spacewander commented on a change in pull request #6485:
URL: https://github.com/apache/apisix/pull/6485#discussion_r818234419
##########
File path: docs/en/latest/plugins/authz-keycloak.md
##########
@@ -63,6 +63,8 @@ For more information on Keycloak, refer to [Keycloak
Authorization Docs](https:/
| keepalive | boolean | optional | true
|
| Enable HTTP keep-alive to keep connections open after
use. Set to `true` if you expect a lot of requests to Keycloak.
|
| keepalive_timeout | integer | optional | 60000
| positive integer >= 1000
| Idle timeout after which established HTTP connections
will be closed.
|
| keepalive_pool | integer | optional | 5
| positive integer >= 1
| Maximum number of connections in the connection pool.
|
+| keepalive_pool | integer | optional | 5
| positive integer >= 1
| Maximum number of connections in the connection pool.
|
Review comment:
Duplicate?
##########
File path: t/plugin/authz-keycloak.t
##########
@@ -551,3 +551,99 @@ GET /t
--- response_body
{"error":"access_denied","error_description":"not_authorized"}
--- no_error_log
+
+
+
+=== TEST 16: set enforcement mode is "ENFORCING", lazy_load_paths and
permissions use default values , access_denied_redirect_uri is
"http://127.0.0.1/test";
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local code, body = t('/apisix/admin/routes/1',
+ ngx.HTTP_PUT,
+ [[{
+ "plugins": {
+ "authz-keycloak": {
+ "token_endpoint":
"http://127.0.0.1:8443/auth/realms/University/protocol/openid-connect/token";,
+ "client_id": "course_management",
+ "grant_type":
"urn:ietf:params:oauth:grant-type:uma-ticket",
+ "policy_enforcement_mode": "ENFORCING",
+ "timeout": 3000,
+ "access_denied_redirect_uri":
"http://127.0.0.1/test";
+ }
+ },
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1982": 1
+ },
+ "type": "roundrobin"
+ },
+ "uri": "/hello1"
+ }]],
+ [[{
+ "node": {
+ "value": {
+ "plugins": {
+ "authz-keycloak": {
+ "token_endpoint":
"http://127.0.0.1:8443/auth/realms/University/protocol/openid-connect/token";,
+ "client_id": "course_management",
+ "grant_type":
"urn:ietf:params:oauth:grant-type:uma-ticket",
+ "policy_enforcement_mode": "ENFORCING",
+ "timeout": 3000,
+ "access_denied_redirect_uri":
"http://127.0.0.1/test";
+ }
+ },
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1982": 1
+ },
+ "type": "roundrobin"
+ },
+ "uri": "/hello1"
+ },
+ "key": "/apisix/routes/1"
+ },
+ "action": "set"
+ }]]
+ )
+
+ if code >= 300 then
+ ngx.status = code
+ end
+ ngx.say(body)
+ }
+ }
+--- request
+GET /t
+--- response_body
+passed
+--- no_error_log
+[error]
+
+
+
+=== TEST 17: test for permission is empty and enforcement mode is "ENFORCING"
, access_denied_redirect_uri is "http://127.0.0.1/test";.
+--- config
+ location /t {
+ content_by_lua_block {
+ local http = require "resty.http"
+ local httpc = http.new()
+ local uri = "http://127.0.0.1:"; .. ngx.var.server_port .. "/hello1"
+ local res, err = httpc:request_uri(uri, {
+ method = "GET",
+ headers = {
+ ["Authorization"] = "Bearer " .. "fake access token",
+ }
+ })
+ if res.status >= 300 then
+ ngx.status = res.status
+ ngx.header["Location"] = res.headers["Location"]
+ end
+ }
+ }
+--- request
+GET /t
+--- response_headers
+Location: http://127.0.0.1/test
+--- error_code: 302
+--- no_error_log
Review comment:
Empty `--- no_error_log`
##########
File path: t/plugin/authz-keycloak.t
##########
@@ -551,3 +551,99 @@ GET /t
--- response_body
{"error":"access_denied","error_description":"not_authorized"}
--- no_error_log
+
+
+
+=== TEST 16: set enforcement mode is "ENFORCING", lazy_load_paths and
permissions use default values , access_denied_redirect_uri is
"http://127.0.0.1/test";
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local code, body = t('/apisix/admin/routes/1',
+ ngx.HTTP_PUT,
+ [[{
+ "plugins": {
+ "authz-keycloak": {
+ "token_endpoint":
"http://127.0.0.1:8443/auth/realms/University/protocol/openid-connect/token";,
+ "client_id": "course_management",
+ "grant_type":
"urn:ietf:params:oauth:grant-type:uma-ticket",
+ "policy_enforcement_mode": "ENFORCING",
+ "timeout": 3000,
+ "access_denied_redirect_uri":
"http://127.0.0.1/test";
+ }
+ },
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1982": 1
+ },
+ "type": "roundrobin"
+ },
+ "uri": "/hello1"
+ }]],
+ [[{
+ "node": {
Review comment:
There is no need to check the response data, please don't do it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
