shunyuantan opened a new issue, #9588: URL: https://github.com/apache/apisix/issues/9588
### Current Behavior I'm trying to use the [limit-count](https://apisix.apache.org/docs/apisix/plugins/limit-count/) plugin with redis, I've tried to configure the plugin set the redis password with environment variables. The environment variable guide I'm following is based off [here](https://apisix.apache.org/docs/apisix/terminology/secret/#use-vault-to-manage-secrets), When `"password": "$ENV://REDIS_PWD"` is applied, invoking `curl -i http://localhost:9080/uuid` yields me the following error: ``` HTTP/1.1 500 Internal Server Error Date: Thu, 01 Jun 2023 09:39:42 GMT Content-Type: text/plain; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Server: APISIX/3.2.0 {"error_msg":"failed to limit count"} ``` Seems to show that it cannot read off the env variable I've set on the dashboard ### Expected Behavior When performing `curl -i http://localhost:9080/uuid`, i should expect the rate limit to be active and be stored in my local redis instance. Response ``` HTTP/1.1 200 OK Content-Type: application/json Content-Length: 53 Connection: keep-alive X-RateLimit-Limit: 2 X-RateLimit-Remaining: 0 <-- rate limiting showing up X-RateLimit-Reset: 54 Date: Thu, 01 Jun 2023 09:41:21 GMT Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true Server: APISIX/3.2.0 { "uuid": "dea3855a-c0d0-4717-af6f-61c025f20fc3" } ``` Record in redis  ### Error Logs This is the output on docker compose ``` apisix | 2023/06/01 09:28:54 [warn] 49#49: *5 [lua] plugin.lua:252: load_stream(): new plugins: {"syslog":true,"limit-conn":true,"ip-restriction":true,"mqtt-proxy":true}, context: init_worker_by_lua* ^[!apisix | 2023/06/01 09:39:42 [error] 50#50: *43262 [lua] init.lua:309: phase_func(): failed to limit count: WRONGPASS invalid username-password pair or user is disabled., client: 172.30.0.1, server: _, request: "GET /uuid HTTP/1.1", host: "localhost:9080" apisix | 2023/06/01 09:39:42 [warn] 50#50: *43262 [lua] plugin.lua:1098: run_plugin(): limit-count exits with http status code 500, client: 172.30.0.1, server: _, request: "GET /uuid HTTP/1.1", host: "localhost:9080" ``` I used netshoot to look at what apisix is passing to redis and this was the result  Seems like the plugin is passing an unevaluated password to redis ### Steps to Reproduce 1. Firstly, setup a docker compose like so ```yaml --- version: "3.9" services: apisix: profiles: - infra image: apache/apisix:3.2.0-debian container_name: apisix restart: always environment: REDIS_PWD: to-be-replaced user: root volumes: - ./gateway-config/apisix_conf/config.yaml:/usr/local/apisix/conf/config.yaml:ro depends_on: - etcd ports: - 9180:9180/tcp - 9080:9080/tcp - 9091:9091/tcp - 9443:9443/tcp networks: - apisix dashboard: profiles: - infra image: apache/apisix-dashboard:3.0.1-alpine container_name: dashboard restart: always volumes: - ./gateway-config/dashboard_conf/conf.yaml:/usr/local/apisix-dashboard/conf/conf.yaml:ro depends_on: - etcd ports: - 9000:9000/tcp networks: - apisix etcd: profiles: - infra image: bitnami/etcd:3.4.15 container_name: etcd restart: always volumes: - ./etcd_data_storage:/bitnami/etcd environment: ETCD_ENABLE_V2: "true" ETCD_DATA_DIR: /etcd_data ALLOW_NONE_AUTHENTICATION: yes ETCD_ADVERTISE_CLIENT_URLS: http://etcd:2379 ETCD_LISTEN_CLIENT_URLS: http://0.0.0.0:2379 ports: - 2379:2379/tcp networks: - apisix networks: apisix: driver: bridge ``` Note use the raw data editor for the dashboard configuration 2. Setup Upstream service ``` { "nodes": [ { "host": "httpbin.org", "port": 80, "weight": 1 } ], "timeout": { "connect": 6, "send": 6, "read": 6 }, "type": "roundrobin", "scheme": "http", "pass_host": "pass", "name": "APISIX Tutorial Upstream", "desc": "https://apisix.apache.org/docs/apisix/tutorials/expose-api/";, "keepalive_pool": { "idle_timeout": 60, "requests": 1000, "size": 320 } } ``` 3. Setup Route ```json { "uri": "/uuid", "name": "[Tutorial] Protect w rate limiting", "methods": [ "GET" ], "plugins": { "limit-count": { "_meta": { "disable": false }, "allow_degradation": false, "count": 2, "key": "remote_addr", "key_type": "var", "policy": "redis", "redis_host": "host.docker.internal", "redis_password": "$ENV://REDIS_PWD", "redis_port": 6379, "redis_timeout": 1001, "rejected_code": 503, "show_limit_quota_header": true, "time_window": 60 } }, "upstream_id": "463138328212931268", "status": 1 } ``` 4. Call the endpoint `curl -i http://localhost:9080/uuid` this should yield an error ### Environment Note, i'm running a docker container so the details will come from the docker container and not my host machine - APISIX version: apache/apisix:3.2.0-debian - Operating system (run `uname -a`): `Linux 2a3a1d84572e 5.15.49-linuxkit #1 SMP PREEMPT Tue Sep 13 07:51:32 UTC 2022 aarch64 GNU/Linux` - OpenResty / Nginx version (run `openresty -V` or `nginx -V`): ``` nginx version: openresty/1.21.4.1 built by gcc 10.2.1 20210110 (Debian 10.2.1-6) built with OpenSSL 1.1.1s 1 Nov 2022 ``` - etcd version, if relevant (run `curl http://127.0.0.1:9090/v1/server_info`): `{"boot_time":1685611734,"etcd_version":"3.4.0","id":"9e414efc-8dba-4494-b587-5e2659bb82a8","version":"3.2.0","hostname":"2a3a1d84572e"}` - APISIX Dashboard version, if relevant: - Plugin runner version, for issues related to plugin runners: not sure - LuaRocks version, for installation issues (run `luarocks --version`): not sure -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
