[I] bug: `keycloak-authz` plugin without `resource_registration_endpoint` when `lazy_load_paths` is true returns 500 error [apisix]

[via GitHub]

kayx23 opened a new issue, #10708:
URL: https://github.com/apache/apisix/issues/10708

   ### Current Behavior
   
   _Issue separated out from [this 
report](https://github.com/apache/apisix/issues/10682#issuecomment-1867094155)._
   
   Configure keycloak and configure a route as such (`lazy_load_paths` :`true`):
   
   ```shell
   $ curl http://127.0.0.1:9180/apisix/admin/routes/1 -X PUT -d '
   {
       "uri": "/*",
       "plugins": {
           "authz-keycloak": {
               "lazy_load_paths": true,
               "discovery": 
"http://192.168.1.83:8080/realms/quickstart-realm/.well-known/openid-configuration";,
               "client_id": "your-client-name",
               "client_secret": "your-client-secret"
           }
       },
       "upstream": {
           "type": "roundrobin",
           "nodes": {
               "httpbin.org": 1
           }
       }
   }'
   ```
   
   Request an access token from keycloak and send a request to the route with 
the access token:
   
   
![image](https://github.com/apache/apisix/assets/39619599/9b1558d5-6fec-4124-971f-8c5614c8b762)
   
   because `resource_registration_endpoint` is neither explicitly configured 
nor presented in the discovery doc:
   
   ```text
   2023/12/22 00:16:00 [warn] 49#49: *15931 [lua] plugin.lua:1153: 
run_plugin(): authz-keycloak exits with http status code 503, client: 
172.24.0.1, server: _, request: "GET /anything/test HTTP/1.1", host: 
"127.0.0.1:9080"
   2023/12/22 00:16:38 [error] 50#50: *17428 [lua] authz-keycloak.lua:505: 
authz_keycloak_resolve_resource(): Unable to determine registration endpoint., 
client: 172.24.0.1, server: _, request: "GET /anything/test HTTP/1.1", host: 
"127.0.0.1:9080"
   2023/12/22 00:16:38 [error] 50#50: *17428 lua entry thread aborted: runtime 
error: /usr/local/apisix/apisix/plugins/authz-keycloak.lua:580: attempt to get 
length of local 'permission' (a number value)
   stack traceback:
   coroutine 0:
   172.24.0.1 - - [22/Dec/2023:00:16:38 +0000] 127.0.0.1:9080 "GET 
/anything/test HTTP/1.1" 500 249 0.129 "-" "curl/7.64.1" - - - 
"http://127.0.0.1:9080";
   /usr/local/apisix/apisix/plugins/authz-keycloak.lua: in function 
'evaluate_permissions'
   /usr/local/apisix/apisix/plugins/authz-keycloak.lua:778: in function 
'phase_func'
   /usr/local/apisix/apisix/plugin.lua:1148: in function 'run_plugin'
   /usr/local/apisix/apisix/init.lua:725: in function 'http_access_phase'
   ```
   
   The 503 is expected: 
   
   
![image](https://github.com/apache/apisix/assets/39619599/716f95dc-9ba7-4c52-b0c4-45494b77c00e)
   
   But the 500?
   
   ### Expected Behavior
   
   _No response_
   
   ### Error Logs
   
   _No response_
   
   ### Steps to Reproduce
   
   .
   
   ### Environment
   
   - APISIX version (run `apisix version`): 3.7.0
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org