Skip to content

bearerinjector/setRequestHeaderFromSecret: better logging for misconfigured filters #3507

New issue
New issue
Open
Open
bearerinjector/setRequestHeaderFromSecret: better logging for misconfigured filters#3507
Labels
documentationgood first issue
@bocytko

Description

@bocytko
bocytko
opened on May 19, 2025

Is your feature request related to a problem? Please describe.
Setting up the filter to create a local egress proxy injecting Authorization header wasn't as smooth as it could have been. It's easy to misconfigure bearerinjector when just reading this entry in the filter documentation (=not reading about setRequestHeaderFromSecret since the page is long enough that it's not visible on the screen nor reading the egress reference).

Describe the solution you would like

  1. Improving bearerinjector documentation to link to the related egress reference with examples.
  2. Add additional logging mentioning that the file referenced in bearerinjector is not configured as a secret helping those with weak skipper-fu increasing the consistency of error messages.

Describe alternatives you've considered (optional)
Just improving the docs.

Additional context (optional)

Case Logging
Missing -credentials-paths None
Non-existing directory in -credentials-paths Error: Failed to add credentials file
Empty directory in -credentials-paths None
Empty file in -credentials-paths Info: Added secret file

Missing -credentials-paths

$ cat route.eskip
egress: * -> bearerinjector("/tmp/secrets/my-token") -> "http://localhost:8000";

$ ./bin/skipper --routes-file route.eskip
[APP]INFO[0000] Expose metrics in codahale format
[APP]INFO[0000] enable swarm: false
[APP]INFO[0000] Replacing tee filter specification
[APP]INFO[0000] Replacing teenf filter specification
[APP]INFO[0000] Replacing lua filter specification
[APP]INFO[0000] support listener on :9911
[APP]INFO[0000] Dataclients are updated once, first load complete
[APP]INFO[0000] Listen on :9090
[APP]INFO[0000] TLS settings not found, defaulting to HTTP
[APP]INFO[0000] route settings, reset, route: egress: * -> bearerinjector("/tmp/secrets/my-token") -> "http://localhost:8000"
[APP]INFO[0000] route settings received, id: 1
[APP]INFO[0000] route settings applied, id: 1

Nonexisting directory configured in -credentials-paths

$ ./bin/skipper --routes-file route.eskip -credentials-paths=/tmp/secrets
[APP]INFO[0000] Expose metrics in codahale format
[APP]ERRO[0000] Failed to add credentials file: /tmp/secrets: lstat /tmp/secrets: no such file or directory
[APP]INFO[0000] enable swarm: false
[APP]INFO[0000] Replacing tee filter specification
[APP]INFO[0000] Replacing teenf filter specification
[APP]INFO[0000] Replacing lua filter specification
[APP]INFO[0000] support listener on :9911
[APP]INFO[0000] Dataclients are updated once, first load complete
[APP]INFO[0000] Listen on :9090
[APP]INFO[0000] route settings, reset, route: egress: * -> bearerinjector("/tmp/secrets/my-token") -> "http://localhost:8000"
[APP]INFO[0000] route settings received, id: 1
[APP]INFO[0000] route settings applied, id: 1
[APP]INFO[0000] TLS settings not found, defaulting to HTTP

Empty directory directory configured in -credentials-paths

$ mkdir /tmp/secrets
$ ./bin/skipper --routes-file route.eskip -credentials-paths=/tmp/secrets
[APP]INFO[0000] Expose metrics in codahale format
[APP]INFO[0000] enable swarm: false
[APP]INFO[0000] Replacing tee filter specification
[APP]INFO[0000] Replacing teenf filter specification
[APP]INFO[0000] Replacing lua filter specification
[APP]INFO[0000] support listener on :9911
[APP]INFO[0000] Dataclients are updated once, first load complete
[APP]INFO[0000] Listen on :9090
[APP]INFO[0000] route settings, reset, route: egress: * -> bearerinjector("/tmp/secrets/my-token") -> "http://localhost:8000"
[APP]INFO[0000] route settings received, id: 1
[APP]INFO[0000] route settings applied, id: 1
[APP]INFO[0000] TLS settings not found, defaulting to HTTP

Empty file configured in -credentials-paths

$ touch /tmp/secrets/my-token
$ ./bin/skipper --routes-file route.eskip -credentials-paths=/tmp/secrets
[APP]INFO[0000] Expose metrics in codahale format
[APP]INFO[0000] Added secret file: /tmp/secrets/my-token
[APP]INFO[0000] enable swarm: false
[APP]INFO[0000] Replacing tee filter specification
[APP]INFO[0000] Replacing teenf filter specification
[APP]INFO[0000] Replacing lua filter specification
[APP]INFO[0000] support listener on :9911
[APP]INFO[0000] Dataclients are updated once, first load complete
[APP]INFO[0000] Listen on :9090
[APP]INFO[0000] route settings, reset, route: egress: * -> bearerinjector("/tmp/secrets/my-token") -> "http://localhost:8000"
[APP]INFO[0000] route settings received, id: 1
[APP]INFO[0000] route settings applied, id: 1
[APP]INFO[0000] TLS settings not found, defaulting to HTTP

Would you like to work on it?
I may do a PR with the docs adjustment.

Metadata

Metadata

Assignees

No one assigned

    Labels

    documentationgood first issue

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions