You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/03/03 01:16:33 UTC
[GitHub] [apisix] spacewander commented on a change in pull request #6485: feat: authz-keycloak plugin support redirect
spacewander commented on a change in pull request #6485:
URL: https://github.com/apache/apisix/pull/6485#discussion_r818234419
##########
File path: docs/en/latest/plugins/authz-keycloak.md
##########
@@ -63,6 +63,8 @@ For more information on Keycloak, refer to [Keycloak Authorization Docs](https:/
| keepalive | boolean | optional | true | | Enable HTTP keep-alive to keep connections open after use. Set to `true` if you expect a lot of requests to Keycloak. |
| keepalive_timeout | integer | optional | 60000 | positive integer >= 1000 | Idle timeout after which established HTTP connections will be closed. |
| keepalive_pool | integer | optional | 5 | positive integer >= 1 | Maximum number of connections in the connection pool. |
+| keepalive_pool | integer | optional | 5 | positive integer >= 1 | Maximum number of connections in the connection pool. |
Review comment:
Duplicate?
##########
File path: t/plugin/authz-keycloak.t
##########
@@ -551,3 +551,99 @@ GET /t
--- response_body
{"error":"access_denied","error_description":"not_authorized"}
--- no_error_log
+
+
+
+=== TEST 16: set enforcement mode is "ENFORCING", lazy_load_paths and permissions use default values , access_denied_redirect_uri is "http://127.0.0.1/test"
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local code, body = t('/apisix/admin/routes/1',
+ ngx.HTTP_PUT,
+ [[{
+ "plugins": {
+ "authz-keycloak": {
+ "token_endpoint": "http://127.0.0.1:8443/auth/realms/University/protocol/openid-connect/token",
+ "client_id": "course_management",
+ "grant_type": "urn:ietf:params:oauth:grant-type:uma-ticket",
+ "policy_enforcement_mode": "ENFORCING",
+ "timeout": 3000,
+ "access_denied_redirect_uri": "http://127.0.0.1/test"
+ }
+ },
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1982": 1
+ },
+ "type": "roundrobin"
+ },
+ "uri": "/hello1"
+ }]],
+ [[{
+ "node": {
+ "value": {
+ "plugins": {
+ "authz-keycloak": {
+ "token_endpoint": "http://127.0.0.1:8443/auth/realms/University/protocol/openid-connect/token",
+ "client_id": "course_management",
+ "grant_type": "urn:ietf:params:oauth:grant-type:uma-ticket",
+ "policy_enforcement_mode": "ENFORCING",
+ "timeout": 3000,
+ "access_denied_redirect_uri": "http://127.0.0.1/test"
+ }
+ },
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1982": 1
+ },
+ "type": "roundrobin"
+ },
+ "uri": "/hello1"
+ },
+ "key": "/apisix/routes/1"
+ },
+ "action": "set"
+ }]]
+ )
+
+ if code >= 300 then
+ ngx.status = code
+ end
+ ngx.say(body)
+ }
+ }
+--- request
+GET /t
+--- response_body
+passed
+--- no_error_log
+[error]
+
+
+
+=== TEST 17: test for permission is empty and enforcement mode is "ENFORCING" , access_denied_redirect_uri is "http://127.0.0.1/test".
+--- config
+ location /t {
+ content_by_lua_block {
+ local http = require "resty.http"
+ local httpc = http.new()
+ local uri = "http://127.0.0.1:" .. ngx.var.server_port .. "/hello1"
+ local res, err = httpc:request_uri(uri, {
+ method = "GET",
+ headers = {
+ ["Authorization"] = "Bearer " .. "fake access token",
+ }
+ })
+ if res.status >= 300 then
+ ngx.status = res.status
+ ngx.header["Location"] = res.headers["Location"]
+ end
+ }
+ }
+--- request
+GET /t
+--- response_headers
+Location: http://127.0.0.1/test
+--- error_code: 302
+--- no_error_log
Review comment:
Empty `--- no_error_log`
##########
File path: t/plugin/authz-keycloak.t
##########
@@ -551,3 +551,99 @@ GET /t
--- response_body
{"error":"access_denied","error_description":"not_authorized"}
--- no_error_log
+
+
+
+=== TEST 16: set enforcement mode is "ENFORCING", lazy_load_paths and permissions use default values , access_denied_redirect_uri is "http://127.0.0.1/test"
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local code, body = t('/apisix/admin/routes/1',
+ ngx.HTTP_PUT,
+ [[{
+ "plugins": {
+ "authz-keycloak": {
+ "token_endpoint": "http://127.0.0.1:8443/auth/realms/University/protocol/openid-connect/token",
+ "client_id": "course_management",
+ "grant_type": "urn:ietf:params:oauth:grant-type:uma-ticket",
+ "policy_enforcement_mode": "ENFORCING",
+ "timeout": 3000,
+ "access_denied_redirect_uri": "http://127.0.0.1/test"
+ }
+ },
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1982": 1
+ },
+ "type": "roundrobin"
+ },
+ "uri": "/hello1"
+ }]],
+ [[{
+ "node": {
Review comment:
There is no need to check the response data, please don't do it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org