You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by "wklken (via GitHub)" <gi...@apache.org> on 2023/03/23 02:49:15 UTC
[GitHub] [apisix] wklken opened a new issue, #9149: bug: found forbidden '_meta' field in the scheme
wklken opened a new issue, #9149:
URL: https://github.com/apache/apisix/issues/9149
### Current Behavior
install apisix 3.2.0 in k8s, and re-scheduled the pod, will get an error log
### Expected Behavior
no error log and should load plugin [ip-restriction] successfully
### Error Logs
2023/03/23 02:29:04 [error] 76#76: *5 [lua] plugin.lua:164: load_plugin(): invalid plugin [ip-restriction]: found forbidden '_meta' field in the schema, context: init_worker_by_lua*
### Steps to Reproduce
all in k8s, apisix `3.2.0`
1. helm install etcd
2. install apisix, the `error.log`
```
2023/03/23 02:26:53 [warn] 74#74: *4 [lua] plugin.lua:252: load_stream(): new plugins: {"mqtt-proxy":true,"syslog":true,"ip-restriction":true,"limit-conn":true}, context: init_worker_by_lua*
2023/03/23 02:26:53 [warn] 73#73: *5 [lua] plugin.lua:252: load_stream(): new plugins: {"mqtt-proxy":true,"syslog":true,"ip-restriction":true,"limit-conn":true}, context: init_worker_by_lua*
2023/03/23 02:26:53 [warn] 72#72: *2 [lua] plugin.lua:252: load_stream(): new plugins: {"mqtt-proxy":true,"syslog":true,"ip-restriction":true,"limit-conn":true}, context: init_worker_by_lua*
2023/03/23 02:26:53 [warn] 78#78: *1 [lua] plugin.lua:252: load_stream(): new plugins: {"mqtt-proxy":true,"syslog":true,"ip-restriction":true,"limit-conn":true}, context: init_worker_by_lua*
2023/03/23 02:26:53 [warn] 75#75: *3 [lua] plugin.lua:252: load_stream(): new plugins: {"mqtt-proxy":true,"syslog":true,"ip-restriction":true,"limit-conn":true}, context: init_worker_by_lua*
2023/03/23 02:26:54 [warn] 78#78: *75 [lua] init.lua:953: 2023-03-23T02:26:54.059Z INFO memory/memory.go:32 Create TTLCache: micro-gateway-jwt, expiration: 1h0m0s, cleanupInterval: 2h0m0s
, context: ngx.timer
2023/03/23 02:26:54 [warn] 78#78: *75 [lua] init.lua:953: badger 2023/03/23 02:26:54 INFO: All 0 tables opened in 0s
, context: ngx.timer
2023/03/23 02:26:54 [warn] 78#78: *75 [lua] init.lua:953: badger 2023/03/23 02:26:54 INFO: Discard stats nextEmptySlot: 0
, context: ngx.timer
2023/03/23 02:26:54 [warn] 78#78: *75 [lua] init.lua:953: badger 2023/03/23 02:26:54 INFO: Set nextTxnTs to 0
, context: ngx.timer
2023/03/23 02:26:54 [warn] 78#78: *75 [lua] init.lua:953: badger 2023/03/23 02:26:54 INFO: All 0 tables opened in 0s
, context: ngx.timer
2023/03/23 02:26:54 [warn] 78#78: *75 [lua] init.lua:953: badger 2023/03/23 02:26:54 INFO: Discard stats nextEmptySlot: 0
, context: ngx.timer
2023/03/23 02:26:54 [warn] 78#78: *75 [lua] init.lua:953: badger 2023/03/23 02:26:54 INFO: Set nextTxnTs to 0
, context: ngx.timer
```
3. kill the apisix pod, wait for the new pod state changed into `running`, the `error.log`
```
2023/03/23 02:29:04 [error] 75#75: *2 [lua] plugin.lua:164: load_plugin(): invalid plugin [ip-restriction]: found forbidden '_meta' field in the schema, context: init_worker_by_lua*
2023/03/23 02:29:04 [error] 73#73: *4 [lua] plugin.lua:164: load_plugin(): invalid plugin [ip-restriction]: found forbidden '_meta' field in the schema, context: init_worker_by_lua*
2023/03/23 02:29:04 [error] 82#82: *1 [lua] plugin.lua:164: load_plugin(): invalid plugin [ip-restriction]: found forbidden '_meta' field in the schema, context: init_worker_by_lua*
2023/03/23 02:29:04 [error] 74#74: *3 [lua] plugin.lua:164: load_plugin(): invalid plugin [ip-restriction]: found forbidden '_meta' field in the schema, context: init_worker_by_lua*
2023/03/23 02:29:04 [error] 76#76: *5 [lua] plugin.lua:164: load_plugin(): invalid plugin [ip-restriction]: found forbidden '_meta' field in the schema, context: init_worker_by_lua*
```
the code log this message: https://github.com/apache/apisix/blob/3.2.0/apisix/plugin.lua#L162
### Environment
- APISIX version (run `apisix version`): 3.2.0
- Operating system (run `uname -a`):
- OpenResty / Nginx version (run `openresty -V` or `nginx -V`): openresty/1.21.4.1
- etcd version, if relevant (run `curl http://127.0.0.1:9090/v1/server_info`): 3.5.7
- APISIX Dashboard version, if relevant:
- Plugin runner version, for issues related to plugin runners:
- LuaRocks version, for installation issues (run `luarocks --version`): 3.8.0
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] wklken commented on issue #9149: bug: found forbidden '_meta' field in the scheme
Posted by "wklken (via GitHub)" <gi...@apache.org>.
wklken commented on issue #9149:
URL: https://github.com/apache/apisix/issues/9149#issuecomment-1480541507
we create a new plugin `x-ip-restriction`, use the same schema as `ip-restriction`
> curl 'http://127.0.0.1:9180/apisix/admin/plugins/x-ip-restriction' -H "X-API-KEY: ${API_KEY}"
the json diff with the `ip-restriction`
```
2d1
< "$comment": "this is a mark for our injected plugin schema",
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] wklken commented on issue #9149: bug: found forbidden '_meta' field in the scheme
Posted by "wklken (via GitHub)" <gi...@apache.org>.
wklken commented on issue #9149:
URL: https://github.com/apache/apisix/issues/9149#issuecomment-1484395064
> `_meta` is added internally by APISIX, you should not explicitly include it when adding configuration
we got no `_meta` in any config of plugins, and the `ip-restriction` is the official plugin
it's a bug or a wrong config?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] wklken closed issue #9149: bug: found forbidden '_meta' field in the scheme
Posted by "wklken (via GitHub)" <gi...@apache.org>.
wklken closed issue #9149: bug: found forbidden '_meta' field in the scheme
URL: https://github.com/apache/apisix/issues/9149
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] soulbird commented on issue #9149: bug: found forbidden '_meta' field in the scheme
Posted by "soulbird (via GitHub)" <gi...@apache.org>.
soulbird commented on issue #9149:
URL: https://github.com/apache/apisix/issues/9149#issuecomment-1482488067
`_meta` is added internally by APISIX, you should not explicitly include it when adding configuration
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] wklken commented on issue #9149: bug: found forbidden '_meta' field in the scheme
Posted by "wklken (via GitHub)" <gi...@apache.org>.
wklken commented on issue #9149:
URL: https://github.com/apache/apisix/issues/9149#issuecomment-1480533784
> curl 'http://127.0.0.1:9180/apisix/admin/plugins/ip-restriction' -H "X-API-KEY: ${API_KEY}"
```json
{
"properties": {
"blacklist": {
"items": {
"anyOf": [
{
"format": "ipv4",
"type": "string",
"title": "IPv4"
},
{
"pattern": "^([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])/([12]?[0-9]|3[0-2])$",
"type": "string",
"title": "IPv4/CIDR"
},
{
"format": "ipv6",
"type": "string",
"title": "IPv6"
},
{
"pattern": "^([a-fA-F0-9]{0,4}:){1,8}(:[a-fA-F0-9]{0,4}){0,8}([a-fA-F0-9]{0,4})?/[0-9]{1,3}$",
"type": "string",
"title": "IPv6/CIDR"
}
]
},
"type": "array",
"minItems": 1
},
"message": {
"default": "Your IP address is not allowed",
"minLength": 1,
"type": "string",
"maxLength": 1024
},
"_meta": {
"type": "object",
"properties": {
"error_response": {
"oneOf": [
{
"type": "string"
},
{
"type": "object"
}
]
},
"disable": {
"type": "boolean"
},
"priority": {
"description": "priority of plugins by customized order",
"type": "integer"
},
"filter": {
"description": "filter determines whether the plugin needs to be executed at runtime",
"type": "array"
}
}
},
"whitelist": {
"items": {
"anyOf": [
{
"format": "ipv4",
"type": "string",
"title": "IPv4"
},
{
"pattern": "^([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])/([12]?[0-9]|3[0-2])$",
"type": "string",
"title": "IPv4/CIDR"
},
{
"format": "ipv6",
"type": "string",
"title": "IPv6"
},
{
"pattern": "^([a-fA-F0-9]{0,4}:){1,8}(:[a-fA-F0-9]{0,4}){0,8}([a-fA-F0-9]{0,4})?/[0-9]{1,3}$",
"type": "string",
"title": "IPv6/CIDR"
}
]
},
"type": "array",
"minItems": 1
}
},
"type": "object",
"oneOf": [
{
"required": [
"whitelist"
]
},
{
"required": [
"blacklist"
]
}
]
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] wklken commented on issue #9149: bug: found forbidden '_meta' field in the scheme
Posted by "wklken (via GitHub)" <gi...@apache.org>.
wklken commented on issue #9149:
URL: https://github.com/apache/apisix/issues/9149#issuecomment-1550527518
It turns out one of our custom plugin cause the log
we make a x-ip-restriction, clone the schema of ip-restriction;
if ip-restriction load first, no error log, if x-ip-restriction load first, the ip-restriction schema will have `_meta`, log error
```
local _M = {
version = base.version,
priority = 17662,
name = "bk-ip-restriction",
schema = core.table.clone(base.schema),
check_schema = base.check_schema,
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] kellyseeme commented on issue #9149: bug: found forbidden '_meta' field in the scheme
Posted by "kellyseeme (via GitHub)" <gi...@apache.org>.
kellyseeme commented on issue #9149:
URL: https://github.com/apache/apisix/issues/9149#issuecomment-1486734094
<img width="987" alt="image" src="https://user-images.githubusercontent.com/535200/228228797-e29cffc9-4629-4d95-b150-c72aa8dbb0d4.png">
this is ok in apisix2.15.1.
is there any different?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] wklken commented on issue #9149: bug: found forbidden '_meta' field in the scheme
Posted by "wklken (via GitHub)" <gi...@apache.org>.
wklken commented on issue #9149:
URL: https://github.com/apache/apisix/issues/9149#issuecomment-1549524129
## version: 3.2
print the plugin.schema of `ip-restriction` before line `if plugin.schema['$comment'] ~= plugin_injected_schema['$comment'] then` in file `apisix/plugin.lua`
then do
```
apisix reload
```
got the log, `_meta` in the schema
```
2023/05/16 11:48:23 [error] 264480#264480: *29507760 [lua] plugin.lua:165: load_plugin(): the ip-restriction schema: {
oneOf = {
{
required = {
"whitelist"
}
},
{
required = {
"blacklist"
}
}
},
properties = {
_meta = {
properties = {
disable = {
type = "boolean"
},
error_response = {
oneOf = {
{
type = "string"
},
{
type = "object"
}
}
},
filter = {
description = "filter determines whether the plugin needs to be executed at runtime",
type = "array"
},
priority = {
description = "priority of plugins by customized order",
type = "integer"
}
},
type = "object"
},
blacklist = {
items = {
anyOf = {
{
format = "ipv4",
title = "IPv4",
type = "string"
},
{
pattern = "^([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])/([12]?[0-9]|3[0-2])$",
title = "IPv4/CIDR",
type = "string"
},
{
format = "ipv6",
title = "IPv6",
type = "string"
},
{
pattern = "^([a-fA-F0-9]{0,4}:){1,8}(:[a-fA-F0-9]{0,4}){0,8}([a-fA-F0-9]{0,4})?/[0-9]{1,3}$",
title = "IPv6/CIDR",
type = "string"
}
}
},
minItems = 1,
type = "array"
},
message = {
default = "Your IP address is not allowed",
maxLength = 1024,
minLength = 1,
type = "string"
},
whitelist = {
items = {
anyOf = {
{
format = "ipv4",
title = "IPv4",
type = "string"
},
{
pattern = "^([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])/([12]?[0-9]|3[0-2])$",
title = "IPv4/CIDR",
type = "string"
},
{
format = "ipv6",
title = "IPv6",
type = "string"
},
{
pattern = "^([a-fA-F0-9]{0,4}:){1,8}(:[a-fA-F0-9]{0,4}){0,8}([a-fA-F0-9]{0,4})?/[0-9]{1,3}$",
title = "IPv6/CIDR",
type = "string"
}
}
},
minItems = 1,
type = "array"
}
},
type = "object"
}, context: init_worker_by_lua*
2023/05/16 11:48:23 [error] 264480#264480: *29507760 [lua] plugin.lua:171: load_plugin(): invalid plugin [ip-restriction]: found forbidden '_meta' field in the schema, context: init_worker_by_lua*
```
then i do reload for many times, some got `[error]`, but some load success, and the success log of `ip-restriction`(no `_meta` in schema)
```
2023/05/16 11:52:09 [error] 264683#264683: *29523032 [lua] plugin.lua:165: load_plugin(): the ip-restriction schema: {
oneOf = {
{
required = {
"whitelist"
}
},
{
required = {
"blacklist"
}
}
},
properties = {
blacklist = {
items = {
anyOf = {
{
format = "ipv4",
title = "IPv4",
type = "string"
},
{
pattern = "^([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])/([12]?[0-9]|3[0-2])$",
title = "IPv4/CIDR",
type = "string"
},
{
format = "ipv6",
title = "IPv6",
type = "string"
},
{
pattern = "^([a-fA-F0-9]{0,4}:){1,8}(:[a-fA-F0-9]{0,4}){0,8}([a-fA-F0-9]{0,4})?/[0-9]{1,3}$",
title = "IPv6/CIDR",
type = "string"
}
}
},
minItems = 1,
type = "array"
},
message = {
default = "Your IP address is not allowed",
maxLength = 1024,
minLength = 1,
type = "string"
},
whitelist = {
items = {
anyOf = {
{
format = "ipv4",
title = "IPv4",
type = "string"
},
{
pattern = "^([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])/([12]?[0-9]|3[0-2])$",
title = "IPv4/CIDR",
type = "string"
},
{
format = "ipv6",
title = "IPv6",
type = "string"
},
{
pattern = "^([a-fA-F0-9]{0,4}:){1,8}(:[a-fA-F0-9]{0,4}){0,8}([a-fA-F0-9]{0,4})?/[0-9]{1,3}$",
title = "IPv6/CIDR",
type = "string"
}
}
},
minItems = 1,
type = "array"
}
},
type = "object"
}, context: init_worker_by_lua*
```
## 2.15.3
I can find the log in another version, I think it's the same reason
```
2.15.3 invalid plugin [ip-restriction]: found forbidden 'disable' field in the schema, context: init_worker_by_lua*
```
------
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] wklken commented on issue #9149: bug: found forbidden '_meta' field in the scheme
Posted by "wklken (via GitHub)" <gi...@apache.org>.
wklken commented on issue #9149:
URL: https://github.com/apache/apisix/issues/9149#issuecomment-1549542923
is there any possibility the `local ip_restriction = core.table.clone(base)` got the `schema` of loaded?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org