tall-angle-41306
03/30/2022, 4:54 PMExpected exactly one rule but found multiple rules
Are there any ways to allow a URL in two rules (and maybe define some form of priority)?
As an example;
# Default Deny all
...
"match": {
"url": "<.*>",
"methods": ["GET"]
},
"authenticators": [
{
"handler": "anonymous"
}
],
"authorizer": {
"handler": "deny"
},
...
and then the 2nd rule
"match": {
"url": "<http://foo/bar>",
"methods": ["GET"]
},
"authenticators": [
{
"handler": "anonymous"
}
],
"authorizer": {
"handler": "allow"
},
Because of the above, the URL <http://foo/bar>
matches both rules, resulting in the error.
We're using Istio with Oauthkeeper, and filter all requests via EnvoyFilter. Because of this we encounter Requested url does not match any rules
if we don't have a rule for that URL, and I'm trying to avoid having to create rules for every single endpoint for a service, or having to explicitly filter each endpoint on Envoydamp-sunset-69236
03/31/2022, 8:15 AMtall-angle-41306
03/31/2022, 8:21 AMtall-angle-41306
03/31/2022, 9:58 AMRequested url does not match any rules
error? Alternatively, is there a way to customise that error to something more end user friendly?damp-sunset-69236
03/31/2022, 10:12 AMdamp-sunset-69236
03/31/2022, 11:02 AMtall-angle-41306
03/31/2022, 11:13 AMcontinue:
label.
When a rule is matched, if continue: true
it'll continue to evaluate the other rules to see if there is another match later down the chain. This probably wouldn't work in reality with oathkeeper as it'll need to have an awareness of rule ordering to work properly.