-
Bug
-
Resolution: Done
-
Major
-
2.14.0 GA, 2.14.0-mas (0.11.8)
-
5
-
False
-
None
-
False
-
Not Started
-
Not Started
-
Not Started
-
Not Started
-
Not Started
-
Not Started
-
-
-
RHOAM Sprint 50, RHOAM Sprint 51, RHOAM Sprint 52
-
Important
During work on https://issues.redhat.com/browse/THREESCALE-9573 I use this OpenAPI CR:
apiVersion: capabilities.3scale.net/v1beta1 kind: OpenAPI metadata: annotations: insecure_skip_verify: 'true' name: oasmkudleteststetgsy4wxa namespace: 3scale-epsql-eredis spec: oidc: issuerType: keycloak openapiRef: secretRef: name: oasmkudleteststetgsy4wxasecret namespace: 3scale-epsql-eredis prefixMatching: true
and OpenAPI spec
components: schemas: Error: properties: code: format: int32 type: integer message: type: string required: - code - message type: object NewPet: properties: name: type: string tag: type: string required: - name type: object Pet: allOf: - $ref: '#/components/schemas/NewPet' - properties: id: format: int64 type: integer required: - id type: object securitySchemes: myOauth: description: This API uses OAuth 2 with the implicit grant flow. [More info](https://api.example.com/docs/auth) flows: password: scopes: read_pets: read your pets write_pets: modify pets in your account tokenUrl: https://api.example.com/oauth2/token type: oauth2 info: contact: email: apiteam@swagger.io name: Swagger API Team url: http://swagger.io description: A sample API that uses a petstore as an example to demonstrate features in the OpenAPI 3.0 specification license: name: Apache 2.0 url: https://www.apache.org/licenses/LICENSE-2.0.html termsOfService: http://swagger.io/terms/ title: Swagger Petstore version: 1.0.0 openapi: 3.0.0 paths: /pets: get: description: 'Returns all pets from the system that the user has access to Nam sed condimentum est. Maecenas tempor sagittis sapien, nec rhoncus sem sagittis sit amet. Aenean at gravida augue, ac iaculis sem. Curabitur odio lorem, ornare eget elementum nec, cursus id lectus. Duis mi turpis, pulvinar ac eros ac, tincidunt varius justo. In hac habitasse platea dictumst. Integer at adipiscing ante, a sagittis ligula. Aenean pharetra tempor ante molestie imperdiet. Vivamus id aliquam diam. Cras quis velit non tortor eleifend sagittis. Praesent at enim pharetra urna volutpat venenatis eget eget mauris. In eleifend fermentum facilisis. Praesent enim enim, gravida ac sodales sed, placerat id erat. Suspendisse lacus dolor, consectetur non augue vel, vehicula interdum libero. Morbi euismod sagittis libero sed lacinia. Sed tempus felis lobortis leo pulvinar rutrum. Nam mattis velit nisl, eu condimentum ligula luctus nec. Phasellus semper velit eget aliquet faucibus. In a mattis elit. Phasellus vel urna viverra, condimentum lorem id, rhoncus nibh. Ut pellentesque posuere elementum. Sed a varius odio. Morbi rhoncus ligula libero, vel eleifend nunc tristique vitae. Fusce et sem dui. Aenean nec scelerisque tortor. Fusce malesuada accumsan magna vel tempus. Quisque mollis felis eu dolor tristique, sit amet auctor felis gravida. Sed libero lorem, molestie sed nisl in, accumsan tempor nisi. Fusce sollicitudin massa ut lacinia mattis. Sed vel eleifend lorem. Pellentesque vitae felis pretium, pulvinar elit eu, euismod sapien. ' operationId: findPets parameters: - description: tags to filter by in: query name: tags required: false schema: items: type: string type: array style: form - description: maximum number of results to return in: query name: limit required: false schema: format: int32 type: integer responses: '200': content: application/json: schema: items: $ref: '#/components/schemas/Pet' type: array description: pet response default: content: application/json: schema: $ref: '#/components/schemas/Error' description: unexpected error security: - myOauth: - read - write post: description: Creates a new pet in the store. Duplicates are allowed operationId: addPet requestBody: content: application/json: schema: $ref: '#/components/schemas/NewPet' description: Pet to add to the store required: true responses: '200': content: application/json: schema: $ref: '#/components/schemas/Pet' description: pet response default: content: application/json: schema: $ref: '#/components/schemas/Error' description: unexpected error security: - myOauth: - read - write /pets/{id}: delete: description: deletes a single pet based on the ID supplied operationId: deletePet parameters: - description: ID of pet to delete in: path name: id required: true schema: format: int64 type: integer responses: '204': description: pet deleted default: content: application/json: schema: $ref: '#/components/schemas/Error' description: unexpected error security: - myOauth: - read - write get: description: Returns a user based on a single ID, if the user does not have access to the pet operationId: find pet by id parameters: - description: ID of pet to fetch in: path name: id required: true schema: format: int64 type: integer responses: '200': content: application/json: schema: $ref: '#/components/schemas/Pet' description: pet response default: content: application/json: schema: $ref: '#/components/schemas/Error' description: unexpected error security: - myOauth: - read - write security: - myOauth: - read - write servers: - url: https://httpbin.org:443/anything
I see this error in Product
spec.backendUsages[Swagger_Petstore]: Invalid value: v1beta1.BackendUsageSpec{Path:"/"}: backend usage does not have valid backend reference.
So Product is in failed state
Conditions: Failed, Orphan
and the Operator is in the crash loop.
I see this error in Operator log:
{"level":"info","ts":1701164406.6480556,"logger":"controllers.OpenAPI","msg":"Product/swaggerpetstore-daf5f8c5-48d9-4ff6-a0de-5f9b5fd3217b spec has changed: v1beta1.ProductSpec{\n \t... // 2 identical fields\n \tDescription: \"A sample API that uses a petstore as an example to demonstrate f\"...,\n \tDeployment: &{ApicastHosted: &{Authentication: &{OIDC: &{IssuerType: \"keycloak\", AuthenticationFlow: &{DirectAccessGrantsEnabled: true}, CredentialsLoc: &\"headers\"}}}},\n \tMappingRules: []v1beta1.MappingRuleSpec{\n \t\t{HTTPMethod: \"POST\", Pattern: \"/anything/pets\", MetricMethodRef: \"addpet\", Increment: 1, ...},\n \t\t{HTTPMethod: \"GET\", Pattern: \"/anything/pets\", MetricMethodRef: \"findpets\", Increment: 1, ...},\n \t\t{\n- \t\t\tHTTPMethod: \"GET\",\n+ \t\t\tHTTPMethod: \"DELETE\",\n \t\t\tPattern: \"/anything/pets/{id}\",\n- \t\t\tMetricMethodRef: \"find_pet_by_id\",\n+ \t\t\tMetricMethodRef: \"deletepet\",\n \t\t\tIncrement: 1,\n \t\t\tLast: nil,\n \t\t},\n \t\t{\n- \t\t\tHTTPMethod: \"DELETE\",\n+ \t\t\tHTTPMethod: \"GET\",\n \t\t\tPattern: \"/anything/pets/{id}\",\n- \t\t\tMetricMethodRef: \"deletepet\",\n+ \t\t\tMetricMethodRef: \"find_pet_by_id\",\n \t\t\tIncrement: 1,\n \t\t\tLast: nil,\n \t\t},\n \t},\n \tBackendUsages: {\"Swagger_Petstore\": {Path: \"/\"}},\n \tMetrics: {\"hits\": {Name: \"Hits\", Unit: \"hit\", Description: \"Number of API hits\"}},\n \t... // 4 identical fields\n }\n","openapi":"oasmkudleteststetgsy4wxa"} {"level":"info","ts":1701164406.6482427,"logger":"controllers.OpenAPI","msg":"Updated object 'v1beta1.Product/swaggerpetstore-daf5f8c5-48d9-4ff6-a0de-5f9b5fd3217b'"} {"level":"info","ts":1701164406.7457948,"msg":"Observed a panic in reconciler: runtime error: invalid memory address or nil pointer dereference","controller":"product","controllerGroup":"capabilities.3scale.net","controllerKind":"Product","product":{"name":"swaggerpetstore-daf5f8c5-48d9-4ff6-a0de-5f9b5fd3217b","namespace":"3scale-epsql-eredis"},"namespace":"3scale-epsql-eredis","name":"swaggerpetstore-daf5f8c5-48d9-4ff6-a0de-5f9b5fd3217b","reconcileID":"622519b0-17d4-4e6c-9031-f2625145c6d3"} panic: runtime error: invalid memory address or nil pointer dereference [recovered] panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x1646f2e] goroutine 288 [running]: sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile.func1() /remote-source/deps/gomod/pkg/mod/sigs.k8s.io/controller-runtime@v0.12.2/pkg/internal/controller/controller.go:118 +0x1f4 panic({0x17e5660, 0x29a5fa0}) /opt/rh/go-toolset-1.19/root/usr/lib/go-toolset-1.19-golang/src/runtime/panic.go:884 +0x212 github.com/3scale/3scale-operator/controllers/capabilities.(*ProductThreescaleReconciler).syncProxyOIDC(0x1826a40?, 0xc0013f2ed0?, 0xc0015da8c0) /remote-source/app/controllers/capabilities/proxy.go:204 +0x16e github.com/3scale/3scale-operator/controllers/capabilities.(*ProductThreescaleReconciler).syncProxy(0xc001682340, {0xc004891948?, 0x48b417?}) /remote-source/app/controllers/capabilities/proxy.go:89 +0x839 github.com/3scale/3scale-operator/pkg/helper.(*taskRunnerImpl).Run(0xc004891a68) /remote-source/app/pkg/helper/task_runner.go:41 +0xd3 github.com/3scale/3scale-operator/controllers/capabilities.(*ProductThreescaleReconciler).Reconcile(0xc001682340) /remote-source/app/controllers/capabilities/product_threescale_reconciler.go:56 +0x38f github.com/3scale/3scale-operator/controllers/capabilities.(*ProductReconciler).reconcile(0xc00030c018, 0xc001652000) /remote-source/app/controllers/capabilities/product_controller.go:224 +0x36a github.com/3scale/3scale-operator/controllers/capabilities.(*ProductReconciler).Reconcile(0xc00030c018, {0xc000100800?, 0xc000d25230?}, {{{0xc000a0a258, 0x13}, {0xc00098c780, 0x34}}}) /remote-source/app/controllers/capabilities/product_controller.go:151 +0x7a7 sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile(0x1ccdee8?, {0x1ccdf90?, 0xc000d25230?}, {{{0xc000a0a258?, 0x1921d00?}, {0xc00098c780?, 0x4045d4?}}}) /remote-source/deps/gomod/pkg/mod/sigs.k8s.io/controller-runtime@v0.12.2/pkg/internal/controller/controller.go:121 +0xc8 sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler(0xc0002928c0, {0x1ccdee8, 0xc000ceeb00}, {0x184be40?, 0xc000328940?}) /remote-source/deps/gomod/pkg/mod/sigs.k8s.io/controller-runtime@v0.12.2/pkg/internal/controller/controller.go:320 +0x33c sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem(0xc0002928c0, {0x1ccdee8, 0xc000ceeb00}) /remote-source/deps/gomod/pkg/mod/sigs.k8s.io/controller-runtime@v0.12.2/pkg/internal/controller/controller.go:273 +0x1d9 sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2() /remote-source/deps/gomod/pkg/mod/sigs.k8s.io/controller-runtime@v0.12.2/pkg/internal/controller/controller.go:234 +0x85 created by sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2 /remote-source/deps/gomod/pkg/mod/sigs.k8s.io/controller-runtime@v0.12.2/pkg/internal/controller/controller.go:230 +0x333
- is duplicated by
-
THREESCALE-10524 cannot set multiple auth flows in OpenAPI CR
- Closed
- is related to
-
THREESCALE-9573 Add support for OAuth2/OIDC in the OpenAPI CRD
- Closed
- links to
- mentioned on
(4 mentioned on)