You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description:
When loading a WASM blob over http, the docs say of EnvoyExtensionPolicy::spec.wasm.code.http.sha256 "If not specified, Envoy Gateway will not verify the downloaded Wasm code."
However, when I omit that field
The CR is accepted, but
The WASM doesn't load, and the controlplane logs contain the following
2024-10-01T11:39:52.810Z INFO xds-translator runner/runner.go:55 received an update {"runner": "xds-translator"}
2024-10-01T11:39:52.811Z ERROR xds-translator runner/runner.go:85 failed to translate xds ir {"runner": "xds-translator", "error": "invalid Wasm.Config: embedded message failed validation | caused by: invalid PluginConfig.VmConfig: embedded message failed validation | caused by: invalid VmConfig.Code: embedded message failed validation | caused by: invalid AsyncDataSource.Remote: embedded message failed validation | caused by: invalid RemoteDataSource.Sha256: value length must be at least 1 runes"}
2024-10-01T11:39:52.811Z INFO xds-server runner/runner.go:140 received an update {"runner": "xds-server"}
2024-10-01T11:39:52.812Z ERROR watchable message/watchutil.go:56 observed an error {"runner": "xds-translator", "error": "invalid Wasm.Config: embedded message failed validation | caused by: invalid PluginConfig.VmConfig: embedded message failed validation | caused by: invalid VmConfig.Code: embedded message failed validation | caused by: invalid AsyncDataSource.Remote: embedded message failed validation | caused by: invalid RemoteDataSource.Sha256: value length must be at least 1 runes"}
So it seems like a non-empty sha256 is needed (I confirmed: supplying one fixes the issue). Worse, the docs are mis-leading, and the user-facing statuses say everything's ok.
What do we want to do? I guess either
a) Change the docs, and enforce a non-missing, non-empty sha256 field on the CRD, or
b) Change the code so that it doesn't try to produce RemoteDataSource.Sha256 and provides any other Envoy config necessary to skip sha256 validation
The text was updated successfully, but these errors were encountered:
Description:
When loading a WASM blob over http, the docs say of
EnvoyExtensionPolicy::spec.wasm.code.http.sha256
"If not specified, Envoy Gateway will not verify the downloaded Wasm code."However, when I omit that field
So it seems like a non-empty sha256 is needed (I confirmed: supplying one fixes the issue). Worse, the docs are mis-leading, and the user-facing statuses say everything's ok.
What do we want to do? I guess either
a) Change the docs, and enforce a non-missing, non-empty
sha256
field on the CRD, orb) Change the code so that it doesn't try to produce
RemoteDataSource.Sha256
and provides any other Envoy config necessary to skip sha256 validationThe text was updated successfully, but these errors were encountered: