Set grpc-status headers on dispatch errors #416
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When the proxy encounters errors, it sets the HTTP response code. However, gRPC applications do not honor HTTP response codes and, instead, rely on the `grpc-status` response header to be set. Since the proxy has specialized gRPC support in some other places (namely metrics/classification), we should attempt to behave well with gRPC applications. This change extracts the `errors` module from app-core into a new `error-respond` crate, which exposes a simplified trait interface. `app::core::errors` now provides an implementation for these traits that is able to translate proxy-internal errors to gRPC status codes and messages. Fixes linkerd/linkerd2#3493
olix0r
commented
Jan 27, 2020
hawkw
approved these changes
Jan 28, 2020
kleimkuhler
approved these changes
Jan 28, 2020
linkerd/error-respond/src/lib.rs
Outdated
| @@ -0,0 +1,89 @@ | |||
| //! Layer to map service errors into responss | |||
| ); | ||
| code | ||
| } else if error.is::<IdentityRequired>() { | ||
| let code = Code::FailedPrecondition; |
There was a problem hiding this comment.
I don't think anything relied on the Forbidden status code, but is this changing the error type for required tap identity? Before in require_identity_on_endpoint, if the condition failed we returned an error::StatusError with a Status = Forbidden. Now it's a gRPC status code FailedPrecondition
There was a problem hiding this comment.
It's still a FORBIDDEN for HTTP requests; but is now a FailedPrecondition for gRPC requests.. reading through the descriptions i thought this was the closest ft.
olix0r
added a commit
to linkerd/linkerd2
that referenced
this pull request
Feb 4, 2020
This release fixes a bug in the proxy's logging subsystem that could cause the proxy to consume memory until the process is OOMKilled, especially when the proxy was configured to log diagnostic information. The proxy also now properly emits `grpc-status` headers when signaling proxy errors to gRPC clients. This release upgrades the proxy's Rust version, the `http` crate dependency to address RUSTSEC-2019-0033 and RUSTSEC-2019-0034, and the `prost` crate dependency has been patched to address RUSTSEC-2020-02. --- * internal: Introduce a locking middleware (linkerd/linkerd2-proxy#408) * Update to Rust 1.40 with new Cargo.lock format (linkerd/linkerd2-proxy#410) * Update http to v0.1.21 (linkerd/linkerd2-proxy#412) * internal: Split retry, http-classify, and http-metrics (linkerd/linkerd2-proxy#409) * Actually update http to v0.1.21 (linkerd/linkerd2-proxy#413) * patch `prost` 0.5 to pick up security fix (linkerd/linkerd2-proxy#414) * metrics: Make Counter & Gauge atomic (linkerd/linkerd2-proxy#415) * Set grpc-status headers on dispatch errors (linkerd/linkerd2-proxy#416) * trace: update `tracing-subscriber` to 0.2.0-alpha.4 (linkerd/linkerd2-proxy#418) * discover: Warn on discovery error (linkerd/linkerd2-proxy#422) * router: Avoid large up-front allocations (linkerd/linkerd2-proxy#421) * errors: Set correct HTTP version on responses (linkerd/linkerd2-proxy#424) * app: initialize tracing prior to parsing env vars (linkerd/linkerd2-proxy#425) * trace: update tracing-subscriber to 0.2.0-alpha.6 (linkerd/linkerd2-proxy#423)
adleong
pushed a commit
to linkerd/linkerd2
that referenced
this pull request
Feb 4, 2020
This release fixes a bug in the proxy's logging subsystem that could cause the proxy to consume memory until the process is OOMKilled, especially when the proxy was configured to log diagnostic information. The proxy also now properly emits `grpc-status` headers when signaling proxy errors to gRPC clients. This release upgrades the proxy's Rust version, the `http` crate dependency to address RUSTSEC-2019-0033 and RUSTSEC-2019-0034, and the `prost` crate dependency has been patched to address RUSTSEC-2020-02. --- * internal: Introduce a locking middleware (linkerd/linkerd2-proxy#408) * Update to Rust 1.40 with new Cargo.lock format (linkerd/linkerd2-proxy#410) * Update http to v0.1.21 (linkerd/linkerd2-proxy#412) * internal: Split retry, http-classify, and http-metrics (linkerd/linkerd2-proxy#409) * Actually update http to v0.1.21 (linkerd/linkerd2-proxy#413) * patch `prost` 0.5 to pick up security fix (linkerd/linkerd2-proxy#414) * metrics: Make Counter & Gauge atomic (linkerd/linkerd2-proxy#415) * Set grpc-status headers on dispatch errors (linkerd/linkerd2-proxy#416) * trace: update `tracing-subscriber` to 0.2.0-alpha.4 (linkerd/linkerd2-proxy#418) * discover: Warn on discovery error (linkerd/linkerd2-proxy#422) * router: Avoid large up-front allocations (linkerd/linkerd2-proxy#421) * errors: Set correct HTTP version on responses (linkerd/linkerd2-proxy#424) * app: initialize tracing prior to parsing env vars (linkerd/linkerd2-proxy#425) * trace: update tracing-subscriber to 0.2.0-alpha.6 (linkerd/linkerd2-proxy#423)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When the proxy encounters errors, it sets the HTTP response code.
However, gRPC applications do not honor HTTP response codes and,
instead, rely on the
grpc-statusresponse header to be set. Since theproxy has specialized gRPC support in some other places (namely
metrics/classification), we should attempt to behave well with gRPC
applications.
This change extracts the
errorsmodule from app-core into a newerror-respondcrate, which exposes a simplified trait interface.app::core::errorsnow provides an implementation for these traits thatis able to translate proxy-internal errors to gRPC status codes and
messages.
Fixes linkerd/linkerd2#3493