Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[THREESCALE-11701] Remove redis connection error message from response body in edge limiting policy #1537

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[THREESCALE-11701] Remove redis connection error message from response body in edge limiting policy #1537

wants to merge 1 commit into from
+65 −8

Conversation

tkan145
Copy link
Contributor

@tkan145 tkan145 commented Feb 20, 2025
edited
Loading

What

Fix https://issues.redhat.com/browse/THREESCALE-11701

Close #1316

Verification steps

  • Checkout this branch and build a new runtime-image
make runtime-image IMAGE_NAME=apicast-test
  • Get into dev-environment
cd dev-environments/plain-http-upstream
  • Edit apicast-config.json as follow
diff --git a/dev-environments/plain-http-upstream/apicast-config.json b/dev-environments/plain-http-upstream/apicast-config.json
index ff944273..b0193ee3 100644                                                                                                 
--- a/dev-environments/plain-http-upstream/apicast-config.json                                                                  
+++ b/dev-environments/plain-http-upstream/apicast-config.json                                                                  
@@ -13,6 +13,20 @@                                                                                                              
         "policy_chain": [                                                                                                      
           {                                                                                                                    
             "name": "apicast.policy.apicast"                                                                                   
+          },                                                                                                                   
+          {                                                                                                                    
+            "name" : "apicast.policy.rate_limit",                                                                              
+            "configuration" : {                                                                                                
+              "connection_limiters" : [                                                                                        
+                {                                                                                                              
+                  "key" : {"name" : "test3", "scope" : "global"},                                                              
+                  "conn" : 20,                                                                                                 
+                  "burst" : 10,                                                                                                
+                  "delay" : 0.5                                                                                                
+                }                                                                                                              
+              ],                                                                                                               
+              "redis_url" : "redis://invalidhost:1234/1"                                                                       
+            }                                                                                                                  
           }                                                                                                                    
         ],                                                                                                                     
         "proxy_rules": [
  • Start gateway
make gateway IMAGE_NAME=apicast-test
  • Send request
curl --resolve get.example.com:8080:127.0.0.1 -v "http://get.example.com:8080/?user_key=123"
  • You should see 500 Internal Server Error
< HTTP/1.1 500 Internal Server Error                 
< Server: openresty                                  
< Date: Thu, 20 Feb 2025 01:58:19 GMT                
< Content-Type: text/html                            
< Content-Length: 174                                
< Connection: close                                  
<                                                    
<html>                                               
<head><title>500 Internal Server Error</title></head>
<body>                                               
<center><h1>500 Internal Server Error</h1></center>  
<hr><center>openresty</center>                       
</body>                                              
</html>                                              
* Closing connection
  • Now change the policy to log error instead
diff --git a/dev-environments/plain-http-upstream/apicast-config.json b/dev-environments/plain-http-upstream/apicast-config.json 
index ff944273..285ef37a 100644                                                                                                  
--- a/dev-environments/plain-http-upstream/apicast-config.json                                                                   
+++ b/dev-environments/plain-http-upstream/apicast-config.json                                                                   
@@ -13,6 +13,21 @@                                                                                                               
         "policy_chain": [                                                                                                       
           {                                                                                                                     
             "name": "apicast.policy.apicast"                                                                                    
+          },                                                                                                                    
+          {                                                                                                                     
+            "name" : "apicast.policy.rate_limit",                                                                               
+            "configuration" : {                                                                                                 
+              "connection_limiters" : [                                                                                         
+                {                                                                                                               
+                  "key" : {"name" : "test3", "scope" : "global"},                                                               
+                  "conn" : 20,                                                                                                  
+                  "burst" : 10,                                                                                                 
+                  "delay" : 0.5                                                                                                 
+                }                                                                                                               
+              ],                                                                                                                
+              "redis_url" : "redis://invalidhost:1234/1",                                                                       
+              "configuration_error": {"error_handling": "log"}                                                                  
+            }                                                                                                                   
           }                                                                                                                     
         ],                                                                                                                      
         "proxy_rules": [
  • You shall see 200 OK this time
< HTTP/1.1 200 OK                       
< Server: openresty                     
< Date: Thu, 20 Feb 2025 02:00:38 GMT   
< Content-Type: application/json        
< Content-Length: 294                   
< Connection: keep-alive                
<

@tkan145 tkan145 requested a review from a team as a code owner February 20, 2025 01:52
@tkan145 tkan145 force-pushed the THREESCALE-11701-redis-error branch 5 times, most recently from c192f74 to 1c08e78 Compare February 24, 2025 02:11
@tkan145
[threescale_utils] Do not terminate request but return error instead
20e3b55 
Previously, if redis failed to connect for any reason, the next _M.error() call
would call ngx.say and ngx.exit to terminate the current request and send an
error back to the client, thereby revealing details about the Redis server.

We want to return an error and let the caller decide how to handle the error.
@tkan145 tkan145 force-pushed the THREESCALE-11701-redis-error branch from 1c08e78 to 20e3b55 Compare February 24, 2025 02:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Threescale Util fails the current request if redis connection is not initiated successfully
1 participant
@tkan145