRA-1902 2.0 istio operator 2.0 and 1.1 SMCP mixer related Policy test cases failed

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed

          Activity

            People

              dgrimm@redhat.com Daniel Grimm
              yuaxu@redhat.com Yuanlin Xu
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: