-
Notifications
You must be signed in to change notification settings - Fork 129
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to handle the anonymous field on auth plugins #69
Comments
This is a very common issue that comes up far too often and decK has concept of You can configure decK to perform a sync/diff only for a sub-set of entire Kong configuration. Please take a look at: https://github.com/hbagdi/deck/blob/master/kong.yaml#L2 You can then manage only a subset of consumers of plugins or any entity you would like. |
Perfect, For the anonymous user id, what do you think about decK setting the consumer id directly?
|
@eamonnmcevoy That sounds like a good idea to me but it opens up a flood-gate of issues with itself as users then would like to template a lot of other things as well. If there are more use-cases for templating than this, we can come with a design for it and then see if it makes sense. For this current issue, there are two approaches that I've in mind:
|
Good point about the templating, it could get messy. Regarding the plugin, it seems strange to me that we need to specify an anonymous consumer at all. When first looking into this functionality I expected the anonymous field to be a boolean, or at least have the option to allow traffic for unauthenticated users. I think #29 is a good solution. |
Kong/kong#4972 will fix this problem. |
The above feature will be included in Kong 1.4 and solve this problem. |
@hbagdi I'm running on version 2.0.0 and can still reproduce this issue:
Any suggestions on how to patch this? Will you port your fix also to the 2.x branches? |
No. Please upgrade. |
I believe I run the last docker version available:
|
Please upgrade decK, Kong should be fine. |
I run decK from a the official Docker Hub latest image: https://hub.docker.com/r/hbagdi/deck, digest: Is the container far behind? Would you be so kind to release a new version 😃 |
No, that's the latest one. Something got messed up in Kong. I'll investigate. |
@hbagdi should I create a ticket at https://github.com/Kong/kong? |
Yes, please. |
I recreated this problem without DecK and created an issue in the Kong repo. Kong/kong#5551 |
Thanks @3to1null |
If I want to configure the anonymous field on a jwt plugin, is there a way to handle this in deck?
Its tricky because this field requires the consumer id, which we cannot know until the consumer has been created already.
It would be useful if we could set this field using 'username' in deck, and to have the ability to list some users in the config so that deck will ensure they exist, even when the --skip-consumers flag is used (or maybe have another flag to enable this).
Update:
I see that using the kong admin api I can create a consumer and specify the id so i guess that part should be possible to get working in deck
As for the issue of synching only certain consumers, I have 2 suggestions.
--create-consumers
--sync-consumer-tags=anonymous
will perform synchronize actions on users with theanonymous
tag and ignore others.The text was updated successfully, but these errors were encountered: