You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by "lingliy (via GitHub)" <gi...@apache.org> on 2023/04/11 07:34:24 UTC

[GitHub] [apisix] lingliy opened a new issue, #9287: bug: consumer used wolf-rbac auth, consumer other plugins not used

lingliy opened a new issue, #9287:
URL: https://github.com/apache/apisix/issues/9287

   ### Current Behavior
   
   #create route
   curl -H "X-API-KEY: edd1c9f034335f136f87ad84b625c8f1" "http://127.0.0.1:9180/apisix/admin/routes/1" -X PUT -d "{\"methods\": [\"GET\"],\"host\": \"example1.com\",\"uri\": \"/*\",\"upstream\": {\"type\": \"roundrobin\",\"nodes\": {\"127.0.0.1:80\": 1}}, \"plugins\":{\"wolf-rbac\":{}} }"
   
   #create consumer
   curl http://127.0.0.1:9180/apisix/admin/consumers -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
   {
       "username": "foo",
       "plugins": {
           "wolf-rbac":{"server":"http://192.168.216.128:12180","header_prefix":"X-", "appid": "test10"}, "redirect": {"uri": "/test_is_redirect", "ret_code": 301}
       }
   }'
   
   # request
   curl -v -H"Authorization: V1#test10#eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MjAsInVzZXJuYW1lIjoiZm9vIiwibWFuYWdlciI6IiIsInZlcnNpb24iOjIsImFwcGlkIjoidGVzdDEwIiwiaWF0IjoxNjgxMTk2NjczLCJleHAiOjE2ODM3ODg2NzN9.9wvUFijW3rMRU6bcL9eQDvPpWYRqfswxQ3QCYb1VUY0" -H"Host: example1.com" http://127.0.0.1:9080/
   
   redirect plugin active ineffective
   
   ### Expected Behavior
   
   # request
   curl -v -H"Authorization: V1#test10#eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MjAsInVzZXJuYW1lIjoiZm9vIiwibWFuYWdlciI6IiIsInZlcnNpb24iOjIsImFwcGlkIjoidGVzdDEwIiwiaWF0IjoxNjgxMTk2NjczLCJleHAiOjE2ODM3ODg2NzN9.9wvUFijW3rMRU6bcL9eQDvPpWYRqfswxQ3QCYb1VUY0" -H"Host: example1.com" http://127.0.0.1:9080/
   
   response exist Location header
   
   Location: /godis_route
   
   ### Error Logs
   
   _No response_
   
   ### Steps to Reproduce
   
   1. create route
   curl -H "X-API-KEY: edd1c9f034335f136f87ad84b625c8f1" "http://127.0.0.1:9180/apisix/admin/routes/1" -X PUT -d "{\"methods\": [\"GET\"],\"host\": \"example1.com\",\"uri\": \"/*\",\"upstream\": {\"type\": \"roundrobin\",\"nodes\": {\"127.0.0.1:80\": 1}}, \"plugins\":{\"wolf-rbac\":{}} }"
   
   2. create consumer
   curl http://127.0.0.1:9180/apisix/admin/consumers -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
   {
       "username": "foo",
       "plugins": {
           "wolf-rbac":{"server":"http://192.168.216.128:12180","header_prefix":"X-", "appid": "test10"}, "redirect": {"uri": "/test_is_redirect", "ret_code": 301}
       }
   }'
   
   3. request
   curl -v -H"Authorization: V1#test10#eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MjAsInVzZXJuYW1lIjoiZm9vIiwibWFuYWdlciI6IiIsInZlcnNpb24iOjIsImFwcGlkIjoidGVzdDEwIiwiaWF0IjoxNjgxMTk2NjczLCJleHAiOjE2ODM3ODg2NzN9.9wvUFijW3rMRU6bcL9eQDvPpWYRqfswxQ3QCYb1VUY0" -H"Host: example1.com" http://127.0.0.1:9080/
   
   ### Environment
   
   - APISIX version (run `apisix version`):
   - Operating system (run `uname -a`):
   - OpenResty / Nginx version (run `openresty -V` or `nginx -V`):
   - etcd version, if relevant (run `curl http://127.0.0.1:9090/v1/server_info`):
   - APISIX Dashboard version, if relevant:
   - Plugin runner version, for issues related to plugin runners:
   - LuaRocks version, for installation issues (run `luarocks --version`):
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] lingsamuel commented on issue #9287: bug: consumer used wolf-rbac auth, consumer other plugins not used

Posted by "lingsamuel (via GitHub)" <gi...@apache.org>.

lingsamuel commented on issue #9287:
URL: https://github.com/apache/apisix/issues/9287#issuecomment-1594123996

   I am going to close this since the PR has been merged


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] lingliy commented on issue #9287: bug: consumer used wolf-rbac auth, consumer other plugins not used

Posted by "lingliy (via GitHub)" <gi...@apache.org>.

lingliy commented on issue #9287:
URL: https://github.com/apache/apisix/issues/9287#issuecomment-1506311637

   I am very happy to be part of the solution. I have not contributed commit to a well-known project before. many of the steps are unfamiliar,   first version has been submitted, https://github.com/apache/apisix/pull/9298/commits/dc46cb8616cdbb82f2d1d681106b5fb018c03498


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] lingsamuel closed issue #9287: bug: consumer used wolf-rbac auth, consumer other plugins not used

Posted by "lingsamuel (via GitHub)" <gi...@apache.org>.

lingsamuel closed issue #9287: bug: consumer used wolf-rbac auth, consumer other plugins not used
URL: https://github.com/apache/apisix/issues/9287


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] nic-6443 commented on issue #9287: bug: consumer used wolf-rbac auth, consumer other plugins not used

Posted by "nic-6443 (via GitHub)" <gi...@apache.org>.

nic-6443 commented on issue #9287:
URL: https://github.com/apache/apisix/issues/9287#issuecomment-1506209668

   Thank you, you are right. The wolf-rbac plugin did indeed miss the `consumer.attach_consumer()`. 
   Do you have an interest in fixing this bug?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] nic-6443 commented on issue #9287: bug: consumer used wolf-rbac auth, consumer other plugins not used

Posted by "nic-6443 (via GitHub)" <gi...@apache.org>.

nic-6443 commented on issue #9287:
URL: https://github.com/apache/apisix/issues/9287#issuecomment-1503435037

   OK, your issue doesn't explain what the current incorrect response is?
   ```
   curl -v -H"Authorization: V1#test10#eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MjAsInVzZXJuYW1lIjoiZm9vIiwibWFuYWdlciI6IiIsInZlcnNpb24iOjIsImFwcGlkIjoidGVzdDEwIiwiaWF0IjoxNjgxMTk2NjczLCJleHAiOjE2ODM3ODg2NzN9.9wvUFijW3rMRU6bcL9eQDvPpWYRqfswxQ3QCYb1VUY0" -H"Host: example1.com" http://127.0.0.1:9080/
   ```
   Did the upstream service respond to the request that was made? Or was it rejected by the wolf-rbac plugin?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] lingliy commented on issue #9287: bug: consumer used wolf-rbac auth, consumer other plugins not used

Posted by "lingliy (via GitHub)" <gi...@apache.org>.

lingliy commented on issue #9287:
URL: https://github.com/apache/apisix/issues/9287#issuecomment-1504419046

   
    incorrect response
   ```
   [root@centos7-17 apisix]# curl -v -H"Authorization: V1#test10#eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MjAsInVzZXJuYW1lIjoiZm9vIiwibWFuYWdlciI6IiIsInZlcnNpb24iOjIsImFwcGlkIjoidGVzdDEwIiwiaWF0IjoxNjgxMTk2NjczLCJleHAiOjE2ODM3ODg2NzN9.9wvUFijW3rMRU6bcL9eQDvPpWYRqfswxQ3QCYb1VUY0" -H"Host: example1.com" http://127.0.0.1:9080/
   * About to connect() to 127.0.0.1 port 9080 (#0)
   *   Trying 127.0.0.1...
   * Connected to 127.0.0.1 (127.0.0.1) port 9080 (#0)
   > GET / HTTP/1.1
   > User-Agent: curl/7.29.0
   > Accept: */*
   > Authorization: V1#test10#eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MjAsInVzZXJuYW1lIjoiZm9vIiwibWFuYWdlciI6IiIsInZlcnNpb24iOjIsImFwcGlkIjoidGVzdDEwIiwiaWF0IjoxNjgxMTk2NjczLCJleHAiOjE2ODM3ODg2NzN9.9wvUFijW3rMRU6bcL9eQDvPpWYRqfswxQ3QCYb1VUY0
   > Host: example1.com
   > 
   < HTTP/1.1 200 OK
   < Content-Type: text/html; charset=utf-8
   < Content-Length: 51
   < Connection: keep-alive
   < X-UserId: 20
   < X-Username: foo
   < X-Nickname: testauth
   < Date: Tue, 11 Apr 2023 07:21:00 GMT
   < Last-Modified: Wed, 29 Mar 2023 03:36:13 GMT
   < ETag: "6423b22d-33"
   < Accept-Ranges: bytes
   < Server: APISIX/3.2.0
   < 
   <html>
   <body>
   <h1>hello world</h1>
   </body>
   </html>
   * Connection #0 to host 127.0.0.1 left intact
   ```
   
   I have looked at the wolf-rbac plugins source code and found that consumer.attach_consumer  function was not used. Other auth type plugins use this function, so it is not actually associated with other plugins under the consumer. But since I am not that familiar with apisix and am not sure if this understanding is correct, I did this test and found that consumer used wolf-rbac auth, consumer other plugins not used


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] nic-6443 commented on issue #9287: bug: consumer used wolf-rbac auth, consumer other plugins not used

Posted by "nic-6443 (via GitHub)" <gi...@apache.org>.

nic-6443 commented on issue #9287:
URL: https://github.com/apache/apisix/issues/9287#issuecomment-1503105669

   I can't understand your description. Why do you expect the returned Location header to be `/godis_route`? Isn't it configured as `/test_is_redirect` in your redirect plugin?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] lingliy commented on issue #9287: bug: consumer used wolf-rbac auth, consumer other plugins not used

Posted by "lingliy (via GitHub)" <gi...@apache.org>.

lingliy commented on issue #9287:
URL: https://github.com/apache/apisix/issues/9287#issuecomment-1503135637

   I understand that once it passes wolf-rbac authentication, it will match foo in consumers. Since it is associated with consumer, then the redirect plugin under consumer should be effective, but the actual test will not be effective


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org