bisakhmondal commented on a change in pull request #5745:
URL: https://github.com/apache/apisix/pull/5745#discussion_r765426256
##########
File path: apisix/plugins/jwt-auth.lua
##########
@@ -119,29 +143,74 @@ function _M.check_schema(conf, schema_type)
if schema_type == core.schema.TYPE_CONSUMER then
ok, err = core.schema.check(consumer_schema, conf)
else
- ok, err = core.schema.check(schema, conf)
+ return core.schema.check(schema, conf)
end
if not ok then
return false, err
end
- if schema_type == core.schema.TYPE_CONSUMER then
- if conf.algorithm ~= "RS256" and not conf.secret then
- conf.secret = ngx_encode_base64(resty_random.bytes(32, true))
+ -- in nginx init_worker_by_lua context API calls are disabled,
+ -- also that is a costly operation during system startup.
+ if ngx.get_phase() == "init_worker" then
Review comment:
> We can check the data in Vault, but in the Admin API during creating.
Sending a bundle of requests in full sync (which is not only happened during
system startup) is too expensive
Yes, that's the current behaviour. For handling HTTP.PUT the ngx phase is
`content_by_lua`. The full sync is done in apisix startup that is
`init_worker_by_lua` phase. So in that case, the plugin simply skips the
validation with external sources.
Btw, are you trying to convey something else?
> Even the data is valid, people can still change it later as the data does
not come from the major data source.
Totally agree with you : )
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
