error when --explain (stream terminated by RST_STREAM with error code NO_ERROR)
Saturas89 opened this issue · 8 comments
If we are using zed against authzed.com we can not use the "--explain" flag in a permission check.
There is always this error:
INF debugging requested on check
WRN No debuging information returned for the check
Error: rpc error: code = Internal desc = stream terminated by RST_STREAM with error code: NO_ERROR
We are using zed via brew on an apple m1.
This is sadly a known issue and we have not determined a root cause as of yet
Is there any workaround?
We are using the java client in our backend. There is no possibility to set the debug header or?
We hit the same issue. We host spicedb in k8s cluster with istio. If we access spicedb via istio virtual service, with --explain, we reproduce the same error:
Error: rpc error: code = Internal desc = stream terminated by RST_STREAM with error code: NO_ERROR
If we k8s port-forward k8s service of the spicedb Pods to a local port, then run the zed permission check --explain, against the local port, it then works fine. So it makes us think it is an issue related to networking.
@ldeng-apex Any insight into why istio might be showing that error?
@ldeng-apex Any insight into why istio might be showing that error?
No idea. Just a guess it is related to istio, based on that the workaround does not go through the istio network routing.
Update: we believe this is due to the debug trace information exceeding the maximum configured allowable size of the HTTP2 trailers; some clients libraries allow this to be overridden, but we're doing more research to determine a long-term solution
This should be addressed now as of https://github.com/authzed/zed/releases/tag/v0.17.0
Thanks guys! I was just coming to this issue to report that this miraculously started working again after upgrading Spicedb to v1.31.0. Can confirm it is working for @ldeng-apex and I now.