From ce807228b6b8e2c069127db142244e875fa6d507 Mon Sep 17 00:00:00 2001 From: Baoyuan Date: Tue, 11 Mar 2025 23:24:48 +0800 Subject: [PATCH 01/10] feat: consumer key duplication check --- apisix/admin/consumers.lua | 26 ++++++++++++++++++++++++-- apisix/admin/credentials.lua | 12 +++++++++++- 2 files changed, 35 insertions(+), 3 deletions(-) diff --git a/apisix/admin/consumers.lua b/apisix/admin/consumers.lua index e02789069c64..e8035c969d53 100644 --- a/apisix/admin/consumers.lua +++ b/apisix/admin/consumers.lua @@ -17,7 +17,7 @@ local core = require("apisix.core") local plugins = require("apisix.admin.plugins") local resource = require("apisix.admin.resource") - +local plugin = require("apisix.plugin") local function check_conf(username, conf, need_username, schema) local ok, err = core.schema.check(schema, conf) @@ -32,7 +32,29 @@ local function check_conf(username, conf, need_username, schema) if conf.plugins then ok, err = plugins.check_schema(conf.plugins, core.schema.TYPE_CONSUMER) if not ok then - return nil, {error_msg = "invalid plugins configuration: " .. err} + return nil, { + error_msg = "invalid plugins configuration: " .. err + } + end + + -- check duplicate key + for plugin_name, plugin_conf in pairs(conf.plugins or {}) do + local plugin_obj = plugin.get(plugin_name) + if not plugin_obj then + return nil, {error_msg = "unknown plugin " .. plugin_name} + end + -- if plugin_obj and plugin_obj.type == "auth" then + plugin.decrypt_conf(plugin_name, plugin_conf, core.schema.TYPE_CONSUMER) + for key, key_value in pairs(plugin_conf) do + local consumer, _ = require("apisix.consumer").find_consumer(plugin_name, key, key_value) + if consumer then + return nil, { + error_msg = "duplicate key found with consumer: " .. consumer.username + } + end + + end + -- end end end diff --git a/apisix/admin/credentials.lua b/apisix/admin/credentials.lua index 3622867528d8..25afbd3f09d0 100644 --- a/apisix/admin/credentials.lua +++ b/apisix/admin/credentials.lua @@ -32,7 +32,7 @@ local function check_conf(_id, conf, _need_id, schema) return nil, {error_msg = "invalid plugins configuration: " .. err} end - for name, _ in pairs(conf.plugins) do + for name, plugin_conf in pairs(conf.plugins) do local plugin_obj = plugin.get(name) if not plugin_obj then return nil, {error_msg = "unknown plugin " .. name} @@ -40,6 +40,16 @@ local function check_conf(_id, conf, _need_id, schema) if plugin_obj.type ~= "auth" then return nil, {error_msg = "only supports auth type plugins in consumer credential"} end + + -- check duplicate key + plugin.decrypt_conf(name, plugin_conf, core.schema.TYPE_CONSUMER) + for key, key_value in pairs(plugin_conf) do + local consumer, _ = require("apisix.consumer").find_consumer(name, key, key_value) + if consumer then + return nil, {error_msg = "duplicate key found with consumer: " .. consumer.username} + end + end + end end From 489a9851698eaab1f307190413ce5c8b00b0e071 Mon Sep 17 00:00:00 2001 From: Baoyuan Date: Wed, 12 Mar 2025 12:15:27 +0800 Subject: [PATCH 02/10] fix: improve code logic --- apisix/admin/consumers.lua | 31 +++++++++++++++++++++---------- apisix/admin/credentials.lua | 20 ++++++++++++++++---- 2 files changed, 37 insertions(+), 14 deletions(-) diff --git a/apisix/admin/consumers.lua b/apisix/admin/consumers.lua index e8035c969d53..e3db8b564be8 100644 --- a/apisix/admin/consumers.lua +++ b/apisix/admin/consumers.lua @@ -43,18 +43,29 @@ local function check_conf(username, conf, need_username, schema) if not plugin_obj then return nil, {error_msg = "unknown plugin " .. plugin_name} end - -- if plugin_obj and plugin_obj.type == "auth" then - plugin.decrypt_conf(plugin_name, plugin_conf, core.schema.TYPE_CONSUMER) - for key, key_value in pairs(plugin_conf) do - local consumer, _ = require("apisix.consumer").find_consumer(plugin_name, key, key_value) - if consumer then - return nil, { - error_msg = "duplicate key found with consumer: " .. consumer.username - } - end + if plugin_obj.type == "auth" then + plugin.decrypt_conf(plugin_name, plugin_conf, core.schema.TYPE_CONSUMER) + + local plugin_key_map = { + ["key-auth"] = "key", + ["basic-auth"] = "username", + ["jwt-auth"] = "key", + ["hmac-auth"] = "key_id" + } + local key_field = plugin_key_map[plugin_name] + if key_field then + local key_value = plugin_conf[key_field] + if key_value then + local consumer, _ = require("apisix.consumer").find_consumer(plugin_name, key_field, key_value) + if consumer and consumer.username ~= conf.username then + return nil, { + error_msg = "duplicate key found with consumer: " .. consumer.username + } + end + end + end end - -- end end end diff --git a/apisix/admin/credentials.lua b/apisix/admin/credentials.lua index 25afbd3f09d0..eb202e14d0e8 100644 --- a/apisix/admin/credentials.lua +++ b/apisix/admin/credentials.lua @@ -43,10 +43,22 @@ local function check_conf(_id, conf, _need_id, schema) -- check duplicate key plugin.decrypt_conf(name, plugin_conf, core.schema.TYPE_CONSUMER) - for key, key_value in pairs(plugin_conf) do - local consumer, _ = require("apisix.consumer").find_consumer(name, key, key_value) - if consumer then - return nil, {error_msg = "duplicate key found with consumer: " .. consumer.username} + + local plugin_key_map = { + ["key-auth"] = "key", + ["basic-auth"] = "username", + ["jwt-auth"] = "key", + ["hmac-auth"] = "key_id" + } + + local key_field = plugin_key_map[name] + if key_field then + local key_value = plugin_conf[key_field] + if key_value then + local consumer, _ = require("apisix.consumer").find_consumer(name, key_field, key_value) + if consumer and consumer.credential_id ~= _id then + return nil, {error_msg = "duplicate key found with consumer: " .. consumer.username} + end end end From a3a4ac276846b42991e7a1d6c51d86ec0ae8d1af Mon Sep 17 00:00:00 2001 From: Baoyuan Date: Wed, 12 Mar 2025 12:16:48 +0800 Subject: [PATCH 03/10] fix: lint --- apisix/admin/consumers.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apisix/admin/consumers.lua b/apisix/admin/consumers.lua index e3db8b564be8..554be7fbc051 100644 --- a/apisix/admin/consumers.lua +++ b/apisix/admin/consumers.lua @@ -48,7 +48,7 @@ local function check_conf(username, conf, need_username, schema) local plugin_key_map = { ["key-auth"] = "key", - ["basic-auth"] = "username", + ["basic-auth"] = "username", ["jwt-auth"] = "key", ["hmac-auth"] = "key_id" } From fa3caa8c603523823931eefbe13997424685996c Mon Sep 17 00:00:00 2001 From: Baoyuan Date: Wed, 12 Mar 2025 17:34:32 +0800 Subject: [PATCH 04/10] test: add test case --- apisix/admin/consumers.lua | 5 +- apisix/admin/credentials.lua | 5 +- t/admin/consumers2.t | 83 +++++++++++++++++++++ t/admin/credentials.t | 136 ++++++++++++++++++++++++++++++++++- 4 files changed, 223 insertions(+), 6 deletions(-) diff --git a/apisix/admin/consumers.lua b/apisix/admin/consumers.lua index 554be7fbc051..b0c70154d6f6 100644 --- a/apisix/admin/consumers.lua +++ b/apisix/admin/consumers.lua @@ -44,7 +44,8 @@ local function check_conf(username, conf, need_username, schema) return nil, {error_msg = "unknown plugin " .. plugin_name} end if plugin_obj.type == "auth" then - plugin.decrypt_conf(plugin_name, plugin_conf, core.schema.TYPE_CONSUMER) + local decrypted_conf = core.table.deepcopy(plugin_conf) + plugin.decrypt_conf(plugin_name, decrypted_conf, core.schema.TYPE_CONSUMER) local plugin_key_map = { ["key-auth"] = "key", @@ -55,7 +56,7 @@ local function check_conf(username, conf, need_username, schema) local key_field = plugin_key_map[plugin_name] if key_field then - local key_value = plugin_conf[key_field] + local key_value = decrypted_conf[key_field] if key_value then local consumer, _ = require("apisix.consumer").find_consumer(plugin_name, key_field, key_value) if consumer and consumer.username ~= conf.username then diff --git a/apisix/admin/credentials.lua b/apisix/admin/credentials.lua index eb202e14d0e8..893cc0ffb991 100644 --- a/apisix/admin/credentials.lua +++ b/apisix/admin/credentials.lua @@ -42,7 +42,8 @@ local function check_conf(_id, conf, _need_id, schema) end -- check duplicate key - plugin.decrypt_conf(name, plugin_conf, core.schema.TYPE_CONSUMER) + local decrypted_conf = core.table.deepcopy(plugin_conf) + plugin.decrypt_conf(name, decrypted_conf, core.schema.TYPE_CONSUMER) local plugin_key_map = { ["key-auth"] = "key", @@ -53,7 +54,7 @@ local function check_conf(_id, conf, _need_id, schema) local key_field = plugin_key_map[name] if key_field then - local key_value = plugin_conf[key_field] + local key_value = decrypted_conf[key_field] if key_value then local consumer, _ = require("apisix.consumer").find_consumer(name, key_field, key_value) if consumer and consumer.credential_id ~= _id then diff --git a/t/admin/consumers2.t b/t/admin/consumers2.t index 6e351d02be96..58df66271cc2 100644 --- a/t/admin/consumers2.t +++ b/t/admin/consumers2.t @@ -174,3 +174,86 @@ __DATA__ } --- response_body {"error_msg":"wrong username"} + + + +=== TEST 6: create consumer +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/consumers', + ngx.HTTP_PUT, + [[{ + "username": "jack", + "desc": "key-auth for jack", + "plugins": { + "key-auth": { + "key": "the-key" + } + } + }]] + ) + } + } +--- request +GET /t + + + +=== TEST 7: duplicate consumer key, PUT +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/consumers', + ngx.HTTP_PUT, + [[{ + "username": "jack2", + "desc": "key-auth for jack2", + "plugins": { + "key-auth": { + "key": "the-key" + } + } + }]] + ) + + ngx.status = code + ngx.print(body) + } + } +--- request +GET /t +--- error_code: 400 +--- response_body +{"error_msg":"duplicate key found with consumer: jack"} + + + +=== TEST 8: update consumer jack +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/consumers', + ngx.HTTP_PUT, + [[{ + "username": "jack", + "desc": "key-auth for jack", + "plugins": { + "key-auth": { + "key": "the-key" + } + } + }]] + ) + + ngx.status = code + ngx.print(body) + } + } +--- request +GET /t +--- response_body +passed \ No newline at end of file diff --git a/t/admin/credentials.t b/t/admin/credentials.t index 15119829c2e3..3f92e74365e6 100644 --- a/t/admin/credentials.t +++ b/t/admin/credentials.t @@ -110,7 +110,7 @@ passed "desc": "basic-auth for jack", "plugins": { "basic-auth": { - "username": "the-user", + "username": "the-new-user", "password": "the-password" } } @@ -119,7 +119,7 @@ passed "value":{ "desc":"basic-auth for jack", "id":"credential_a", - "plugins":{"basic-auth":{"username":"the-user","password":"WvF5kpaLvIzjuk4GNIMTJg=="}} + "plugins":{"basic-auth":{"username":"the-new-user","password":"WvF5kpaLvIzjuk4GNIMTJg=="}} }, "key":"/apisix/consumers/jack/credentials/credential_a" }]] @@ -492,3 +492,135 @@ GET /t --- error_code: 400 --- response_body {"error_msg":"missing credential id"} + + +=== TEST 17: create a consumer bar +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/consumers', ngx.HTTP_PUT, [[{ "username": "bar" }]]) + } + } +--- request +GET /t + + + +=== TEST 18: create a credential with key-auth for the consumer bar +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/consumers/bar/credentials/credential_c', + ngx.HTTP_PUT, + [[{ + "desc": "key-auth for bar", + "plugins": { + "key-auth": { + "key": "the-key-bar" + } + } + }]] + ) + } + } +--- request +GET /t + + + +=== TEST 19: can not create a credential with duplicate key +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/consumers/bar/credentials/credential_d', + ngx.HTTP_PUT, + [[{ + "desc": "key-auth for bar", + "plugins": { + "key-auth": { + "key": "the-key-bar" + } + } + }]] + ) + + ngx.status = code + ngx.print(body) + } + } +--- request +GET /t +--- error_code: 400 +--- response_body +{"error_msg":"duplicate key found with consumer: bar"} + + + +=== TEST 20: can update credential credential_c with same key +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + + -- update desc, keep same key + local code, body = t('/apisix/admin/consumers/bar/credentials/credential_c', + ngx.HTTP_PUT, + [[{ + "desc": "new description", + "plugins": { + "key-auth": { + "key": "the-key-bar" + } + } + }]] + ) + + ngx.status = code + ngx.say(body) + } + } +--- request +GET /t +--- response_body +passed +--- error_code: 200 + + + +=== TEST 21: delete credential credential_c +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/consumers/bar/credentials/credential_c', ngx.HTTP_DELETE) + } + } +--- request +GET /t + + +=== TEST 22: delete consumer bar +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/consumers/bar', ngx.HTTP_DELETE) + } + } +--- request +GET /t + + +=== TEST 23: delete consumer jack +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/consumers/jack', ngx.HTTP_DELETE) + } + } +--- request +GET /t From ef0a8ea13c57574c3fabaa1aea5b75d1ea9181a2 Mon Sep 17 00:00:00 2001 From: Baoyuan Date: Wed, 12 Mar 2025 17:49:04 +0800 Subject: [PATCH 05/10] fix: format code --- apisix/admin/consumers.lua | 6 ++++-- apisix/admin/credentials.lua | 12 ++++++++---- t/admin/consumers2.t | 2 +- 3 files changed, 13 insertions(+), 7 deletions(-) diff --git a/apisix/admin/consumers.lua b/apisix/admin/consumers.lua index b0c70154d6f6..515667b2f16e 100644 --- a/apisix/admin/consumers.lua +++ b/apisix/admin/consumers.lua @@ -58,10 +58,12 @@ local function check_conf(username, conf, need_username, schema) if key_field then local key_value = decrypted_conf[key_field] if key_value then - local consumer, _ = require("apisix.consumer").find_consumer(plugin_name, key_field, key_value) + local consumer, _ = require("apisix.consumer") + .find_consumer(plugin_name, key_field, key_value) if consumer and consumer.username ~= conf.username then return nil, { - error_msg = "duplicate key found with consumer: " .. consumer.username + error_msg = "duplicate key found with consumer: " + .. consumer.username } end end diff --git a/apisix/admin/credentials.lua b/apisix/admin/credentials.lua index 893cc0ffb991..1ef0f3c43f56 100644 --- a/apisix/admin/credentials.lua +++ b/apisix/admin/credentials.lua @@ -20,7 +20,7 @@ local plugin = require("apisix.plugin") local resource = require("apisix.admin.resource") local pairs = pairs -local function check_conf(_id, conf, _need_id, schema) +local function check_conf(id, conf, _need_id, schema) local ok, err = core.schema.check(schema, conf) if not ok then return nil, {error_msg = "invalid configuration: " .. err} @@ -56,9 +56,13 @@ local function check_conf(_id, conf, _need_id, schema) if key_field then local key_value = decrypted_conf[key_field] if key_value then - local consumer, _ = require("apisix.consumer").find_consumer(name, key_field, key_value) - if consumer and consumer.credential_id ~= _id then - return nil, {error_msg = "duplicate key found with consumer: " .. consumer.username} + local consumer, _ = require("apisix.consumer") + .find_consumer(name, key_field, key_value) + if consumer and consumer.credential_id ~= id then + return nil, { + error_msg = "duplicate key found with consumer: " + .. consumer.username + } end end end diff --git a/t/admin/consumers2.t b/t/admin/consumers2.t index 58df66271cc2..c1d1817d7cbf 100644 --- a/t/admin/consumers2.t +++ b/t/admin/consumers2.t @@ -256,4 +256,4 @@ GET /t --- request GET /t --- response_body -passed \ No newline at end of file +passed From 80ce4312ef5eed0044c71d0fa3055f872893320f Mon Sep 17 00:00:00 2001 From: Baoyuan Date: Wed, 12 Mar 2025 17:50:43 +0800 Subject: [PATCH 06/10] fix: format code --- apisix/admin/consumers.lua | 2 +- apisix/admin/credentials.lua | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/apisix/admin/consumers.lua b/apisix/admin/consumers.lua index 515667b2f16e..c2c065c677a4 100644 --- a/apisix/admin/consumers.lua +++ b/apisix/admin/consumers.lua @@ -62,7 +62,7 @@ local function check_conf(username, conf, need_username, schema) .find_consumer(plugin_name, key_field, key_value) if consumer and consumer.username ~= conf.username then return nil, { - error_msg = "duplicate key found with consumer: " + error_msg = "duplicate key found with consumer: " .. consumer.username } end diff --git a/apisix/admin/credentials.lua b/apisix/admin/credentials.lua index 1ef0f3c43f56..48e7ca3e6d7c 100644 --- a/apisix/admin/credentials.lua +++ b/apisix/admin/credentials.lua @@ -60,7 +60,7 @@ local function check_conf(id, conf, _need_id, schema) .find_consumer(name, key_field, key_value) if consumer and consumer.credential_id ~= id then return nil, { - error_msg = "duplicate key found with consumer: " + error_msg = "duplicate key found with consumer: " .. consumer.username } end From 93a4b63bedaebdc9cc6bf5458861c6bc8ff2ad3b Mon Sep 17 00:00:00 2001 From: Baoyuan Date: Wed, 12 Mar 2025 21:46:02 +0800 Subject: [PATCH 07/10] fix: test --- t/admin/consumers2.t | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/t/admin/consumers2.t b/t/admin/consumers2.t index c1d1817d7cbf..ac9adb04a6fc 100644 --- a/t/admin/consumers2.t +++ b/t/admin/consumers2.t @@ -250,7 +250,7 @@ GET /t ) ngx.status = code - ngx.print(body) + ngx.say(body) } } --- request From 5e0fe0ffac59e8465901fe648a7b6f5b639f2bc6 Mon Sep 17 00:00:00 2001 From: Baoyuan Date: Thu, 13 Mar 2025 09:50:36 +0800 Subject: [PATCH 08/10] fix: lint code --- apisix/admin/consumers.lua | 10 ++++++++-- apisix/admin/credentials.lua | 10 +++++++--- t/admin/credentials.t | 3 +++ 3 files changed, 18 insertions(+), 5 deletions(-) diff --git a/apisix/admin/consumers.lua b/apisix/admin/consumers.lua index c2c065c677a4..c0b455a717f8 100644 --- a/apisix/admin/consumers.lua +++ b/apisix/admin/consumers.lua @@ -18,6 +18,8 @@ local core = require("apisix.core") local plugins = require("apisix.admin.plugins") local resource = require("apisix.admin.resource") local plugin = require("apisix.plugin") +local pairs = pairs +local consumer = require("apisix.consumer") local function check_conf(username, conf, need_username, schema) local ok, err = core.schema.check(schema, conf) @@ -43,6 +45,7 @@ local function check_conf(username, conf, need_username, schema) if not plugin_obj then return nil, {error_msg = "unknown plugin " .. plugin_name} end + if plugin_obj.type == "auth" then local decrypted_conf = core.table.deepcopy(plugin_conf) plugin.decrypt_conf(plugin_name, decrypted_conf, core.schema.TYPE_CONSUMER) @@ -55,11 +58,14 @@ local function check_conf(username, conf, need_username, schema) } local key_field = plugin_key_map[plugin_name] + if key_field then local key_value = decrypted_conf[key_field] + if key_value then - local consumer, _ = require("apisix.consumer") - .find_consumer(plugin_name, key_field, key_value) + local consumer, _ = consumer + .find_consumer(plugin_name, key_field, key_value) + if consumer and consumer.username ~= conf.username then return nil, { error_msg = "duplicate key found with consumer: " diff --git a/apisix/admin/credentials.lua b/apisix/admin/credentials.lua index 48e7ca3e6d7c..cec5fdcd323b 100644 --- a/apisix/admin/credentials.lua +++ b/apisix/admin/credentials.lua @@ -18,6 +18,7 @@ local core = require("apisix.core") local plugins = require("apisix.admin.plugins") local plugin = require("apisix.plugin") local resource = require("apisix.admin.resource") +local consumer = require("apisix.consumer") local pairs = pairs local function check_conf(id, conf, _need_id, schema) @@ -37,6 +38,7 @@ local function check_conf(id, conf, _need_id, schema) if not plugin_obj then return nil, {error_msg = "unknown plugin " .. name} end + if plugin_obj.type ~= "auth" then return nil, {error_msg = "only supports auth type plugins in consumer credential"} end @@ -55,13 +57,15 @@ local function check_conf(id, conf, _need_id, schema) local key_field = plugin_key_map[name] if key_field then local key_value = decrypted_conf[key_field] + if key_value then - local consumer, _ = require("apisix.consumer") - .find_consumer(name, key_field, key_value) + local consumer, _ = consumer + .find_consumer(name, key_field, key_value) + if consumer and consumer.credential_id ~= id then return nil, { error_msg = "duplicate key found with consumer: " - .. consumer.username + .. consumer.username } end end diff --git a/t/admin/credentials.t b/t/admin/credentials.t index 3f92e74365e6..3456c1c1ae26 100644 --- a/t/admin/credentials.t +++ b/t/admin/credentials.t @@ -494,6 +494,7 @@ GET /t {"error_msg":"missing credential id"} + === TEST 17: create a consumer bar --- config location /t { @@ -602,6 +603,7 @@ passed GET /t + === TEST 22: delete consumer bar --- config location /t { @@ -614,6 +616,7 @@ GET /t GET /t + === TEST 23: delete consumer jack --- config location /t { From 5660ad2bb81d8b4babbf3bc115a1a9cf544446f6 Mon Sep 17 00:00:00 2001 From: Baoyuan Date: Fri, 14 Mar 2025 12:01:57 +0800 Subject: [PATCH 09/10] fix: test --- apisix/admin/consumers.lua | 7 +++++-- t/secret/aws.t | 2 ++ t/secret/gcp.t | 2 ++ t/secret/secret_lru.t | 2 ++ 4 files changed, 11 insertions(+), 2 deletions(-) diff --git a/apisix/admin/consumers.lua b/apisix/admin/consumers.lua index c0b455a717f8..685e762779bc 100644 --- a/apisix/admin/consumers.lua +++ b/apisix/admin/consumers.lua @@ -63,8 +63,11 @@ local function check_conf(username, conf, need_username, schema) local key_value = decrypted_conf[key_field] if key_value then - local consumer, _ = consumer - .find_consumer(plugin_name, key_field, key_value) + local consumer, _, err = consumer + .find_consumer(plugin_name, key_field, key_value) + if err then + core.log.warn("failed to find consumer: ", err) + end if consumer and consumer.username ~= conf.username then return nil, { diff --git a/t/secret/aws.t b/t/secret/aws.t index ae0e09b63398..c0d7266da762 100644 --- a/t/secret/aws.t +++ b/t/secret/aws.t @@ -314,3 +314,5 @@ GET /t } --- response_body all done +--- error_log +failed to fetch secret value: no secret conf, secret_uri: $secret://aws/mysecret/jack/key diff --git a/t/secret/gcp.t b/t/secret/gcp.t index b7fc5331cf37..dc28ab56ec65 100644 --- a/t/secret/gcp.t +++ b/t/secret/gcp.t @@ -247,6 +247,8 @@ kEJQcmfVew5mFXyxuEn3zA== } --- response_body all done +--- error_log +failed to fetch secret value: no secret conf, secret_uri: $secret://gcp/mysecret/jack/key diff --git a/t/secret/secret_lru.t b/t/secret/secret_lru.t index 3ff3386fcf15..9f320ae2883e 100644 --- a/t/secret/secret_lru.t +++ b/t/secret/secret_lru.t @@ -96,3 +96,5 @@ GET /t } --- response_body nil +--- error_log +failed to fetch secret value: no secret conf, secret_uri: $secret://vault/mysecret/jack/auth-key From 6cb6b78abe8df16bb2ce9a7f58efdff31725861e Mon Sep 17 00:00:00 2001 From: Baoyuan Date: Fri, 14 Mar 2025 12:03:58 +0800 Subject: [PATCH 10/10] fix: add log --- apisix/admin/credentials.lua | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/apisix/admin/credentials.lua b/apisix/admin/credentials.lua index cec5fdcd323b..cc029dbae225 100644 --- a/apisix/admin/credentials.lua +++ b/apisix/admin/credentials.lua @@ -59,9 +59,13 @@ local function check_conf(id, conf, _need_id, schema) local key_value = decrypted_conf[key_field] if key_value then - local consumer, _ = consumer + local consumer, _, err = consumer .find_consumer(name, key_field, key_value) + if err then + core.log.warn("failed to find consumer: ", err) + end + if consumer and consumer.credential_id ~= id then return nil, { error_msg = "duplicate key found with consumer: "