Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature request: support plugins on a combination of resources #13

Closed
hbagdi opened this issue Apr 15, 2019 · 9 comments · Fixed by #86
Closed

Feature request: support plugins on a combination of resources #13

hbagdi opened this issue Apr 15, 2019 · 9 comments · Fixed by #86
Assignees
@hbagdi
Labels
feature New feature or request
Milestone
v0.6.0

Comments

@hbagdi
Copy link
Member

hbagdi commented Apr 15, 2019

Kong allows configuring plugins for any combination of Consumer, Service and Route.
These are currently not configurable via deck.
@hbagdi hbagdi mentioned this issue Apr 15, 2019
Closed
@javiertmezac
Copy link

javiertmezac commented Jun 15, 2019
edited
Loading

hi @hbagdi, I have a questions here..
currently I am using this tool and recently I noticed something.. I have configured the JWT plugin applied to Global, but there is a parameter called "config.anonymous" that usually is being linked to a consumer (anonymous consumer in my case). So what I expect is to set the consumer id in this parameter, but I am not able to do this.

Does this fit under this request?
Thanks

@hbagdi
Copy link
Member Author

hbagdi commented Jun 18, 2019

What is the error do you see?
Also, could you share the relevant config of the plugin that you define inside decK's yaml file?

@javiertmezac
Copy link

javiertmezac commented Jun 20, 2019
edited
Loading

I have configured two different consumers.
1- anonymous which has been scoped to a plugin called request-termination. This plugin only returns 401 Unauthorized for any request that does not have a valid JWT in the header.
2- browser which has been configured with some credentials (I did this manually, I saw in the roadmap that there are plans to support Credentials for Consumers)
note:

also I have configured a JWT plugin and I added in the "config.anonymous" field the "anonymous consumer's id" - this is the problem, explained below

So If I do a ./deck dump, everything works good and I have something like this:

services:
- connect_timeout: 60000
  host: www.mocky.io
  name: mocky
  path: /v2/5d0bf87d3500002d00b89680
  port: 80
  protocol: http
  read_timeout: 60000
  retries: 5
  write_timeout: 60000
  routes:
  - name: mock
    methods:
    - GET
    paths:
    - /mock
    preserve_host: false
    protocols:
    - http
    - https
    regex_priority: 0
    strip_path: true
plugins:
- name: jwt
  config:
    anonymous: bd833dba-464e-4003-acc3-fd608686033e
    claims_to_verify: null
    cookie_names: []
    key_claim_name: iss
    maximum_expiration: 0
    run_on_preflight: true
    secret_is_base64: false
    uri_param_names:
    - jwt
  enabled: true
  run_on: first
consumers:
- username: anonymous_users
  plugins:
  - name: request-termination
    config:
      body: null
      content_type: null
      message: Unauthorized - bye!
      status_code: 401
    enabled: true
    run_on: first
- username: browser

but as you can see the "anonymous consumer's id " is not referenced to the consumer. Next time I try to ./deck sync (eg. for another instance) that consumer's id won't exist, so a valid request like

http :8000/mock 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhMzZjMzA0OWIzNjI0OWEzYzlmODg5MWNiMTI3MjQzYyIsImV4cCI6MTQ0MjQzMDA1NCwibmJmIjoxNDQyNDI2NDU0LCJpYXQiOjE0NDI0MjY0NTR9.L1-1VoNu598QvY97rE7mLiSqmJInC9Yb5p-JUvYYUxo'

is going to to tell me

HTTP/1.1 500 Internal Server Error
Connection: keep-alive
Content-Length: 42
Content-Type: application/json; charset=utf-8
Date: Thu, 20 Jun 2019 21:58:37 GMT
Server: kong/0.35-1-enterprise-edition

{
    "message": "An unexpected error occurred"
}

@hbagdi
Copy link
Member Author

hbagdi commented Jun 27, 2019

@JavierTMC Apologies for the late response here.

This feature requires that IDs can be specified on entities.
I've been tracking this internally for a while but I opened up #29 to track this publicly.

In the interim you can solve the problem using decK and Kong 1.1 or 1.2:

  • Use decK to sync all the configuration and make sure you are using tagging.
  • Create a consumer outside decK, and then use the ID of that consumer in decK's config file.

Hope that helps. Let me know if you would like me to elaborate.

@javiertmezac
Copy link

@hbagdi I also ask for apologies for the late response..

I am not sure if I did what you requested, but basically, I created the consumer manually and then I used the consumer's ID and put it in decK's configuration file. Then I ran the deck sync command and plugin was updated with correct consumer's ID.

I just called a route and it worked as expected, no error received.

I didn't tag anything, I am not sure I get that correct.

@hbagdi
Copy link
Member Author

hbagdi commented Jul 8, 2019

Was the consumer you created manually present in the config file you supplied to decK?
If yes, then it should work.

If not, then decK will delete the manually created consumer when you run deck sync.

@javiertmezac
Copy link

Yeah - I created the anonymous consumer manually and the request-termination plugin as part of it, then included this configuration in the kong.yaml and only changed the anonymous field from the jwt global plugin. This worked correctly

If I remove that configuration from decK, the consumer is removed.

But yeah, I guess the only way for this to work right now, is to put all the configuration ind decK for any entity manually created, and get the ID of that resource and use it when necessary. This is not the best solution but it works.

I was thinking that maybe having some intrinsic referencing within the decK configuration yaml can work to solve this. something like..

services:
- connect_timeout: 60000
  host: www.mocky.io
  name: mocky
  path: /v2/5d0bf87d3500002d00b89680
  port: 80
  protocol: http
  read_timeout: 60000
  retries: 5
  write_timeout: 60000
  routes:
  - name: mock
    methods:
    - GET
    paths:
    - /mock
    preserve_host: false
    protocols:
    - http
    - https
    regex_priority: 0
    strip_path: true
plugins:
- name: jwt
  config:
    anonymous: !Ref anonymous_consumer
    claims_to_verify: null
    cookie_names: []
    key_claim_name: iss
    maximum_expiration: 0
    run_on_preflight: true
    secret_is_base64: false
    uri_param_names:
    - jwt
  enabled: true
  run_on: first
consumers:
- anonymous_consumer
  username: anonymous_users
  plugins:
  - name: request-termination
    config:
      body: null
      content_type: null
      message: Unauthorized - bye!
      status_code: 401
    enabled: true
    run_on: first
- username: browser

something really similar as AWS CloudFormation templates

@hbagdi
Copy link
Member Author

hbagdi commented Jul 9, 2019

This is something that I've thought on doing but haven't seen a lot of need yet
Let's avoid discussing this on this unrelated feature request issue.
Please open a different issue if you would like to discuss more on your problem.

@javiertmezac
Copy link

sure thing!
thanks @hbagdi

@hbagdi hbagdi added the feature New feature or request label Jul 31, 2019
@hbagdi hbagdi added this to the v0.6.0 milestone Aug 15, 2019
@hbagdi hbagdi mentioned this issue Sep 12, 2019
Closed
@hbagdi hbagdi self-assigned this Oct 29, 2019
@hbagdi hbagdi mentioned this issue Oct 30, 2019
Merged
rainest pushed a commit that referenced this issue Apr 21, 2021
@krijohs
feat: export KongAPIError and expose HTTP status code
30e9519 
From #13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hbagdi hbagdi

Labels
feature New feature or request
Projects
None yet
Milestone
v0.6.0
Development

Successfully merging a pull request may close this issue.

Feat/entity Kong/deck
2 participants
@javiertmezac @hbagdi