Comments (4)
phlax
commented on July 21, 2024
from envoy.
aniketmasule
commented on July 21, 2024
Hi @TAOXUY @lizan, Kindly let me know if you have any inputs on above query?
from envoy.
aniketmasule
commented on July 21, 2024
Hi @TAOXUY , @lizan ,
Could you please let me know if there is an existing way to handle the above mentioned scenario? Any input would be greatly appreciated. Thank you
from envoy.
arulthileeban
commented on July 21, 2024
AFAIK there is no straightforward way to look into the cache. An indirect way would be to investigate debug logs. They would produce similar logs as below which would indicate when a new JWKS is retrieved.
Note that, in the current state, the JWT filter will not intelligently try to retrieve a new JWKS if all requests coming in are signed with a different KID (the rotated key) #14557 . It will only retrieve it when the cache duration expires
[2024-06-02 15:45:48.395][4898852][debug][init] [source/common/init/target_impl.cc:15] init manager Listener-local-init-manager 5c8e57c5-6e81-4084-8c4b-ed58a6427ec3 1236881589127937490 initializing target Jwks async fetching url=https://localhost:8080/.well-known/jwks.json
[2024-06-02 15:45:48.395][4898852][debug][jwt] [source/extensions/filters/http/jwt_authn/jwks_async_fetcher.cc:86] Jwks async fetching url=https://localhost:8080/.well-known/jwks.json: started
[2024-06-02 15:45:48.395][4898852][debug][filter] [source/extensions/filters/http/common/jwks_fetcher.cc:60] fetch pubkey from [uri = https://localhost:8080/.well-known/jwks.json]: start
[2024-06-02 15:45:48.396][4898852][debug][router] [source/common/router/router.cc:515] [Tags: "ConnectionId":"0","StreamId":"518139968505146129"] cluster 'local_oidc' match for URL '/.well-known/jwks.json'
[2024-06-02 15:45:48.396][4898852][debug][router] [source/common/router/router.cc:738] [Tags: "ConnectionId":"0","StreamId":"518139968505146129"] router decoding headers:
':path', '/.well-known/jwks.json'
':authority', 'localhost:8080'
':method', 'GET'
':scheme', 'http'
'x-envoy-internal', 'true'
'x-forwarded-for', '192.168.25.226'
'x-envoy-expected-rq-timeout-ms', '5000'
[2024-06-02 15:45:48.396][4898852][debug][pool] [source/common/http/conn_pool_base.cc:78] queueing stream due to no available connections (ready=0 busy=0 connecting=0)
[2024-06-02 15:45:48.396][4898852][debug][pool] [source/common/conn_pool/conn_pool_base.cc:291] trying to create new connection
[2024-06-02 15:45:48.396][4898852][debug][pool] [source/common/conn_pool/conn_pool_base.cc:145] creating a new connection (connecting=0)
[2024-06-02 15:45:48.397][4898852][debug][connection] [./source/common/network/connection_impl.h:98] [Tags: "ConnectionId":"0"] current connecting state: true
[2024-06-02 15:45:48.397][4898852][debug][client] [source/common/http/codec_client.cc:57] [Tags: "ConnectionId":"0"] connecting
[2024-06-02 15:45:48.397][4898852][debug][connection] [source/common/network/connection_impl.cc:1017] [Tags: "ConnectionId":"0"] connecting to 127.0.0.1:8080
[2024-06-02 15:45:48.397][4898852][debug][connection] [source/common/network/connection_impl.cc:1036] [Tags: "ConnectionId":"0"] connection in progress
[2024-06-02 15:45:48.397][4898852][debug][connection] [source/common/network/connection_impl.cc:746] [Tags: "ConnectionId":"0"] connected
[2024-06-02 15:45:48.397][4898852][debug][client] [source/common/http/codec_client.cc:88] [Tags: "ConnectionId":"0"] connected
[2024-06-02 15:45:48.397][4898852][debug][pool] [source/common/conn_pool/conn_pool_base.cc:328] [Tags: "ConnectionId":"0"] attaching to next stream
[2024-06-02 15:45:48.397][4898852][debug][pool] [source/common/conn_pool/conn_pool_base.cc:182] [Tags: "ConnectionId":"0"] creating stream
[2024-06-02 15:45:48.397][4898852][debug][router] [source/common/router/upstream_request.cc:588] [Tags: "ConnectionId":"0","StreamId":"518139968505146129"] pool ready
[2024-06-02 15:45:48.397][4898852][debug][client] [source/common/http/codec_client.cc:142] [Tags: "ConnectionId":"0"] encode complete
[2024-06-02 15:45:48.416][4898852][debug][router] [source/common/router/router.cc:1530] [Tags: "ConnectionId":"0","StreamId":"518139968505146129"] upstream headers complete: end_stream=false
[2024-06-02 15:45:48.416][4898852][debug][http] [source/common/http/async_client_impl.cc:134] async http request response headers (end_stream=false):
':status', '200'
'content-type', 'application/json'
'date', 'Sun, 02 Jun 2024 19:45:48 GMT'
'content-length', '478'
'x-envoy-upstream-service-time', '18'
[2024-06-02 15:45:48.416][4898852][debug][client] [source/common/http/codec_client.cc:129] [Tags: "ConnectionId":"0"] response complete
[2024-06-02 15:45:48.416][4898852][debug][filter] [source/extensions/filters/http/common/jwks_fetcher.cc:85] onSuccess: fetch pubkey [uri = https://localhost:8080/.well-known/jwks.json]: success
[2024-06-02 15:45:48.416][4898852][debug][filter] [source/extensions/filters/http/common/jwks_fetcher.cc:91] onSuccess: fetch pubkey [uri = https://localhost:8080/.well-known/jwks.json]: succeeded
from envoy.
Related Issues (20)
- New CEL convenience function: random() HOT 6
- Newer release available `com_github_c_ares_c_ares`: v1.31.0 (current: cares-1_20_1)
- Perf issue with c-ares DNS resolver HOT 4
- Control Weighted Cluster Weights via Runtime config
- Question about request_mirroring#disable_shadow_host_suffix_append HOT 2
- Garbled characters are displayed when setting cookie attribute HOT 3
- Qus: Does envoy support connecting to upstream Redis with TLS enabled? HOT 2
- Newer release available `com_github_zlib_ng_zlib_ng`: 2.1.7 (current: 2.0.7) HOT 1
- Newer release available `io_bazel_rules_go`: v0.48.1 (current: v0.46.0)
- Newer release available `rules_python`: 0.33.2 (current: 0.32.2)
- CONNECT-UDP in forwarding proxy mode resets stream and fails to send HTTP Datagrams HOT 1
- Regarding use of envoy api along with envoy api dependencies HOT 2
- Newer release available `com_github_wasmtime`: v22.0.0 (current: v9.0.3)
- ext_proc: should return 504 on timeout error HOT 1
- Does envoy supports configuring upstream application layer protocol? HOT 1
- Clean up Stats header import of MemoryTest
- Newer release available `aspect_bazel_lib`: v2.7.8 (current: v2.7.7)
- Newer release available `com_github_bufbuild_buf`: v1.34.0 (current: v1.32.2)
- Newer release available `com_github_datadog_dd_trace_cpp`: v0.2.2 (current: v0.2.1)
- Newer release available `io_opentelemetry_cpp`: v1.16.0 (current: v1.14.2)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from envoy.