You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by "lingliy (via GitHub)" <gi...@apache.org> on 2023/04/11 07:34:24 UTC
[GitHub] [apisix] lingliy opened a new issue, #9287: bug: consumer used wolf-rbac auth, consumer other plugins not used
lingliy opened a new issue, #9287:
URL: https://github.com/apache/apisix/issues/9287
### Current Behavior
#create route
curl -H "X-API-KEY: edd1c9f034335f136f87ad84b625c8f1" "http://127.0.0.1:9180/apisix/admin/routes/1" -X PUT -d "{\"methods\": [\"GET\"],\"host\": \"example1.com\",\"uri\": \"/*\",\"upstream\": {\"type\": \"roundrobin\",\"nodes\": {\"127.0.0.1:80\": 1}}, \"plugins\":{\"wolf-rbac\":{}} }"
#create consumer
curl http://127.0.0.1:9180/apisix/admin/consumers -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"username": "foo",
"plugins": {
"wolf-rbac":{"server":"http://192.168.216.128:12180","header_prefix":"X-", "appid": "test10"}, "redirect": {"uri": "/test_is_redirect", "ret_code": 301}
}
}'
# request
curl -v -H"Authorization: V1#test10#eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MjAsInVzZXJuYW1lIjoiZm9vIiwibWFuYWdlciI6IiIsInZlcnNpb24iOjIsImFwcGlkIjoidGVzdDEwIiwiaWF0IjoxNjgxMTk2NjczLCJleHAiOjE2ODM3ODg2NzN9.9wvUFijW3rMRU6bcL9eQDvPpWYRqfswxQ3QCYb1VUY0" -H"Host: example1.com" http://127.0.0.1:9080/
redirect plugin active ineffective
### Expected Behavior
# request
curl -v -H"Authorization: V1#test10#eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MjAsInVzZXJuYW1lIjoiZm9vIiwibWFuYWdlciI6IiIsInZlcnNpb24iOjIsImFwcGlkIjoidGVzdDEwIiwiaWF0IjoxNjgxMTk2NjczLCJleHAiOjE2ODM3ODg2NzN9.9wvUFijW3rMRU6bcL9eQDvPpWYRqfswxQ3QCYb1VUY0" -H"Host: example1.com" http://127.0.0.1:9080/
response exist Location header
Location: /godis_route
### Error Logs
_No response_
### Steps to Reproduce
1. create route
curl -H "X-API-KEY: edd1c9f034335f136f87ad84b625c8f1" "http://127.0.0.1:9180/apisix/admin/routes/1" -X PUT -d "{\"methods\": [\"GET\"],\"host\": \"example1.com\",\"uri\": \"/*\",\"upstream\": {\"type\": \"roundrobin\",\"nodes\": {\"127.0.0.1:80\": 1}}, \"plugins\":{\"wolf-rbac\":{}} }"
2. create consumer
curl http://127.0.0.1:9180/apisix/admin/consumers -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"username": "foo",
"plugins": {
"wolf-rbac":{"server":"http://192.168.216.128:12180","header_prefix":"X-", "appid": "test10"}, "redirect": {"uri": "/test_is_redirect", "ret_code": 301}
}
}'
3. request
curl -v -H"Authorization: V1#test10#eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MjAsInVzZXJuYW1lIjoiZm9vIiwibWFuYWdlciI6IiIsInZlcnNpb24iOjIsImFwcGlkIjoidGVzdDEwIiwiaWF0IjoxNjgxMTk2NjczLCJleHAiOjE2ODM3ODg2NzN9.9wvUFijW3rMRU6bcL9eQDvPpWYRqfswxQ3QCYb1VUY0" -H"Host: example1.com" http://127.0.0.1:9080/
### Environment
- APISIX version (run `apisix version`):
- Operating system (run `uname -a`):
- OpenResty / Nginx version (run `openresty -V` or `nginx -V`):
- etcd version, if relevant (run `curl http://127.0.0.1:9090/v1/server_info`):
- APISIX Dashboard version, if relevant:
- Plugin runner version, for issues related to plugin runners:
- LuaRocks version, for installation issues (run `luarocks --version`):
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] lingsamuel commented on issue #9287: bug: consumer used wolf-rbac auth, consumer other plugins not used
Posted by "lingsamuel (via GitHub)" <gi...@apache.org>.
lingsamuel commented on issue #9287:
URL: https://github.com/apache/apisix/issues/9287#issuecomment-1594123996
I am going to close this since the PR has been merged
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] lingliy commented on issue #9287: bug: consumer used wolf-rbac auth, consumer other plugins not used
Posted by "lingliy (via GitHub)" <gi...@apache.org>.
lingliy commented on issue #9287:
URL: https://github.com/apache/apisix/issues/9287#issuecomment-1506311637
I am very happy to be part of the solution. I have not contributed commit to a well-known project before. many of the steps are unfamiliar, first version has been submitted, https://github.com/apache/apisix/pull/9298/commits/dc46cb8616cdbb82f2d1d681106b5fb018c03498
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] lingsamuel closed issue #9287: bug: consumer used wolf-rbac auth, consumer other plugins not used
Posted by "lingsamuel (via GitHub)" <gi...@apache.org>.
lingsamuel closed issue #9287: bug: consumer used wolf-rbac auth, consumer other plugins not used
URL: https://github.com/apache/apisix/issues/9287
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] nic-6443 commented on issue #9287: bug: consumer used wolf-rbac auth, consumer other plugins not used
Posted by "nic-6443 (via GitHub)" <gi...@apache.org>.
nic-6443 commented on issue #9287:
URL: https://github.com/apache/apisix/issues/9287#issuecomment-1506209668
Thank you, you are right. The wolf-rbac plugin did indeed miss the `consumer.attach_consumer()`.
Do you have an interest in fixing this bug?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] nic-6443 commented on issue #9287: bug: consumer used wolf-rbac auth, consumer other plugins not used
Posted by "nic-6443 (via GitHub)" <gi...@apache.org>.
nic-6443 commented on issue #9287:
URL: https://github.com/apache/apisix/issues/9287#issuecomment-1503435037
OK, your issue doesn't explain what the current incorrect response is?
```
curl -v -H"Authorization: V1#test10#eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MjAsInVzZXJuYW1lIjoiZm9vIiwibWFuYWdlciI6IiIsInZlcnNpb24iOjIsImFwcGlkIjoidGVzdDEwIiwiaWF0IjoxNjgxMTk2NjczLCJleHAiOjE2ODM3ODg2NzN9.9wvUFijW3rMRU6bcL9eQDvPpWYRqfswxQ3QCYb1VUY0" -H"Host: example1.com" http://127.0.0.1:9080/
```
Did the upstream service respond to the request that was made? Or was it rejected by the wolf-rbac plugin?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] lingliy commented on issue #9287: bug: consumer used wolf-rbac auth, consumer other plugins not used
Posted by "lingliy (via GitHub)" <gi...@apache.org>.
lingliy commented on issue #9287:
URL: https://github.com/apache/apisix/issues/9287#issuecomment-1504419046
incorrect response
```
[root@centos7-17 apisix]# curl -v -H"Authorization: V1#test10#eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MjAsInVzZXJuYW1lIjoiZm9vIiwibWFuYWdlciI6IiIsInZlcnNpb24iOjIsImFwcGlkIjoidGVzdDEwIiwiaWF0IjoxNjgxMTk2NjczLCJleHAiOjE2ODM3ODg2NzN9.9wvUFijW3rMRU6bcL9eQDvPpWYRqfswxQ3QCYb1VUY0" -H"Host: example1.com" http://127.0.0.1:9080/
* About to connect() to 127.0.0.1 port 9080 (#0)
* Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 9080 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Accept: */*
> Authorization: V1#test10#eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MjAsInVzZXJuYW1lIjoiZm9vIiwibWFuYWdlciI6IiIsInZlcnNpb24iOjIsImFwcGlkIjoidGVzdDEwIiwiaWF0IjoxNjgxMTk2NjczLCJleHAiOjE2ODM3ODg2NzN9.9wvUFijW3rMRU6bcL9eQDvPpWYRqfswxQ3QCYb1VUY0
> Host: example1.com
>
< HTTP/1.1 200 OK
< Content-Type: text/html; charset=utf-8
< Content-Length: 51
< Connection: keep-alive
< X-UserId: 20
< X-Username: foo
< X-Nickname: testauth
< Date: Tue, 11 Apr 2023 07:21:00 GMT
< Last-Modified: Wed, 29 Mar 2023 03:36:13 GMT
< ETag: "6423b22d-33"
< Accept-Ranges: bytes
< Server: APISIX/3.2.0
<
<html>
<body>
<h1>hello world</h1>
</body>
</html>
* Connection #0 to host 127.0.0.1 left intact
```
I have looked at the wolf-rbac plugins source code and found that consumer.attach_consumer function was not used. Other auth type plugins use this function, so it is not actually associated with other plugins under the consumer. But since I am not that familiar with apisix and am not sure if this understanding is correct, I did this test and found that consumer used wolf-rbac auth, consumer other plugins not used
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] nic-6443 commented on issue #9287: bug: consumer used wolf-rbac auth, consumer other plugins not used
Posted by "nic-6443 (via GitHub)" <gi...@apache.org>.
nic-6443 commented on issue #9287:
URL: https://github.com/apache/apisix/issues/9287#issuecomment-1503105669
I can't understand your description. Why do you expect the returned Location header to be `/godis_route`? Isn't it configured as `/test_is_redirect` in your redirect plugin?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] lingliy commented on issue #9287: bug: consumer used wolf-rbac auth, consumer other plugins not used
Posted by "lingliy (via GitHub)" <gi...@apache.org>.
lingliy commented on issue #9287:
URL: https://github.com/apache/apisix/issues/9287#issuecomment-1503135637
I understand that once it passes wolf-rbac authentication, it will match foo in consumers. Since it is associated with consumer, then the redirect plugin under consumer should be effective, but the actual test will not be effective
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org