DAPR 中间件:OPA。损坏的配置
DAPR middleware: OPA. Broken configuration
我已经将 DAPR 设置为 运行 我的应用程序中的 sidecar,这绝对没问题。我现在正试图在 DAPR 调用中将 OPA 作为中间件注入。这应该很简单...设置应用程序注释到配置、管道配置和组件:
应用注释:
apiVersion: apps/v1
kind: Deployment
metadata:
...
spec:
...
template:
metadata:
...
annotations:
dapr.io/enabled: "true"
dapr.io/app-id: "appname"
dapr.io/app-port: "1003"
dapr.io/config: "opa-pipeline"
管道配置:
apiVersion: dapr.io/v1alpha1
kind: Configuration
metadata:
name: opa-pipeline
namespace: default
spec:
httpPipeline:
handlers:
- name: opa-component
type: middleware.http.opa
组件:
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: opa-component
namespace: default
spec:
type: middleware.http.opa
version: v1
metadata:
- name: defaultStatus
value: 403
- name: rego
value: |
package http
default allow = true
# Allow may also be an object and include other properties
# For example, if you wanted to redirect on a policy failure, you could set the status code to 301 and set the location header on the response:
allow = {
"status_code": 301,
"additional_headers": {
"location": "https://my.site/authorize"
}
} {
not jwt.payload["my-claim"]
}
# You can also allow the request and add additional headers to it:
allow = {
"allow": true,
"additional_headers": {
"x-my-claim": my_claim
}
} {
my_claim := jwt.payload["my-claim"]
}
jwt = { "payload": payload } {
auth_header := input.request.headers["authorization"]
[_, jwt] := split(auth_header, " ")
[_, payload, _] := io.jwt.decode(jwt)
}
谁能告诉我为什么我对此有误?
错误:
time="2021-08-19T15:32:20.3742084Z" level=info msg="enabled middleware.http.opa/ http middleware" app_id=gql instance=gql-deployment-dcccd9fcf-d7wjb scope=dapr.runtime type=log ver=1.3.0
time="2021-08-19T15:32:20.3742963Z" level=info msg="enabled gRPC tracing middleware" app_id=gql instance=gql-deployment-dcccd9fcf-d7wjb scope=dapr.runtime.grpc.api type=log ver=1.3.0
time="2021-08-19T15:32:20.3744374Z" level=info msg="enabled gRPC metrics middleware" app_id=gql instance=gql-deployment-dcccd9fcf-d7wjb scope=dapr.runtime.grpc.api type=log ver=1.3.0
time="2021-08-19T15:32:20.3745582Z" level=info msg="API gRPC server is running on port 50001" app_id=gql instance=gql-deployment-dcccd9fcf-d7wjb scope=dapr.runtime type=log ver=1.3.0
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x16ceb7a]
goroutine 1 [running]:
github.com/dapr/dapr/pkg/middleware/http.Pipeline.Apply(0xc000499118, 0x1, 0x1, 0xc000b084c0, 0x1)
/home/runner/work/dapr/dapr/pkg/middleware/http/http_pipeline.go:27 +0x3a
github.com/dapr/dapr/pkg/http.(*server).useComponents(...)
/home/runner/work/dapr/dapr/pkg/http/server.go:110
github.com/dapr/dapr/pkg/http.(*server).StartNonBlocking(0xc0005cc180)
/home/runner/work/dapr/dapr/pkg/http/server.go:64 +0x67
github.com/dapr/dapr/pkg/runtime.(*DaprRuntime).startHTTPServer(0xc000a78a00, 0xdac, 0x1e61, 0x3faf1b0, 0x1, 0xc000499118, 0x1, 0x1)
/home/runner/work/dapr/dapr/pkg/runtime/runtime.go:786 +0x512
github.com/dapr/dapr/pkg/runtime.(*DaprRuntime).initRuntime(0xc000a78a00, 0xc000312bb0, 0xa, 0xc0005bb180)
/home/runner/work/dapr/dapr/pkg/runtime/runtime.go:345 +0x63b
github.com/dapr/dapr/pkg/runtime.(*DaprRuntime).Run(0xc000a78a00, 0xc000abff40, 0x7, 0x7, 0x66, 0xc00009e000)
/home/runner/work/dapr/dapr/pkg/runtime/runtime.go:221 +0x25e
main.main()
/home/runner/work/dapr/dapr/cmd/daprd/main.go:151 +0x1126
解析默认状态值时出错:https://github.com/dapr/dapr/issues/3216。它已在 v1.5 中修复。
我已经将 DAPR 设置为 运行 我的应用程序中的 sidecar,这绝对没问题。我现在正试图在 DAPR 调用中将 OPA 作为中间件注入。这应该很简单...设置应用程序注释到配置、管道配置和组件:
应用注释:
apiVersion: apps/v1
kind: Deployment
metadata:
...
spec:
...
template:
metadata:
...
annotations:
dapr.io/enabled: "true"
dapr.io/app-id: "appname"
dapr.io/app-port: "1003"
dapr.io/config: "opa-pipeline"
管道配置:
apiVersion: dapr.io/v1alpha1
kind: Configuration
metadata:
name: opa-pipeline
namespace: default
spec:
httpPipeline:
handlers:
- name: opa-component
type: middleware.http.opa
组件:
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: opa-component
namespace: default
spec:
type: middleware.http.opa
version: v1
metadata:
- name: defaultStatus
value: 403
- name: rego
value: |
package http
default allow = true
# Allow may also be an object and include other properties
# For example, if you wanted to redirect on a policy failure, you could set the status code to 301 and set the location header on the response:
allow = {
"status_code": 301,
"additional_headers": {
"location": "https://my.site/authorize"
}
} {
not jwt.payload["my-claim"]
}
# You can also allow the request and add additional headers to it:
allow = {
"allow": true,
"additional_headers": {
"x-my-claim": my_claim
}
} {
my_claim := jwt.payload["my-claim"]
}
jwt = { "payload": payload } {
auth_header := input.request.headers["authorization"]
[_, jwt] := split(auth_header, " ")
[_, payload, _] := io.jwt.decode(jwt)
}
谁能告诉我为什么我对此有误?
错误:
time="2021-08-19T15:32:20.3742084Z" level=info msg="enabled middleware.http.opa/ http middleware" app_id=gql instance=gql-deployment-dcccd9fcf-d7wjb scope=dapr.runtime type=log ver=1.3.0
time="2021-08-19T15:32:20.3742963Z" level=info msg="enabled gRPC tracing middleware" app_id=gql instance=gql-deployment-dcccd9fcf-d7wjb scope=dapr.runtime.grpc.api type=log ver=1.3.0
time="2021-08-19T15:32:20.3744374Z" level=info msg="enabled gRPC metrics middleware" app_id=gql instance=gql-deployment-dcccd9fcf-d7wjb scope=dapr.runtime.grpc.api type=log ver=1.3.0
time="2021-08-19T15:32:20.3745582Z" level=info msg="API gRPC server is running on port 50001" app_id=gql instance=gql-deployment-dcccd9fcf-d7wjb scope=dapr.runtime type=log ver=1.3.0
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x16ceb7a]
goroutine 1 [running]:
github.com/dapr/dapr/pkg/middleware/http.Pipeline.Apply(0xc000499118, 0x1, 0x1, 0xc000b084c0, 0x1)
/home/runner/work/dapr/dapr/pkg/middleware/http/http_pipeline.go:27 +0x3a
github.com/dapr/dapr/pkg/http.(*server).useComponents(...)
/home/runner/work/dapr/dapr/pkg/http/server.go:110
github.com/dapr/dapr/pkg/http.(*server).StartNonBlocking(0xc0005cc180)
/home/runner/work/dapr/dapr/pkg/http/server.go:64 +0x67
github.com/dapr/dapr/pkg/runtime.(*DaprRuntime).startHTTPServer(0xc000a78a00, 0xdac, 0x1e61, 0x3faf1b0, 0x1, 0xc000499118, 0x1, 0x1)
/home/runner/work/dapr/dapr/pkg/runtime/runtime.go:786 +0x512
github.com/dapr/dapr/pkg/runtime.(*DaprRuntime).initRuntime(0xc000a78a00, 0xc000312bb0, 0xa, 0xc0005bb180)
/home/runner/work/dapr/dapr/pkg/runtime/runtime.go:345 +0x63b
github.com/dapr/dapr/pkg/runtime.(*DaprRuntime).Run(0xc000a78a00, 0xc000abff40, 0x7, 0x7, 0x66, 0xc00009e000)
/home/runner/work/dapr/dapr/pkg/runtime/runtime.go:221 +0x25e
main.main()
/home/runner/work/dapr/dapr/cmd/daprd/main.go:151 +0x1126
解析默认状态值时出错:https://github.com/dapr/dapr/issues/3216。它已在 v1.5 中修复。