Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

keto_engine_acp_ory not working with oryOS10 #150

Closed
bensont1 opened this issue Jan 8, 2019 · 5 comments
Closed

keto_engine_acp_ory not working with oryOS10 #150

bensont1 opened this issue Jan 8, 2019 · 5 comments

Comments

@bensont1
Copy link

bensont1 commented Jan 8, 2019

Describe the bug
Getting Bad Request for authorizer of type keto_engine_acp_ory when creating a new rule.

To Reproduce
Steps to reproduce the behavior:
Use keto_engine_acp_ory with config containing required_action and required_resource

Expected behavior
A clear and concise description of what you expected to happen.
Should expect rule to be inserted.

Version:

  • Environment: Docker
  • Version v0.14.2_oryOS.10

Additional context
I have set the required Environment variable to enable the Keto authorizer: using new variable AUTHORIZER_KETO_URL
Error From API:

{
    "error": {
        "code": 400,
        "status": "Bad Request",
        "reason": "Authorizer \"keto_engine_acp_ory\" is valid but has not enabled by the server's configuration, enabled authorizers are: [allow deny]",
        "message": "The request is malformed or contains invalid data"
    }
}
@aeneasr
Copy link
Member

aeneasr commented Jan 8, 2019

Could you please show the keto logs? The authorizer should work fine when configured properly

@bensont1
Copy link
Author

bensont1 commented Jan 8, 2019

Here are the log output when request is made to oathkeeper api

time="2019-01-08T08:54:58Z" level=info msg="started handling request" method=POST remote="*******:55946" request=/rules
time="2019-01-08T08:54:58Z" level=error msg="An error occurred while handling a request" code=400 details="map[]" error="The request is malformed or contains invalid data" reason="Authorizer \"keto_engine_acp_ory\" is valid but has not enabled by the server's configuration, enabled authorizers are: [allow deny]" request-id= status="Bad Request" trace="Stack trace: \ngithub.com/ory/oathkeeper/rule.ValidateRule.func1\n\t/go/src/github.com/ory/oathkeeper/rule/rule_validator.go:81\ngithub.com/ory/oathkeeper/rule.(*Handler).decodeRule\n\t/go/src/github.com/ory/oathkeeper/rule/handler.go:240\ngithub.com/ory/oathkeeper/rule.(*Handler).Create\n\t/go/src/github.com/ory/oathkeeper/rule/handler.go:83\ngithub.com/ory/oathkeeper/rule.(*Handler).Create-fm\n\t/go/src/github.com/ory/oathkeeper/rule/handler.go:57\ngithub.com/julienschmidt/httprouter.(*Router).ServeHTTP\n\t/go/pkg/mod/github.com/julienschmidt/[email protected]/router.go:334\ngithub.com/ory/oathkeeper/judge.(*Handler).ServeHTTP\n\t/go/src/github.com/ory/oathkeeper/judge/handler.go:72\ngithub.com/urfave/negroni.Wrap.func1\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:46\ngithub.com/urfave/negroni.HandlerFunc.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:29\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\ngithub.com/urfave/negroni.middleware.ServeHTTP-fm\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\ngithub.com/ory/x/metricsx.(*MetricsManager).ServeHTTP\n\t/go/pkg/mod/github.com/ory/[email protected]/metricsx/middleware.go:207\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\ngithub.com/urfave/negroni.middleware.ServeHTTP-fm\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\ngithub.com/meatballhat/negroni-logrus.(*Middleware).ServeHTTP\n\t/go/pkg/mod/github.com/meatballhat/[email protected]/middleware.go:136\ngithub.com/urfave/negroni.middleware.ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38\ngithub.com/urfave/negroni.(*Negroni).ServeHTTP\n\t/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:96\nnet/http.serverHandler.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2741\nnet/http.(*conn).serve\n\t/usr/local/go/src/net/http/server.go:1847\nruntime.goexit\n\t/usr/local/go/src/runtime/asm_amd64.s:1333" writer=JSON
time="2019-01-08T08:54:58Z" level=info msg="completed handling request" measure#oathkeeper-api.latency=2668496 method=POST remote="******:55946" request=/rules status=400 text_status="Bad Request" took=2.668496ms

and the input authorizer block looks like this:

"authorizer": {
        "handler": "keto_engine_acp_ory",
        "config": {
            "required_action": "****",
            "required_resource": "****"
        }
    },

@aeneasr
Copy link
Member

aeneasr commented Jan 8, 2019

Could you show the startup logs too, please?

@bensont1
Copy link
Author

bensont1 commented Jan 8, 2019

@aeneasr Oh shoot, I was just looking at the startup logs. I realized I was looking at the oathkeeper proxy logs earlier and not the API process, since I have them run separately. I then noticed I misconfigured the Environment variable, and only changed the proxy configs.

@bensont1 bensont1 closed this as completed Jan 8, 2019
@aeneasr
Copy link
Member

aeneasr commented Jan 8, 2019

No worries! I want to improve this process anyways because I think it's kind of annoying.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aeneasr @bensont1