You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by sp...@apache.org on 2022/05/05 01:54:24 UTC
[apisix] branch master updated: fix: hide 5xx error message from client (#6982)
This is an automated email from the ASF dual-hosted git repository.
spacewander pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git
The following commit(s) were added to refs/heads/master by this push:
new bd9f90002 fix: hide 5xx error message from client (#6982)
bd9f90002 is described below
commit bd9f90002308b2dd2ea68ade60bd0b1723aa118e
Author: leslie <59...@users.noreply.github.com>
AuthorDate: Thu May 5 09:54:20 2022 +0800
fix: hide 5xx error message from client (#6982)
Co-authored-by: 高亮亮 <gl...@alibaba-inc.com>
---
apisix/plugins/authz-casbin.lua | 3 ++-
apisix/plugins/authz-keycloak.lua | 18 ++++++++++--------
t/plugin/authz-keycloak.t | 3 +++
3 files changed, 15 insertions(+), 9 deletions(-)
diff --git a/apisix/plugins/authz-casbin.lua b/apisix/plugins/authz-casbin.lua
index 0826cc8cb..834c747b1 100644
--- a/apisix/plugins/authz-casbin.lua
+++ b/apisix/plugins/authz-casbin.lua
@@ -110,7 +110,8 @@ function _M.rewrite(conf, ctx)
-- creates an enforcer when request sent for the first time
local ok, err = new_enforcer_if_need(conf)
if not ok then
- return 503, {message = err}
+ core.log.error(err)
+ return 503
end
local path = ctx.var.uri
diff --git a/apisix/plugins/authz-keycloak.lua b/apisix/plugins/authz-keycloak.lua
index f792e1474..50f718d6b 100644
--- a/apisix/plugins/authz-keycloak.lua
+++ b/apisix/plugins/authz-keycloak.lua
@@ -345,7 +345,7 @@ local function authz_keycloak_ensure_sa_access_token(conf)
if not token_endpoint then
log.error("Unable to determine token endpoint.")
- return 500, "Unable to determine token endpoint."
+ return 503, "Unable to determine token endpoint."
end
local session = authz_keycloak_cache_get("access-tokens", token_endpoint .. ":"
@@ -451,7 +451,7 @@ local function authz_keycloak_ensure_sa_access_token(conf)
if not session then
-- No session available. Create a new one.
- core.log.debug("Getting access token for Protection API from token endpoint.")
+ log.debug("Getting access token for Protection API from token endpoint.")
local httpc = authz_keycloak_get_http_client(conf)
local params = {
@@ -527,7 +527,7 @@ local function authz_keycloak_resolve_resource(conf, uri, sa_access_token)
if not resource_registration_endpoint then
local err = "Unable to determine registration endpoint."
log.error(err)
- return 500, err
+ return 503, err
end
log.debug("Resource registration endpoint: ", resource_registration_endpoint)
@@ -572,7 +572,7 @@ local function evaluate_permissions(conf, ctx, token)
-- Ensure discovered data.
local err = authz_keycloak_ensure_discovered_data(conf)
if err then
- return 500, err
+ return 503, err
end
local permission
@@ -581,7 +581,8 @@ local function evaluate_permissions(conf, ctx, token)
-- Ensure service account access token.
local sa_access_token, err = authz_keycloak_ensure_sa_access_token(conf)
if err then
- return 500, err
+ log.error(err)
+ return 503
end
-- Resolve URI to resource(s).
@@ -591,7 +592,8 @@ local function evaluate_permissions(conf, ctx, token)
-- Check result.
if permission == nil then
-- No result back from resource registration endpoint.
- return 500, err
+ log.error(err)
+ return 503
end
else
-- Use statically configured permissions.
@@ -636,7 +638,7 @@ local function evaluate_permissions(conf, ctx, token)
if not token_endpoint then
err = "Unable to determine token endpoint."
log.error(err)
- return 500, err
+ return 503, err
end
log.debug("Token endpoint: ", token_endpoint)
@@ -663,7 +665,7 @@ local function evaluate_permissions(conf, ctx, token)
if not res then
err = "Error while sending authz request to " .. token_endpoint .. ": " .. err
log.error(err)
- return 500, err
+ return 503
end
log.debug("Response status: ", res.status, ", data: ", res.body)
diff --git a/t/plugin/authz-keycloak.t b/t/plugin/authz-keycloak.t
index 8efb0e7ce..7eb287b5a 100644
--- a/t/plugin/authz-keycloak.t
+++ b/t/plugin/authz-keycloak.t
@@ -326,6 +326,8 @@ passed
}
})
+ ngx.status = res.status
+
if res.status == 200 then
ngx.say(true)
else
@@ -339,6 +341,7 @@ GET /t
false
--- error_log
Error while sending authz request to https://127.0.0.1:8443/auth/realms/University/protocol/openid-connect/token: 18: self signed certificate
+--- error_code: 503