-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
grpc_http1_reverse_bridge
fails to propagate connection errors in responses
#37713
Comments
prototyping a fix in Lua and the following works: http_filters:
- name: envoy.filters.http.grpc_http1_reverse_bridge
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.grpc_http1_reverse_bridge.v3.FilterConfig
content_type: application/protobuf
response_size_header: "content-length"
withhold_grpc_frames: true
- name: envoy.filters.http.lua
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua
inline_code: |
function envoy_on_response(response_handle)
local grpc_status = response_handle:headers():get("grpc-status")
local content_type = response_handle:headers():get("content-type")
-- if content type is application/grpc AND grpc-status is 14 (UNAVAILABLE), then
-- rewrite content-type to application/protobuf
-- add fixed content-length header
if content_type == "application/grpc" and grpc_status == "14" then
response_handle:headers():replace("content-type", "application/protobuf")
response_handle:headers():replace("content-length", "0")
end
end
- name: envoy.filters.http.router
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router |
cc @zuercher @mattklein123 as codeowners |
I don't think there's a good way to detect that the upstream error was generated by Envoy, which is really the case where you'd want to change the behavior. Absent that I think it would be ok to change the filter to return a grpc status code based on the upstream server's HTTP status code when the response length header isn't set or when the content-type doesn't match the expected value and return the content-type and response length header errors only for otherwise-successful responses. The reason is that for upstream-generated errors, we should continue to proxy the response as it might contain a |
grpc_http1_reverse_bridge
fails to propagate connection errors in responsesDescription:
grpc_http1_reverse_bridge
when configured with either of the following options will fail to propagate connection errors in responses:content_type
to set anything other thanapplication/grpc
response_size_header
config option setRepro steps:
content_type: application/protobuf
andresponse_size_header
setConfig:
Logs:
Client Logs:
content_type: application/grpc
andresponse_size_header
setConfig
Logs
Client Logs:
content_type: application/grpc
withoutresponse_size_header
setConfig:
Logs:
Client Logs
I would expect the first two cases to behave similarly as the last one in terms of propagating the underlying connection errors to the client (UNAVAILABLE | 14)
The text was updated successfully, but these errors were encountered: