Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

grpc: strip local ACL tokens from RPCs during forwarding if crossing datacenters #11086

Closed
rboyer opened this issue Sep 20, 2021 · 0 comments · Fixed by #11099
Closed

grpc: strip local ACL tokens from RPCs during forwarding if crossing datacenters #11086

rboyer opened this issue Sep 20, 2021 · 0 comments · Fixed by #11099
Assignees
@rboyer
Labels
theme/streaming Related to Streaming connections between server and client type/bug Feature does not function as expected

Comments

@rboyer
Copy link
Member

rboyer commented Sep 20, 2021
edited
Loading

For native gRPC (like streaming) the fix from #7419 was not ported over, so cross-datacenter forwarded gRPC requests that use local tokens on the calling side fail with ACL not found.

Specifically for a streaming health query it would show up in the logs as well like:

[ERROR] agent.rpcclient.health: subscribe call failed: err="rpc error: code = Unknown desc = ACL not found" topic=ServiceHealthConnect key=web-delay failure_count=16

This would need to be backported to all versions supporting streaming. The fix should apply to any gRPC request.
@rboyer rboyer added type/bug Feature does not function as expected theme/streaming Related to Streaming connections between server and client labels Sep 20, 2021
@rboyer rboyer self-assigned this Sep 20, 2021
rboyer added a commit that referenced this issue Sep 21, 2021
@rboyer
grpc: strip local ACL tokens from RPCs during forwarding if crossing …
882a1f8 
…datacenters

Fixes #11086
@rboyer rboyer mentioned this issue Sep 21, 2021
Merged
rboyer added a commit that referenced this issue Sep 22, 2021
@rboyer
grpc: strip local ACL tokens from RPCs during forwarding if crossing …
706fc8b 
…datacenters (#11099)

Fixes #11086
@lkysow lkysow mentioned this issue Nov 18, 2021
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rboyer rboyer

Labels
theme/streaming Related to Streaming connections between server and client type/bug Feature does not function as expected
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

grpc: strip local ACL tokens from RPCs during forwarding if crossing datacenters hashicorp/consul
1 participant
@rboyer