brmejia commented on code in PR #11451:
URL: https://github.com/apache/apisix/pull/11451#discussion_r1838493955
##########
apisix/plugins/openid-connect.lua:
##########
@@ -290,7 +291,8 @@ local _M = {
}
-function _M.check_schema(conf)
+function _M.check_schema(plugin_conf)
+ local conf = fetch_secrets(plugin_conf)
Review Comment:
This line is giving me some issues after apisix reload.
If line fetch_secrets is done in check_schema, the route fails showing me
the following error:
```
2024/11/12 17:12:51 [error] 240#240: *13728 lua entry thread aborted:
runtime error: ...isix/custom-plugins/apisix/plugins/openid-connect.lua:478:
attempt to compare nil with number
stack traceback:
coroutine 0:
...isix/custom-plugins/apisix/plugins/openid-connect.lua: in function
'phase_func'
/usr/local/apisix/apisix/plugin.lua:1166: in function 'run_plugin'
/usr/local/apisix/apisix/init.lua:689: in function 'http_access_phase'
access_by_lua(nginx.conf:310):2: in main chunk, client: 10.89.2.37,
server: _, request: "GET /private/anything HTTP/2.0", host: "XXXX"
```
If I remove fetch_secrets from check_schema, the route work as expected but
the following warning is shown at startup:
`[warn] 187#187: *8391 [lua] utils.lua:418: find_and_log(): Using
openid-connect discovery with no TLS is a security risk, context:
init_worker_by_lua*`
I assume that without the fetch_secrets the value of `discovery` is not
resolved and openid checks https for it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
