[GitHub] [apisix] lpiob commented on issue #9351: bug: proxy-rewrite does not work with aws-lambda plugin

["lpiob (via GitHub)" <gi...@apache.org>]

lpiob commented on issue #9351:
URL: https://github.com/apache/apisix/issues/9351#issuecomment-1521825486

   I've injected my `generic-upstream.lua` with the same debug code and I can see that both the Authorization and User-Agent headers are forwarded.
   
   ```apisix-5b49f6b74-jkxft apisix 2023/04/25 13:22:49 [error] 252#252: *67998175 [lua] generic-upstream.lua:111: phase_func(): sn0rt generic headers: {"authorization":"Basic V<removed>w==","user-agent":"curl/7.88.1"
   ```
   
   Just to verify the config (mine was entered through apisix-ingress-controller), here's mine:
   ```
   $ curl -sH "X-API-Key: <removed>" http://apisix-admin.apisix.svc.cluster.local:9180/apisix/admin/routes/b94dc773 | jq
   {
     "createdIndex": 190619,
     "modifiedIndex": 190619,
     "value": {
       "plugins": {
         "aws-lambda": {
           "keepalive": true,
           "accesskey": "AKI<removed>",
           "secretkey": "<removed>",
           "keepalive_timeout": 60000,
           "authorization.iam.service": "lambda",
           "authorization": {
             "iam": {
               "service": "lambda",
               "accesskey": "<removed>",
               "aws_region": "eu-west-3",
               "secretkey": "<removed>"
             }
           },
           "authorization.iam.accesskey": "<removed>",
           "function_uri": "https://<removed>.lambda-url.eu-west-3.on.aws/",
           "ssl_verify": false,
           "authorization.iam.secretkey": "<removed>",
           "authorization.iam.aws_region": "eu-west-3",
           "timeout": 10000,
           "service": "lambda",
           "aws_region": "eu-west-3",
           "keepalive_pool": 5
         },
         "basic-auth": {
           "hide_credentials": false
         },
         "proxy-rewrite": {
           "headers": {
             "remove": [
               "User-Agent",
               "authorization",
               "Authorization"
             ]
           },
           "use_real_request_uri_unsafe": false
         }
       },
       "id": "b94dc773",
       "desc": "Created by apisix-ingress-controller, DO NOT modify it manually",
       "update_time": 1682429494,
       "name": "removed_lbiegaj-test_lbiegaj",
       "upstream_id": "3c4c019c",
       "create_time": 1682429494,
       "priority": 0,
       "labels": {
         "managed-by": "apisix-ingress-controller"
       },
       "uris": [
         "/lbiegaj/*"
       ],
       "status": 1,
       "methods": [
         "POST"
       ]
     },
     "key": "/apisix/routes/b94dc773"
   }
   ```
   
   The proxy-rewrite is matching your configuration.
   
   What's interesting, by checking the route definition I've noticed the `hide_credentials` config parameter in basic-auth plugin that I am using. Even after enabling it, the Authorization headers is forwarded, so maybe it's being set by some other plugin?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org