Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Access-rules conversion error. #274

Closed
ggimes opened this issue Oct 11, 2019 · 2 comments · Fixed by ory/k8s#64
Closed

Access-rules conversion error. #274

ggimes opened this issue Oct 11, 2019 · 2 comments · Fixed by ory/k8s#64

Comments

@ggimes
Copy link

ggimes commented Oct 11, 2019
edited
Loading

Hi there, I'm having an issue with the oathkeeper access rules I defined. For testing purpose, I tried to set the content of access-rules.json with the example from the documentation here and get a similar output. Here's how I install oathkeeper:

helm install --set 'image.tag=v0.19.1' -f config.yaml --set-file 'oathkeeper.mutatorIdTokenJWKs=./jwks.json' --set-file 'oathkeeper.accessRules=./access-rules.json' --namespace oathkeeper ory/oathkeeper

and the command output:

Error: YAML parse error on oathkeeper/templates/configmap-rules.yaml: error converting YAML to JSON: yaml: line 14: did not find expected key

If access.rules.json content is set to [] the installation succeeds.

If I run

helm install --dry-run --set 'image.tag=v0.19.1' -f config.yaml --set-file 'oathkeeper.mutatorIdTokenJWKs=./jwks.json' --set-file 'oathkeeper.accessRules=./access-rules.json' --namespace oathkeeper ory/oathkeeper

I get:

...
apiVersion: v1
kind: ConfigMap
metadata:
  name: broken-jellyfish-oathkeeper-rules
  namespace: oathkeeper
  labels:
    app.kubernetes.io/name: oathkeeper
    helm.sh/chart: oathkeeper-0.0.24
    app.kubernetes.io/instance: broken-jellyfish
    app.kubernetes.io/version: "v0.16.0-beta.4_oryOS.12"
    app.kubernetes.io/managed-by: Tiller
data:
  "access-rules.json": |
    [{
  "id": "some-id",
  "upstream": {
    "url": "http://my-backend-service"
  },
  "match": {
    "url": "http://my-app/some-route",
    "methods": [
      "GET"
    ]
  },
  "authenticators": [{
    "handler": "noop"
  }]
}]
...

The JSON format isn't converted properly... Hmm. Any idea / suggestion is welcome :-) (FYI I just started working with k8s and helm)

Thanks.
@ggimes
Copy link
Author

ggimes commented Oct 11, 2019
edited
Loading

Ok I think I found the potential issue. In the Helm file templates/configmap-rules.yaml.

If I changed the following line:
[2 spaces]{{ .Values.oathkeeper.accessRules | default "[]" }}
to:
{{ .Values.oathkeeper.accessRules | default "[]" | indent 4}}

Then the generated json's format seems correct and the installation succeeds.

@aeneasr
Copy link
Member

aeneasr commented Oct 15, 2019

Sorry for the late reply. I will investigate this now!

@aeneasr aeneasr mentioned this issue Oct 15, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

helm: Properly indent access rules ory/k8s
2 participants
@aeneasr @ggimes