Is your feature request related to a problem? Please describe.
Setting up the filter to create a local egress proxy injecting Authorization header wasn't as smooth as it could have been. It's easy to misconfigure bearerinjector when just reading this entry in the filter documentation (=not reading about setRequestHeaderFromSecret since the page is long enough that it's not visible on the screen nor reading the egress reference).
Describe the solution you would like
- Improving bearerinjector documentation to link to the related egress reference with examples.
- Add additional logging mentioning that the file referenced in
bearerinjector is not configured as a secret helping those with weak skipper-fu increasing the consistency of error messages.
Describe alternatives you've considered (optional)
Just improving the docs.
Additional context (optional)
| Case |
Logging |
Missing -credentials-paths |
None |
Non-existing directory in -credentials-paths |
Error: Failed to add credentials file |
Empty directory in -credentials-paths |
None |
Empty file in -credentials-paths |
Info: Added secret file |
Missing -credentials-paths
$ cat route.eskip
egress: * -> bearerinjector("/tmp/secrets/my-token") -> "http://localhost:8000";
$ ./bin/skipper --routes-file route.eskip
[APP]INFO[0000] Expose metrics in codahale format
[APP]INFO[0000] enable swarm: false
[APP]INFO[0000] Replacing tee filter specification
[APP]INFO[0000] Replacing teenf filter specification
[APP]INFO[0000] Replacing lua filter specification
[APP]INFO[0000] support listener on :9911
[APP]INFO[0000] Dataclients are updated once, first load complete
[APP]INFO[0000] Listen on :9090
[APP]INFO[0000] TLS settings not found, defaulting to HTTP
[APP]INFO[0000] route settings, reset, route: egress: * -> bearerinjector("/tmp/secrets/my-token") -> "http://localhost:8000"
[APP]INFO[0000] route settings received, id: 1
[APP]INFO[0000] route settings applied, id: 1Nonexisting directory configured in -credentials-paths
$ ./bin/skipper --routes-file route.eskip -credentials-paths=/tmp/secrets
[APP]INFO[0000] Expose metrics in codahale format
[APP]ERRO[0000] Failed to add credentials file: /tmp/secrets: lstat /tmp/secrets: no such file or directory
[APP]INFO[0000] enable swarm: false
[APP]INFO[0000] Replacing tee filter specification
[APP]INFO[0000] Replacing teenf filter specification
[APP]INFO[0000] Replacing lua filter specification
[APP]INFO[0000] support listener on :9911
[APP]INFO[0000] Dataclients are updated once, first load complete
[APP]INFO[0000] Listen on :9090
[APP]INFO[0000] route settings, reset, route: egress: * -> bearerinjector("/tmp/secrets/my-token") -> "http://localhost:8000"
[APP]INFO[0000] route settings received, id: 1
[APP]INFO[0000] route settings applied, id: 1
[APP]INFO[0000] TLS settings not found, defaulting to HTTPEmpty directory directory configured in -credentials-paths
$ mkdir /tmp/secrets
$ ./bin/skipper --routes-file route.eskip -credentials-paths=/tmp/secrets
[APP]INFO[0000] Expose metrics in codahale format
[APP]INFO[0000] enable swarm: false
[APP]INFO[0000] Replacing tee filter specification
[APP]INFO[0000] Replacing teenf filter specification
[APP]INFO[0000] Replacing lua filter specification
[APP]INFO[0000] support listener on :9911
[APP]INFO[0000] Dataclients are updated once, first load complete
[APP]INFO[0000] Listen on :9090
[APP]INFO[0000] route settings, reset, route: egress: * -> bearerinjector("/tmp/secrets/my-token") -> "http://localhost:8000"
[APP]INFO[0000] route settings received, id: 1
[APP]INFO[0000] route settings applied, id: 1
[APP]INFO[0000] TLS settings not found, defaulting to HTTPEmpty file configured in -credentials-paths
$ touch /tmp/secrets/my-token
$ ./bin/skipper --routes-file route.eskip -credentials-paths=/tmp/secrets
[APP]INFO[0000] Expose metrics in codahale format
[APP]INFO[0000] Added secret file: /tmp/secrets/my-token
[APP]INFO[0000] enable swarm: false
[APP]INFO[0000] Replacing tee filter specification
[APP]INFO[0000] Replacing teenf filter specification
[APP]INFO[0000] Replacing lua filter specification
[APP]INFO[0000] support listener on :9911
[APP]INFO[0000] Dataclients are updated once, first load complete
[APP]INFO[0000] Listen on :9090
[APP]INFO[0000] route settings, reset, route: egress: * -> bearerinjector("/tmp/secrets/my-token") -> "http://localhost:8000"
[APP]INFO[0000] route settings received, id: 1
[APP]INFO[0000] route settings applied, id: 1
[APP]INFO[0000] TLS settings not found, defaulting to HTTPWould you like to work on it?
I may do a PR with the docs adjustment.
Is your feature request related to a problem? Please describe.
Setting up the filter to create a local egress proxy injecting Authorization header wasn't as smooth as it could have been. It's easy to misconfigure bearerinjector when just reading this entry in the filter documentation (=not reading about setRequestHeaderFromSecret since the page is long enough that it's not visible on the screen nor reading the egress reference).
Describe the solution you would like
bearerinjectoris not configured as a secret helping those with weak skipper-fu increasing the consistency of error messages.Describe alternatives you've considered (optional)
Just improving the docs.
Additional context (optional)
-credentials-paths-credentials-paths-credentials-paths-credentials-pathsMissing
-credentials-pathsNonexisting directory configured in
-credentials-pathsEmpty directory directory configured in
-credentials-pathsEmpty file configured in
-credentials-pathsWould you like to work on it?
I may do a PR with the docs adjustment.