You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
With the changes in #158 we no longer resume and ignore subsequent actions when an action with FailureMode::Allow fails. This creates an "undesirable" behaviour for some cases.
An example is performing authenticated rate-limiting where the auth service is set to FailureMode::Allow; on failure there is no data returned from the auth service, so if your rate limit action is predicated on data expected from the auth request, or the data is used to determine which limit to apply, the rate limiting would not take place and all requests would "silently" go through.
With the changes in #158 we no longer resume and ignore subsequent actions when an action with
FailureMode::Allow
fails. This creates an "undesirable" behaviour for some cases.An example is performing authenticated rate-limiting where the auth service is set to
FailureMode::Allow
; on failure there is no data returned from the auth service, so if your rate limit action is predicated on data expected from the auth request, or the data is used to determine which limit to apply, the rate limiting would not take place and all requests would "silently" go through.This can be easily reproduced with the
*.a.multi.com
example in our test environment https://github.com/Kuadrant/wasm-shim/blob/main/utils/deploy/envoy.yaml#L296-L323, by setting authorinofailureMode: allow
and scaling down both the authorino-operator and authorino; all requests go through the rate-limiting service and are allowed with200
.The text was updated successfully, but these errors were encountered: