You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Title: auth_password in redisproxy working as inline_string but not with filename (seems CRLF issue)
Description:
When using inline_string in the password , I am able to connect to redis upstream server but when i use the same password putting it in file then it does not work and authentication error return back to calling service.
Repro steps:
Include sample requests, environment, etc. All data and inputs
when password in file has partial termination then it works , if proper termination then does not work. I have noticed same issue on my macbook (envoy running in container) and actual openshift kubernetes environment. So this may not be just specific to Mac OS.
let me know what log level is required and on which module.
In order to reproduce use filename for auth_password instead of inline_string.
Observation when it work & when does not with filename as password.
If password is "XXXXXXXX" without quotes
base64 decoded value of WFhYWFhYWFg= in the file then works (decoded value on Mac is coming as XXXXXXXX%
base64 decoded value of WFhYWFhYWFgK in the file then does not work XXXXXXXX
I am not sure if this is only impacting auth_password in redis-proxy or across. I have validated the above issue with version envoy proxy 1.21.5 but may be present is latest version also.
The text was updated successfully, but these errors were encountered:
Title: auth_password in redisproxy working as inline_string but not with filename (seems CRLF issue)
Description:
Repro steps:
Config:
static_resources:
listeners:
name: redis_listener
address:
socket_address:
address: 0.0.0.0
port_value: 1999
filter_chains:
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.redis_proxy.v3.RedisProxy
stat_prefix: egress_redis
settings:
op_timeout: 5s
prefix_routes:
catch_all_route:
cluster: redis_cluster
clusters:
name: redis_cluster
connect_timeout: 1s
type: strict_dns
load_assignment:
cluster_name: redis_cluster
endpoints:
address:
socket_address:
address: redis.host
port_value: 6379
typed_extension_protocol_options:
envoy.filters.network.redis_proxy:
"@type": type.googleapis.com/google.protobuf.Struct
value:
auth_password:
#inline_string: "XXXXXXXX"
filename: "/etc/redis_password"
auth_username:
inline_string: "redis"
transport_socket:
name: envoy.transport_sockets.tls
typed_config:
"@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
sni: redis.host
common_tls_context:
validation_context:
trusted_ca:
filename: "trusted-ca-certificate.pem"
Logs:
In order to reproduce use filename for auth_password instead of inline_string.
Observation when it work & when does not with filename as password.
If password is "XXXXXXXX" without quotes
base64 decoded value of WFhYWFhYWFg= in the file then works (decoded value on Mac is coming as XXXXXXXX%
base64 decoded value of WFhYWFhYWFgK in the file then does not work XXXXXXXX
I am not sure if this is only impacting auth_password in redis-proxy or across. I have validated the above issue with version envoy proxy 1.21.5 but may be present is latest version also.
The text was updated successfully, but these errors were encountered: