Skip to main content
logoTetrate Istio SubscriptionVersion: Next

TIS0102 - Invalid HTTP Method or gRPC Name

Only valid HTTP methods and fully-qualified gRPC names are allowed.

Recommendation: Ensure Methods are Valid HTTP Methods or gRPC Names

To avoid misconfigurations, ensure that only valid HTTP methods or fully-qualified gRPC names are used in your Istio policies. Incorrect values can lead to configuration errors and ineffective policy application.

Examples

  1. AuthorizationPolicy with Invalid HTTP Method

    apiVersion: security.istio.io/v1beta1
    kind: AuthorizationPolicy
    metadata:
      name: invalid-http-method
      namespace: example-namespace
    spec:
      rules:
      - to:
        - operation:
            methods: ["INVALID_METHOD"]

    Explanation: The AuthorizationPolicy specifies an HTTP method INVALID_METHOD which is not a valid HTTP method. Only valid methods like GET, POST, PUT, etc., are allowed.

  2. AuthorizationPolicy with Incorrect gRPC Name

    apiVersion: security.istio.io/v1beta1
    kind: AuthorizationPolicy
    metadata:
      name: incorrect-grpc-name
      namespace: example-namespace
    spec:
      rules:
      - to:
        - operation:
            methods: ["/invalid/service/name"]

    Explanation: The gRPC name specified is incorrect. A valid gRPC name must be in the form /package.service/method.

  3. VirtualService with Invalid HTTP Method

    apiVersion: networking.istio.io/v1beta1
    kind: VirtualService
    metadata:
      name: virtual-service-invalid-method
      namespace: example-namespace
    spec:
      http:
      - match:
        - method:
            type: INVALID_METHOD
        route:
        - destination:
            host: my-service

    Explanation: The HTTP method specified in the VirtualService is invalid. Only standard HTTP methods like GET, POST, etc., should be used.

Recommendation

Change or remove the invalid method. It must be a valid HTTP method or a fully-qualified gRPC service name in the form /package.service/method.

  1. Use a Valid HTTP Method

    Update the configuration to use a valid HTTP method.

    apiVersion: security.istio.io/v1beta1
    kind: AuthorizationPolicy
    metadata:
      name: valid-http-method
      namespace: example-namespace
    spec:
      rules:
      - to:
        - operation:
            methods: ["GET"]

  2. Use a Valid gRPC Name

    Specify a fully-qualified gRPC service name in the correct format.

    apiVersion: security.istio.io/v1beta1
    kind: AuthorizationPolicy
    metadata:
      name: valid-grpc-name
      namespace: example-namespace
    spec:
      rules:
      - to:
        - operation:
            methods: ["/package.service/method"]

  3. Remove Invalid Method or Update with Correct Value

    Remove or replace the invalid method in the VirtualService with a valid HTTP method.

    apiVersion: networking.istio.io/v1beta1
    kind: VirtualService
    metadata:
      name: virtual-service-valid-method
      namespace: example-namespace
    spec:
      http:
      - match:
        - method:
            type: GET
        route:
        - destination:
            host: my-service