Re: [PR] feat: content-moderation plugin [apisix]
zhoujiexiong commented on code in PR #11541:
URL: https://github.com/apache/apisix/pull/11541#discussion_r1769569076
##
apisix/plugins/ai-content-moderation.lua:
##
@@ -0,0 +1,170 @@
+--
+-- Licensed to the Apache Software Foundation (ASF) under one or more
+-- contributor license agreements. See the NOTICE file distributed with
+-- this work for additional information regarding copyright ownership.
+-- The ASF licenses this file to You under the Apache License, Version 2.0
+-- (the "License"); you may not use this file except in compliance with
+-- the License. You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+--
+local core = require("apisix.core")
+local aws = require("resty.aws")
+local http = require("resty.http")
+local fetch_secrets = require("apisix.secret").fetch_secrets
+
+local aws_instance = aws()
+local next = next
+local pairs = pairs
+local unpack = unpack
+local type = type
+local ipairs = ipairs
+
+local aws_comprehend_schema = {
+type = "object",
+properties = {
+access_key_id = { type = "string" },
+secret_access_key = { type = "string" },
+region = { type = "string" },
+endpoint = {
+type = "string",
+pattern = [[^https?://]]
+},
+},
+required = { "access_key_id", "secret_access_key", "region", }
+}
+
+local schema = {
+type = "object",
+properties = {
+provider = {
+type = "object",
+properties = {
+aws_comprehend = aws_comprehend_schema
+},
+-- change to oneOf/enum while implementing support for other
services
+required = { "aws_comprehend" }
+},
+moderation_categories = {
+type = "object",
+patternProperties = {
+-- luacheck: push max code line length 300
+
["^(PROFANITY|HATE_SPEECH|INSULT|HARASSMENT_OR_ABUSE|SEXUAL|VIOLENCE_OR_THREAT)$"]
= {
+-- luacheck: pop
+type = "number",
+minimum = 0,
+maximum = 1
+}
+},
+additionalProperties = false
+},
+toxicity_level = {
+type = "number",
+minimum = 0,
+maximum = 1,
+default = 0.5
+},
+type = {
+type = "string",
+enum = { "openai" },
+}
+},
+required = { "provider", "type" },
+}
+
+
+local _M = {
+version = 0.1,
+priority = 1040, -- TODO: might change
+name = "ai-content-moderation",
+schema = schema,
+}
+
+
+function _M.check_schema(conf)
+return core.schema.check(schema, conf)
+end
+
+function _M.rewrite(conf, ctx)
+conf = fetch_secrets(conf, true, conf, "")
+if not conf then
+return 500, "failed to retrieve secrets from conf"
+end
+
+local body, err = core.request.get_body_table()
+if not body then
+return 400, err
+end
+
+local msgs = body.messages
+if not msgs or type(msgs) ~= "table" or #msgs < 1 then
Review Comment:
`#msgs < 1` -> `core.table.isempty(msgs)`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Re: [PR] feat: content-moderation plugin [apisix]
zhoujiexiong commented on code in PR #11541:
URL: https://github.com/apache/apisix/pull/11541#discussion_r1769565495
##
apisix/plugins/ai-content-moderation.lua:
##
@@ -0,0 +1,176 @@
+--
+-- Licensed to the Apache Software Foundation (ASF) under one or more
+-- contributor license agreements. See the NOTICE file distributed with
+-- this work for additional information regarding copyright ownership.
+-- The ASF licenses this file to You under the Apache License, Version 2.0
+-- (the "License"); you may not use this file except in compliance with
+-- the License. You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+--
+local core = require("apisix.core")
+local aws = require("resty.aws")
+local http = require("resty.http")
+local fetch_secrets = require("apisix.secret").fetch_secrets
+
+local aws_instance = aws()
+local next = next
+local pairs = pairs
+local unpack = unpack
+local type = type
+local ipairs = ipairs
+local require = require
+local internal_server_error = ngx.HTTP_INTERNAL_SERVER_ERROR
Review Comment:
```suggestion
local INTERNAL_SERVER_ERROR = ngx.HTTP_INTERNAL_SERVER_ERROR
```
const var. sugg. this style
##
apisix/plugins/ai-content-moderation.lua:
##
@@ -0,0 +1,176 @@
+--
+-- Licensed to the Apache Software Foundation (ASF) under one or more
+-- contributor license agreements. See the NOTICE file distributed with
+-- this work for additional information regarding copyright ownership.
+-- The ASF licenses this file to You under the Apache License, Version 2.0
+-- (the "License"); you may not use this file except in compliance with
+-- the License. You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+--
+local core = require("apisix.core")
+local aws = require("resty.aws")
+local http = require("resty.http")
+local fetch_secrets = require("apisix.secret").fetch_secrets
+
+local aws_instance = aws()
+local next = next
+local pairs = pairs
+local unpack = unpack
+local type = type
+local ipairs = ipairs
+local require = require
+local internal_server_error = ngx.HTTP_INTERNAL_SERVER_ERROR
+local bad_request = ngx.HTTP_BAD_REQUEST
+
+
+local aws_comprehend_schema = {
+type = "object",
+properties = {
+access_key_id = { type = "string" },
+secret_access_key = { type = "string" },
+region = { type = "string" },
+endpoint = {
+type = "string",
+pattern = [[^https?://]]
+},
+},
+required = { "access_key_id", "secret_access_key", "region", }
+}
+
+local moderation_categories_pattern = "^(PROFANITY|HATE_SPEECH|INSULT|"..
+
"HARASSMENT_OR_ABUSE|SEXUAL|VIOLENCE_OR_THREAT)$"
+local schema = {
+type = "object",
+properties = {
+provider = {
+type = "object",
+properties = {
+aws_comprehend = aws_comprehend_schema
+},
+-- change to oneOf/enum while implementing support for other
services
+required = { "aws_comprehend" }
+},
+moderation_categories = {
+type = "object",
+patternProperties = {
+-- luacheck: push max code line length 300
+[moderation_categories_pattern] = {
+-- luacheck: pop
+type = "number",
+minimum = 0,
+maximum = 1
+}
+},
+additionalProperties = false
+},
+toxicity_level = {
+type = "number",
+minimum = 0,
+maximum = 1,
+default = 0.5
+},
+type = {
+type = "string",
+enum = { "openai" },
+}
+},
+required = { "provider", "type" },
+}
+
+
+local _M = {
+version = 0.1,
+priority = 1040, -- TODO: might change
+name = "ai-content-moderation",
+schema = schema,
+}
+
+
+function _M.check_schema(conf)
+return core.schema.check(schema, conf)
+end
+
+function _M.rewrite(conf, ctx)
+conf = fetch_secrets(conf, true, conf, "")
+if not conf then
+return internal_server_error, "failed to retrieve secrets from conf"
+end
+
+local body, err = core.request.get
Re: [PR] feat: ai-rag plugin [apisix]
zhoujiexiong commented on code in PR #11568:
URL: https://github.com/apache/apisix/pull/11568#discussion_r1769552585
##
apisix/plugins/ai-rag/embeddings/azure_openai.lua:
##
@@ -0,0 +1,69 @@
+--
+-- Licensed to the Apache Software Foundation (ASF) under one or more
+-- contributor license agreements. See the NOTICE file distributed with
+-- this work for additional information regarding copyright ownership.
+-- The ASF licenses this file to You under the Apache License, Version 2.0
+-- (the "License"); you may not use this file except in compliance with
+-- the License. You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+--
+local core = require("apisix.core")
+local internal_server_error = ngx.HTTP_INTERNAL_SERVER_ERROR
+local type = type
+
+local _M = {}
+
+
+function _M.get_embeddings(conf, body, httpc)
+local res, err = httpc:request_uri(conf.endpoint, {
+method = "POST",
+headers = {
+["Content-Type"] = "application/json",
+["api-key"] = conf.api_key,
+},
+body = core.json.encode(body)
Review Comment:
check err?
##
t/plugin/ai-rag.t:
##
@@ -0,0 +1,395 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+use t::APISIX 'no_plan';
+
+log_level("info");
+repeat_each(1);
+no_long_string();
+no_root_location();
+
+
+my $resp_file = 't/assets/embeddings.json';
+open(my $fh, '<', $resp_file) or die "Could not open file '$resp_file' $!";
+my $embeddings = do { local $/; <$fh> };
+close($fh);
+
+
+add_block_preprocessor(sub {
+my ($block) = @_;
+
+if (!defined $block->request) {
+$block->set_value("request", "GET /t");
+}
+
+my $http_config = $block->http_config // <<_EOC_;
+server {
+listen 3623;
+
+default_type 'application/json';
+
+location /embeddings {
+content_by_lua_block {
+local json = require("cjson.safe")
+
+if ngx.req.get_method() ~= "POST" then
+ngx.status = 400
+ngx.say("Unsupported request method: ",
ngx.req.get_method())
Review Comment:
then return?
##
apisix/plugins/ai-rag/embeddings/azure_openai.lua:
##
@@ -0,0 +1,69 @@
+--
+-- Licensed to the Apache Software Foundation (ASF) under one or more
+-- contributor license agreements. See the NOTICE file distributed with
+-- this work for additional information regarding copyright ownership.
+-- The ASF licenses this file to You under the Apache License, Version 2.0
+-- (the "License"); you may not use this file except in compliance with
+-- the License. You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+--
+local core = require("apisix.core")
+local internal_server_error = ngx.HTTP_INTERNAL_SERVER_ERROR
Review Comment:
```suggestion
local INTERNAL_SERVER_ERROR = ngx.HTTP_INTERNAL_SERVER_ERROR
```
const var, sugg. this style, others elsewhere the same :)
##
apisix/plugins/ai-rag/embeddings/azure_openai.lua:
##
@@ -0,0 +1,69 @@
+--
+-- Licensed to the Apache Software Foundation (ASF) under one or more
+-- contributor license agreements. See the NOTICE file distributed with
+-- this work for additional information regarding copyright ownership.
+-- The ASF licenses this file to You under the Apache License, Version 2.0
+-- (the "License"); you may not use this file except in compliance with
+-- the License. You may obtain a copy of the Licens
Re: [PR] feat: aws-auth plugin [apisix]
Lensual commented on PR #11595: URL: https://github.com/apache/apisix/pull/11595#issuecomment-2364644989 My first lua PR. Please tell me what else needs to be done. And How to. Thanks. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] feat: aws-auth plugin [apisix]
Lensual opened a new pull request, #11595:
URL: https://github.com/apache/apisix/pull/11595
### Description
Implementing the AWS Signature v4 authentication plugin.
### Checklist
- [x] I have explained the need for this PR and the problem it solves
- [x] I have explained the changes or the new features added to this PR
- [x] I have added tests corresponding to this change
- [ ] I have updated the documentation to reflect this change
- [x] I have verified that this change is backward compatible (If not,
please discuss on the [APISIX mailing
list](https://github.com/apache/apisix/tree/master#community) first)
### Attributes
For Consumer:
| Name | Type | Requirement | Description
|
| -- | -- | --- |
---
|
| access_key | string | required| Unique access_key for a Consumer. This
field supports saving the value in Secret Manager using the [APISIX
Secret](https://apisix.apache.org/docs/apisix/terminology/secret/) resource. |
| secret_key | string | required| Unique secret_key for a Consumer. This
field supports saving the value in Secret Manager using the [APISIX
Secret](https://apisix.apache.org/docs/apisix/terminology/secret/) resource. |
NOTE: `encrypt_fields = {"access_key", "secret_key"}` is also defined in the
schema, which means that the field will be stored encrypted in etcd. See
[encrypted storage
fields](https://apisix.apache.org/docs/apisix/plugin-develop/#encrypted-storage-fields).
For Route:
| Name | Type| Requirement | Default
| Description
|
| -- | --- | --- |
--- |
--
|
| host | string | optional|
| Host to validate. Without validate if not provided.
|
| region | string | optional|
| Region to validate. Without validate if not provided.
|
| service| string | optional|
| Service to validate. Without validate if not provided.
|
| clock_skew | integer | optional| 60 \* 15
| Clock skew allowed by the signature in seconds. The default value is
900 seconds (15 minutes). If `X-Amz-Date` is not in request parameter, an error
will occur. Setting it to 0 will skip checking the date (UNSAFE). |
| max_req_body | integer | optional| 1024 \* 512
| Max Request Body size. The default value is 512 KiB.
|
| enable_header_method | boolean | optional| true
| Enable [HTTP authorization
header](https://docs.aws.amazon.com/IAM/latest/UserGuide/aws-signing-authentication-methods.html#aws-signing-authentication-methods-http)
method. The default is true. |
| enable_query_string_method | boolean | optional| true
| Enable [Query string
parameters](https://docs.aws.amazon.com/IAM/latest/UserGuide/aws-signing-authentication-methods.html#aws-signing-authentication-methods-query)
method. The default is true. |
| max_expires| integer | optional| 60 \* 60 \*
24 \* 7 | Sets the maximum value allowed for the `X-Amz-Expires` parameter. The
default value is 604800 seconds (7 days). Setting it to 0 will skip checking
exprires limit (UNSAFE).|
| extra
Re: [I] help request: The nginx config is converted to apisix conifg [apisix]
bestjane commented on issue #11593: URL: https://github.com/apache/apisix/issues/11593#issuecomment-2363327793 > Should the port where it says 31380 be 3001 @kayx23 no, this is an example I wrote to do a little desensitization.I can confirm that the configuration is correct. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] help request: The nginx config is converted to apisix conifg [apisix]
kayx23 commented on issue #11593: URL: https://github.com/apache/apisix/issues/11593#issuecomment-2363287924 If your upstream speaks HTTP (without TLS) then leave untouched -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] help request: The nginx config is converted to apisix conifg [apisix]
kayx23 commented on issue #11593: URL: https://github.com/apache/apisix/issues/11593#issuecomment-2363319928 Should the port where it says 31380 be 3100 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] help request: The nginx config is converted to apisix conifg [apisix]
bestjane commented on issue #11593: URL: https://github.com/apache/apisix/issues/11593#issuecomment-2363311669 > What error does APSIX return along with 404? 404 is not found. Does the route you request exist? @kayx23 I used the same request with apisix and nginx to access the following results, where only the port number was modified and the parameters and routes were consistent APISIX example: ``` ➜ curl -v --location --request POST 'http://xxx:9080/xxx < HTTP/1.1 404 Not Found < Content-Length: 0 < Connection: keep-alive < Date: Fri, 20 Sep 2024 09:39:11 GMT < Keep-Alive: timeout=4 < Proxy-Connection: keep-alive < Server: APISIX/3.10.0 < * Connection #0 to host 127.0.0.1 left intact ``` Nginx example: ``` ➜ curl -v --location --request POST 'http://xxx:9080/xxx HTTP/1.1 200 OK Transfer-Encoding: chunked Access-Control-Allow-Headers: * Access-Control-Allow-Methods: * Access-Control-Allow-Origin: * Cache-Control: no-cache Connection: keep-alive Content-Type: application/json Date: Fri, 20 Sep 2024 09:41:52 GMT Keep-Alive: timeout=4 Proxy-Connection: keep-alive Server: nginx/1.20.1 X-Envoy-Upstream-Service-Time: 814 ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[I] help request: Add APISIX into Arm64 Eco-System query system. [apisix]
eric-yq opened a new issue, #11594: URL: https://github.com/apache/apisix/issues/11594 ### Description Hello team, APISIX can support AWS Graviton instances(Arm64, AArch64), can you add APISIX into [https://www.arm.com/developer-hub/ecosystem-dashboard](https://www.arm.com/developer-hub/ecosystem-dashboard )? So, all the people can find it is supported in Arm64 eco-system. Thanks. ### Environment - APISIX version (run `apisix version`): - Operating system (run `uname -a`): - OpenResty / Nginx version (run `openresty -V` or `nginx -V`): - etcd version, if relevant (run `curl http://127.0.0.1:9090/v1/server_info`): - APISIX Dashboard version, if relevant: - Plugin runner version, for issues related to plugin runners: - LuaRocks version, for installation issues (run `luarocks --version`): -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] help request: The nginx config is converted to apisix conifg [apisix]
kayx23 commented on issue #11593: URL: https://github.com/apache/apisix/issues/11593#issuecomment-2363289915 What error does APSIX return along with 404? 404 is not found. Does the route you request exist? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] help request: The nginx config is converted to apisix conifg [apisix]
bestjane commented on issue #11593: URL: https://github.com/apache/apisix/issues/11593#issuecomment-2363264727 > what error? @kayx23 nginx returns http code 200, and apisix returns http code 404 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] help request: The nginx config is converted to apisix conifg [apisix]
kayx23 commented on issue #11593: URL: https://github.com/apache/apisix/issues/11593#issuecomment-2363148000 what error? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[I] help request: The nginx config is converted to apisix conifg [apisix]
bestjane opened a new issue, #11593:
URL: https://github.com/apache/apisix/issues/11593
### Description
``` upstream and http server config
upstream gateway {
server 127.0.0.1:3001;
}
server {
listen ;
server_name test.com;
location / {
proxy_set_header Host$host;
proxy_passhttp://gateway;
}
}
```apisix config
# router
{
"uri": "/*",
"upstream_id": "",
"name": "test"
}
# upstream
{
"type": "roundrobin",
"nodes": [
{
"host": "10.105.167.63",
"port": 31380,
"weight": 1
}
]
}
```
apisix does not complete the request properly, why?
### Environment
- APISIX version (run `apisix version`):
- Operating system (run `uname -a`):
- OpenResty / Nginx version (run `openresty -V` or `nginx -V`):
- etcd version, if relevant (run `curl
http://127.0.0.1:9090/v1/server_info`):
- APISIX Dashboard version, if relevant:
- Plugin runner version, for issues related to plugin runners:
- LuaRocks version, for installation issues (run `luarocks --version`):
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Re: [PR] fix: attempt to shut down when provider init fails [apisix-ingress-controller]
acuteaura commented on PR #2263: URL: https://github.com/apache/apisix-ingress-controller/pull/2263#issuecomment-2363130517 @Revolyssup sorry about the direct ping, are you still working on the ingress or could you direct me to someone who can help? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] bug: log-rotate [apisix]
Juncx commented on issue #10795: URL: https://github.com/apache/apisix/issues/10795#issuecomment-2363030916 Copy the plugins field in config-default.yaml to config.yaml, and it works -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] fix(discovery): when `endpoint_slices` updated, old endpoints all flush_all/flush_expired [apisix]
dongjiang1989 commented on PR #11577: URL: https://github.com/apache/apisix/pull/11577#issuecomment-2363081441 > please add test cases and explain the changes in detail and how it solves the issue. Thanks @shreemaan-abhishek . Add the changes done. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] help request: use yaml anchors and aliases in the config. [apisix]
shreemaan-abhishek commented on issue #11501: URL: https://github.com/apache/apisix/issues/11501#issuecomment-2363053205 this seems like a limitation from the yaml parser used by APISIX. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] bug: http2 not working [apisix]
shreemaan-abhishek commented on issue #11543: URL: https://github.com/apache/apisix/issues/11543#issuecomment-2363026806 can you confirm if http2 is enabled? https://github.com/apache/apisix-helm-chart/blob/38ed5919ecf49d84230b123b5551bf8c782398ea/charts/apisix/templates/configmap.yaml#L76 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] chore(deps): bump actions/setup-node from 4.0.2 to 4.0.3 [apisix]
dependabot[bot] closed pull request #11397: chore(deps): bump actions/setup-node from 4.0.2 to 4.0.3 URL: https://github.com/apache/apisix/pull/11397 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] chore(deps): bump actions/setup-node from 4.0.2 to 4.0.4 [apisix]
dependabot[bot] opened a new pull request, #11592: URL: https://github.com/apache/apisix/pull/11592 Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4.0.2 to 4.0.4. Release notes Sourced from https://github.com/actions/setup-node/releases";>actions/setup-node's releases. v4.0.4 What's Changed Add workflow file for publishing releases to immutable action package by https://github.com/Jcambass";>@Jcambass in https://redirect.github.com/actions/setup-node/pull/1125";>actions/setup-node#1125 Enhance Windows ARM64 Setup and Update micromatch Dependency by https://github.com/priyagupta108";>@priyagupta108 in https://redirect.github.com/actions/setup-node/pull/1126";>actions/setup-node#1126 Documentation changes: Documentation update in the README file by https://github.com/suyashgaonkar";>@suyashgaonkar in https://redirect.github.com/actions/setup-node/pull/1106";>actions/setup-node#1106 Correct invalid 'lts' version string reference by https://github.com/fulldecent";>@fulldecent in https://redirect.github.com/actions/setup-node/pull/1124";>actions/setup-node#1124 New Contributors https://github.com/suyashgaonkar";>@suyashgaonkar made their first contribution in https://redirect.github.com/actions/setup-node/pull/1106";>actions/setup-node#1106 https://github.com/priyagupta108";>@priyagupta108 made their first contribution in https://redirect.github.com/actions/setup-node/pull/1126";>actions/setup-node#1126 https://github.com/Jcambass";>@Jcambass made their first contribution in https://redirect.github.com/actions/setup-node/pull/1125";>actions/setup-node#1125 https://github.com/fulldecent";>@fulldecent made their first contribution in https://redirect.github.com/actions/setup-node/pull/1124";>actions/setup-node#1124 Full Changelog: https://github.com/actions/setup-node/compare/v4...v4.0.4";>https://github.com/actions/setup-node/compare/v4...v4.0.4 v4.0.3 What's Changed Bug fixes: Fix macos latest check failures by https://github.com/HarithaVattikuti";>@HarithaVattikuti in https://redirect.github.com/actions/setup-node/pull/1041";>actions/setup-node#1041 Documentation changes: Documentation update to update default Node version to 20 by https://github.com/bengreeley";>@bengreeley in https://redirect.github.com/actions/setup-node/pull/949";>actions/setup-node#949 Dependency updates: Bump undici from 5.26.5 to 5.28.3 by https://github.com/dependabot";>@dependabot in https://redirect.github.com/actions/setup-node/pull/965";>actions/setup-node#965 Bump braces from 3.0.2 to 3.0.3 and other dependency updates by https://github.com/dependabot";>@dependabot in https://redirect.github.com/actions/setup-node/pull/1087";>actions/setup-node#1087 New Contributors https://github.com/bengreeley";>@bengreeley made their first contribution in https://redirect.github.com/actions/setup-node/pull/949";>actions/setup-node#949 https://github.com/HarithaVattikuti";>@HarithaVattikuti made their first contribution in https://redirect.github.com/actions/setup-node/pull/1041";>actions/setup-node#1041 Full Changelog: https://github.com/actions/setup-node/compare/v4...v4.0.3";>https://github.com/actions/setup-node/compare/v4...v4.0.3 Commits https://github.com/actions/setup-node/commit/0a44ba7841725637a19e28fa30b79a866c81b0a6";>0a44ba7 Correct version string (https://redirect.github.com/actions/setup-node/issues/1124";>#1124) https://github.com/actions/setup-node/commit/97ca147735c170fb35096b39ef17a0fc5d9270ac";>97ca147 Merge pull request https://redirect.github.com/actions/setup-node/issues/1125";>#1125 from actions/add-is-release-workflow https://github.com/actions/setup-node/commit/aa363ded8fefb1e43b7a6cb669a222a98c09eb57";>aa363de Create publish-immutable-action.yml https://github.com/actions/setup-node/commit/1c7b2db92075f828bee89d7e19d33a911d15e7b3";>1c7b2db Fix: windows arm64 setup (https://redirect.github.com/actions/setup-node/issues/1126";>#1126) https://github.com/actions/setup-node/commit/26961cf329f22f6837d5f54c3efd76b480300ace";>26961cf Documentation update in the README file (https://redirect.github.com/actions/setup-node/issues/1106";>#1106) https://github.com/actions/setup-node/commit/1e60f620b9541d16bece96c5465dc8ee9832be0b";>1e60f62 Bump braces from 3.0.2 to 3.0.3 (https://redirect.github.com/actions/setup-node/issues/1087";>#1087) https://github.com/actions/setup-node/commit/eff380dfbcf941bf8832e4acb788cebe13dfd758";>eff380d Fix macos latest check failures (https://redirect.github.com/actions/setup-node/issues/1041";>#1041) https://github.com/actions/setup-node/commit/c2ac33f2c62f978d6c944d9648125a294e56dc0b";>c2ac33f Bump undici from 5.26.5 to 5.28.3 (https://redirect.github.com/actions/setup-node/issues/965";>#965) https://github.com/actions/setup-node/commit/25b062c91
Re: [PR] chore(deps): bump actions/setup-node from 4.0.2 to 4.0.3 [apisix]
dependabot[bot] commented on PR #11397: URL: https://github.com/apache/apisix/pull/11397#issuecomment-2362874434 Superseded by #11592. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Enhance jwt-auth Plugin with Configurable Claim Name and Support for Asymmetric Algorithms [apisix]
shreemaan-abhishek commented on PR #11511: URL: https://github.com/apache/apisix/pull/11511#issuecomment-2362873508 it seems, this PR would be a duplicate of https://github.com/apache/apisix/pull/11282. > Support for Asymmetric Algorithms (RS256, ES256) If you want to introduce this support, please do so in another PR with the proposal written in an issue. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] feat(jwt-auth): Fix #11276 [apisix]
shreemaan-abhishek commented on PR #11282: URL: https://github.com/apache/apisix/pull/11282#issuecomment-2362871071 @mikyll, please rebase with master there have been some changes in the CI. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] feat(jwt-auth): Fix #11276 [apisix]
shreemaan-abhishek commented on code in PR #11282:
URL: https://github.com/apache/apisix/pull/11282#discussion_r1768012378
##
apisix/plugins/jwt-auth.lua:
##
@@ -247,9 +251,9 @@ local function get_rsa_or_ecdsa_keypair(conf)
end
-local function get_real_payload(key, auth_conf, payload)
+local function get_real_payload(key, auth_conf, payload, key_claim_name)
local real_payload = {
-key = key,
+[key_claim_name] = key,
Review Comment:
although the key_claim_name has changed, the value of `key_claim_name` will
always be `key`. That doesn't fit into the scene. For example, if the
`key_claim_name` is `exp` then the value should be the expiry time, not the
key. Right?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Re: [I] dashboard 3.0.0版本如何配置外网可以访问? [apisix-dashboard]
n0thingcode commented on issue #2877: URL: https://github.com/apache/apisix-dashboard/issues/2877#issuecomment-2362861260 外网能访问的网段0.0.0.0/24应为0.0.0.0/0 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Enhance jwt-auth Plugin with Configurable Claim Name and Support for Asymmetric Algorithms [apisix]
shreemaan-abhishek commented on PR #11511: URL: https://github.com/apache/apisix/pull/11511#issuecomment-2362837294 Please keep your PR focused. One PR should do only one thing, else it becomes very difficult to review your code. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] change: violation uri-blocker.lua plugin response body remove attribute: rejected_msg [apisix]
shreemaan-abhishek commented on PR #11533: URL: https://github.com/apache/apisix/pull/11533#issuecomment-2362724704 there are more failing test cases. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] bug: Upstream scheme used is https when using k8s Ingress resource [apisix-ingress-controller]
github-actions[bot] closed issue #2239: bug: Upstream scheme used is https when using k8s Ingress resource URL: https://github.com/apache/apisix-ingress-controller/issues/2239 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] bug: Upstream scheme used is https when using k8s Ingress resource [apisix-ingress-controller]
github-actions[bot] commented on issue #2239: URL: https://github.com/apache/apisix-ingress-controller/issues/2239#issuecomment-2362529585 This issue has been closed due to lack of activity. If you think that is incorrect, or the issue requires additional review, you can revive the issue at any time. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] docs: broken links in manage api consumers page [apisix]
JorgeSanchez-Encora commented on issue #11217: URL: https://github.com/apache/apisix/issues/11217#issuecomment-2362265394 Hello, I am interested on doing this issue, can someone assign it to me? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] bug: proxy-rewrite header priority wrong [apisix]
bpasson commented on issue #11587: URL: https://github.com/apache/apisix/issues/11587#issuecomment-2362030029 @zhoujiexiong I managed to get it to compile and not give errors. I skip the docker mount and just do all editing in the container. Though running the testcase from the reference now gives me: ``` root@lima-rancher-desktop:/apisix# prove t/admin/routes.t t/admin/routes.t .. Use of uninitialized value $version in pattern match (m//) at t/APISIX.pm line 144. Use of uninitialized value $version in pattern match (m//) at t/APISIX.pm line 193. Use of uninitialized value $version in pattern match (m//) at t/APISIX.pm line 225. Use of uninitialized value $version in pattern match (m//) at t/APISIX.pm line 234. Bailout called. Further testing stopped: Failed to get the version of the Nginx in PATH: FAILED--Further testing stopped: Failed to get the version of the Nginx in PATH: ``` Any suggestions? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] help request: Not able to use custom plugin with composite architecture approach [apisix-ingress-controller]
lkad commented on issue #2171: URL: https://github.com/apache/apisix-ingress-controller/issues/2171#issuecomment-2361412598 I have added logic to initialize without loading the schema from the file conf/apisix-schema.json, similar to the normal mode. Instead, the schema structure is fetched from the APISIX admin interface during initialization. This way, the custom plugin schemas can be retrieved directly, allowing the use of custom plugins without the need to manually maintain the structure in conf/apisix-schema.json. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] fix Not able to use custom plugin with composite architecture approac… [apisix-ingress-controller]
lkad opened a new pull request, #2300: URL: https://github.com/apache/apisix-ingress-controller/pull/2300 …h #2171 ### Type of change: - [ *] Bugfix ### What this PR does / why we need it: fix Not able to use custom plugin with composite architecture approach #2171 #2171 ### Pre-submission checklist: - [ ] Did you explain what problem does this PR solve? Or what new features have been added? - [ ] Have you added corresponding test cases? - [ ] Have you modified the corresponding document? - [ ] Is this PR backward compatible? **If it is not backward compatible, please discuss on the [mailing list](https://github.com/apache/apisix-ingress-controller#community) first** -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] [Site]: On the English version of the page, the first level of the side navigation bar occasionally does not respond when clicked [apisix-website]
Suvendu-UI commented on issue #1823: URL: https://github.com/apache/apisix-website/issues/1823#issuecomment-2361142174 here i got the screenshot the changes are already there  -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] [Site]: On the English version of the page, the first level of the side navigation bar occasionally does not respond when clicked [apisix-website]
Suvendu-UI commented on issue #1823: URL: https://github.com/apache/apisix-website/issues/1823#issuecomment-2360889436 is the issue resolved ? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] help request: is there a way for authz-keycloak plugin to redirect when an invalid bearer token is provided? [apisix]
Xb990219 closed issue #11588: help request: is there a way for authz-keycloak plugin to redirect when an invalid bearer token is provided? URL: https://github.com/apache/apisix/issues/11588 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[I] bug: error related to mounted `config.yaml` in standalone mode (3.8.0, 3.9.0) [apisix-docker]
kayx23 opened a new issue, #541:
URL: https://github.com/apache/apisix-docker/issues/541
## Current State
With the new `3.8.0-debian` image, I was unable to access route defined in
the `apisix.yaml`:
Note that:
1. the problem goes away if I do not mount `config.yaml`. In other words, if
I just mount `apisix.yaml` with a route config, I could access the route
successfully.
2. **this was not an issue in `3.5.0`** (unable to test with `3.6.0` and
`3.7.0` due to [sed
error](https://github.com/apache/apisix-docker/issues/529)), so something may
have changed. See screenshot below:
**Therefore, this looks like an error related to mounting `config.yaml`.**
## Logs
```
2024/01/16 14:11:04 [error] 35#35: *6 [lua] config_yaml.lua:211: failed to
check item data of [routes] err:allOf 1 failed: value should match only one
schema, but matches none ,val: {"priority":0,"status":1}, context:
init_worker_by_lua*
2024/01/16 14:11:04 [warn] 39#39: *5 [lua] plugin.lua:255: load_stream():
new plugins:
{"limit-conn":true,"ip-restriction":true,"syslog":true,"mqtt-proxy":true},
context: init_worker_by_lua*
2024/01/16 14:11:04 [error] 38#38: *2 [lua] config_yaml.lua:211: failed to
check item data of [routes] err:allOf 1 failed: value should match only one
schema, but matches none ,val: {"priority":0,"status":1}, context:
init_worker_by_lua*
2024/01/16 14:11:04 [warn] 41#41: *8 [lua] plugin.lua:255: load_stream():
new plugins:
{"limit-conn":true,"ip-restriction":true,"syslog":true,"mqtt-proxy":true},
context: init_worker_by_lua*
2024/01/16 14:11:04 [error] 39#39: *5 [lua] config_yaml.lua:211: failed to
check item data of [routes] err:allOf 1 failed: value should match only one
schema, but matches none ,val: {"priority":0,"status":1}, context:
init_worker_by_lua*
2024/01/16 14:11:04 [error] 41#41: *8 [lua] config_yaml.lua:211: failed to
check item data of [routes] err:allOf 1 failed: value should match only one
schema, but matches none ,val: {"priority":0,"status":1}, context:
init_worker_by_lua*
2024/01/16 14:11:04 [warn] 46#46: *9 [lua] plugin.lua:255: load_stream():
new plugins:
{"limit-conn":true,"ip-restriction":true,"syslog":true,"mqtt-proxy":true},
context: init_worker_by_lua*
2024/01/16 14:11:04 [error] 46#46: *9 [lua] config_yaml.lua:211: failed to
check item data of [routes] err:allOf 1 failed: value should match only one
schema, but matches none ,val: {"priority":0,"status":1}, context:
init_worker_by_lua*
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Re: [I] bug: http2 not working [apisix]
jialechan commented on issue #11543: URL: https://github.com/apache/apisix/issues/11543#issuecomment-2360561920 > @jialechan maybe this issue is because the httpbin server doesn't support http2? @shreemaan-abhishek Thank you for your reply. I replace httpbin to something support http2, but it is not working too: **Step 1: create apisix** ``` helm install apisix apisix/apisix --create-namespace --namespace ingress-apisix --set etcd.persistence.size=20Gi --set ingress-controller.enabled=true --set etcd.persistence.storageClass=alicloud-disk-essd ```  **Step 2: create test service** ``` apiVersion: v1 kind: Endpoints metadata: name: my-test subsets: - addresses: - ip: 139.162.123.134 # nghttp2.org ports: - name: my-test port: 80 protocol: TCP --- apiVersion: v1 kind: Service metadata: name: my-test spec: ports: - name: my-test port: 80 protocol: TCP --- apiVersion: apisix.apache.org/v2 kind: ApisixRoute metadata: name: my-test namespace: default spec: http: - backends: - serviceName: my-test servicePort: 80 match: paths: - /* name: route1 ``` **Step 3: test result**  **It seems that http2 can be used to access the service directly, but it cannot be used after forwarding through apisix.** -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] feat: As a user, I want to add another password field for the plugin basic-auth,such as passwd2,so that i can smoothly changing password. [apisix]
github-actions[bot] commented on issue #10282: URL: https://github.com/apache/apisix/issues/10282#issuecomment-2360561158 This issue has been marked as stale due to 350 days of inactivity. It will be closed in 2 weeks if no further activity occurs. If this issue is still relevant, please simply write any comment. Even if closed, you can still revive the issue at any time or discuss it on the d...@apisix.apache.org list. Thank you for your contributions. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] bug: error related to mounted `config.yaml` in standalone mode (3.8.0, 3.9.0) [apisix-docker]
github-actions[bot] closed issue #541: bug: error related to mounted `config.yaml` in standalone mode (3.8.0, 3.9.0) URL: https://github.com/apache/apisix-docker/issues/541 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] bug: error related to mounted `config.yaml` in standalone mode (3.8.0, 3.9.0) [apisix-docker]
github-actions[bot] commented on issue #541: URL: https://github.com/apache/apisix-docker/issues/541#issuecomment-2360560136 This issue has been closed due to lack of activity. If you think that is incorrect, or the issue requires additional review, you can revive the issue at any time. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] help request: is there a way for authz-keycloak plugin to redirect when an invalid bearer token is provided? [apisix]
shreemaan-abhishek commented on issue #11588: URL: https://github.com/apache/apisix/issues/11588#issuecomment-2360098045 > Is there a way to redirect to another uri when the bearer token is invalid, instead of throwing a 401 unauthorized error? If the bearer token is invalid, the keycloak server would send 401 and APISIX has no control over that. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] feat: rewrite hmac-auth plugin for usability [apisix]
Revolyssup merged PR #11581: URL: https://github.com/apache/apisix/pull/11581 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] help request: is there a way for authz-keycloak plugin to redirect when an invalid bearer token is provided? [apisix]
Xb990219 commented on issue #11588: URL: https://github.com/apache/apisix/issues/11588#issuecomment-2360107930 > > Is there a way to redirect to another uri when the bearer token is invalid, instead of throwing a 401 unauthorized error? > > If the bearer token is invalid, the keycloak server would send 401 and APISIX has no control over that. I see, thanks a lot. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] help request: is there a way for authz-keycloak plugin to redirect when an invalid bearer token is provided? [apisix]
Xb990219 closed issue #11588: help request: is there a way for authz-keycloak plugin to redirect when an invalid bearer token is provided? URL: https://github.com/apache/apisix/issues/11588 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] docs: add Chinese language support to wasm documentation [apisix]
yzeng25 commented on code in PR #11572:
URL: https://github.com/apache/apisix/pull/11572#discussion_r1766101123
##
docs/zh/latest/wasm.md:
##
@@ -0,0 +1,84 @@
+# Wasm
+
+APISIX 支持使用 [Proxy Wasm SDK](https://github.com/proxy-wasm/spec#sdks) 编写的 Wasm
插件。
+
+目前,仅实现了少数 API。请关注
[wasm-nginx-module](https://github.com/api7/wasm-nginx-module) 以了解进展。
+
+## 编程模型
+
+所有插件都在同一个 Wasm VM 中运行,就像 Lua 插件在 Lua VM 中一样。
+
+每个插件都有自己的 VMContext(根 ctx)。
+
+每个配置的路由/全局规则都有自己的 PluginContext(插件 ctx)。例如,如果我们有一个配置了 Wasm
插件的服务,并且有两个路由继承自它,将会有两个插件 ctx。
+
+每个命中该配置的 HTTP 请求都有自己的 HttpContext(HTTP ctx)。例如,如果我们同时配置了全局规则和路由,HTTP 请求将有两个
HTTP ctx,一个用于来自全局规则的插件 ctx,另一个用于来自路由的插件 ctx。
+
+## 如何使用
+
+首先,我们需要在`config.yaml`中定义插件:
+
+```yaml
+wasm:
+ plugins:
+- name: wasm_log # 插件的名称
+ priority: 7999 # 优先级
+ file: t/wasm/log/main.go.wasm # `.wasm` 文件的路径
+ http_request_phase: access # 默认是"access",可以是["access", "rewrite"]之一
+```
+
+就是这样。现在您可以像使用常规插件一样使用 Wasm 插件。
+
+例如,在指定路由上启用此插件:
+
+**注意**
+
+您可以从`config.yaml`中获取`admin_key`,并使用以下命令将其保存到环境变量中:
+
+```bash
+admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml |
sed's/"//g')
+```
+
+然后执行以下命令:
+
+```bash
+curl -i http://127.0.0.1:9180/apisix/admin/routes/1 -H "X-API-KEY: $admin_key"
-X PUT -d '
+{
+"uri": "/index.html",
+"plugins": {
+"wasm_log": {
+"conf": "blahblah"
+}
+},
+"upstream": {
+"type": "roundrobin",
+"nodes": {
+"127.0.0.1:1980": 1
+}
+}
+}'
+```
+
+以下是插件中可以配置的属性:
+
+|名称 | 类型 | 要求 | 默认 | 有效 | 描述|
+|---|---|---|---|---|---|
+|conf|字符串 | 必填 | 无| 不得为空 |插件 ctx 配置,可以通过 Proxy Wasm SDK 获取|
Review Comment:
```suggestion
|conf|字符串 | 必填 | 无 | 不得为空 |插件 ctx 配置,可以通过 Proxy Wasm SDK 获取|
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Re: [I] bug: proxy-rewrite header priority wrong [apisix]
zhoujiexiong commented on issue #11587: URL: https://github.com/apache/apisix/issues/11587#issuecomment-2359858962 @bpasson `docker exec -it apisix-dev-env make deps` Did this step run successfully? And what is the output of `docker exec -it apisix-dev-env which openresty`? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] help request: how to close keepalive [apisix]
zzl-code closed issue #11571: help request: how to close keepalive URL: https://github.com/apache/apisix/issues/11571 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] help request: how to close keepalive [apisix]
zzl-code commented on issue #11571: URL: https://github.com/apache/apisix/issues/11571#issuecomment-2359783726 > > 我注意到代码中有一个 enable_keepalive;应如何配置它以使其值为 false? > > 读完代码后,我可以得出结论,这是无法配置的。但是,您可以修改代码并测试它是否解决了您的问题。然后您可以建议配置该`keepalive`字段。 > > [您可以使用https://github.com/shreemaan-abhishek/apisix/blob/6e3bee2bffa97d03ba2ed7f33f92de9618acb94b/apisix/balancer.lua#L334](https://github.com/shreemaan-abhishek/apisix/blob/6e3bee2bffa97d03ba2ed7f33f92de9618acb94b/apisix/balancer.lua#L334)替换以下代码行`return true` [](https://github.com/shreemaan-abhishek/apisix/blob/6e3bee2bffa97d03ba2ed7f33f92de9618acb94b/apisix/balancer.lua#L334) I modified the code to set enable_keepalive=false, observed it for a day, and it seems to have worked, as the 502 errors have not reappeared." -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] request help: missing user key in JWT token [apisix-ingress-controller]
github-actions[bot] commented on issue #2250: URL: https://github.com/apache/apisix-ingress-controller/issues/2250#issuecomment-2359731353 This issue has been marked as stale due to 90 days of inactivity. It will be closed in 30 days if no further activity occurs. If this issue is still relevant, please simply write any comment. Even if closed, you can still revive the issue at any time or discuss it on the d...@apisix.apache.org list. Thank you for your contributions. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] feat: run and report conformance of Gateway API [apisix-ingress-controller]
github-actions[bot] commented on issue #2088: URL: https://github.com/apache/apisix-ingress-controller/issues/2088#issuecomment-2359731305 This issue has been marked as stale due to 90 days of inactivity. It will be closed in 30 days if no further activity occurs. If this issue is still relevant, please simply write any comment. Even if closed, you can still revive the issue at any time or discuss it on the d...@apisix.apache.org list. Thank you for your contributions. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] bug: proxy-rewrite header priority wrong [apisix]
bpasson commented on issue #11587: URL: https://github.com/apache/apisix/issues/11587#issuecomment-2358837917 @zhoujiexiong I followed there [reference](https://apisix.apache.org/docs/apisix/build-apisix-dev-environment-on-mac/) and got stuk at `docker exec -it apisix-dev-env make run` which gave the error: ``` root@lima-rancher-desktop:/apisix# make run /bin/bash: -V: invalid option Usage: /bin/bash [GNU long option] [option] ... /bin/bash [GNU long option] [option] script-file ... GNU long options: --debug --debugger --dump-po-strings --dump-strings --help --init-file --login --noediting --noprofile --norc --posix --pretty-print --rcfile --restricted --verbose --version Shell options: -ilrsD or -c command or -O shopt_option (invocation only) -abefhkmnptuvxBCHP or -o option [ info ] Use openresty as default runtime [ info ] run -> [ Start ] /apisix/bin/apisix start ERROR: Please check the version of OpenResty and Lua, OpenResty 1.19+ + LuaJIT is required for Apache APISIX. [ info ] run -> [ Done ] ``` Any suggestions? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] help request: How consumer work with forward-auth? [apisix]
zhoujiexiong commented on issue #11567: URL: https://github.com/apache/apisix/issues/11567#issuecomment-2358680968 > However, I'm unsure how to get the consumer_name as the forward-auth plugin doesn't seem to offer the necessary key configuration. @sky-dawn More details about this? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[I] Online Playground cannot be accessed [apisix-dashboard]
andyyin opened a new issue, #2966: URL: https://github.com/apache/apisix-dashboard/issues/2966 ### Issue description https://apisix-dashboard.apiseven.com/ cannot be accessed ### Expected behavior - ### How to Reproduce - ### Screenshots _No response_ ### Environment - apisix version (cmd: `apisix version`): - OS (cmd: `uname -a`): - OpenResty / Nginx version (cmd: `nginx -V` or `openresty -V`): - etcd version, if have (cmd: run `etcd --version`): - apisix-dashboard version, if have: - Browser version, if have: ### Additional context _No response_ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] bug: proxy-rewrite header priority wrong [apisix]
zhoujiexiong commented on issue #11587: URL: https://github.com/apache/apisix/issues/11587#issuecomment-2358651076 > Is there a dev-container I can use for a local build? @bpasson Try this [reference](https://apisix.apache.org/docs/apisix/build-apisix-dev-environment-on-mac/) first? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] feat: support gcp secret manager [apisix]
HuanXin-Chen commented on code in PR #11436:
URL: https://github.com/apache/apisix/pull/11436#discussion_r1765101790
##
t/secret/gcp.t:
##
@@ -0,0 +1,737 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+use t::APISIX 'no_plan';
+
+repeat_each(1);
+no_long_string();
+no_root_location();
+log_level("info");
+
+run_tests;
+
+__DATA__
+
+=== TEST 1: sanity: validate different schema situation
Review Comment:
Fixed.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Re: [I] bug: proxy-rewrite header priority wrong [apisix]
bpasson commented on issue #11587: URL: https://github.com/apache/apisix/issues/11587#issuecomment-2358354764 @zhoujiexiong I have very little knowledge about Lua language, but I will try I suppose this is not much more than swapping some lines. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] bug: proxy-rewrite header priority wrong [apisix]
zhoujiexiong commented on issue #11587: URL: https://github.com/apache/apisix/issues/11587#issuecomment-2358317117 @bpasson The [Header Priority](https://apisix.apache.org/docs/apisix/plugins/proxy-rewrite/#header-priority) mentioned in the document should refer to the priority of the header configuration to take effect, so the order of configuration application should be `remove | set`, then `add` to ensure the `Header Priority`. That would be more reasonable and also meet your current scenario. So will you raise a PR to fix this problem? :D -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] When will the docker image for APISIX 3.10 release? [apisix-docker]
github-actions[bot] commented on issue #564: URL: https://github.com/apache/apisix-docker/issues/564#issuecomment-2358039661 This issue has been marked as stale due to 30 days of inactivity. It will be closed in 2 weeks if no further activity occurs. If this issue is still relevant, please simply write any comment. Even if closed, you can still revive the issue at any time or discuss it on the d...@apisix.apache.org list. Thank you for your contributions. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] feat: support gcp secret manager [apisix]
membphis commented on code in PR #11436:
URL: https://github.com/apache/apisix/pull/11436#discussion_r1757871158
##
t/secret/gcp.t:
##
@@ -0,0 +1,737 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+use t::APISIX 'no_plan';
+
+repeat_each(1);
+no_long_string();
+no_root_location();
+log_level("info");
+
+run_tests;
+
+__DATA__
+
+=== TEST 1: sanity: validate different schema situation
Review Comment:
we can remove `sanity: `
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Re: [PR] feat: rewrite hmac-auth plugin for usability [apisix]
membphis commented on code in PR #11581:
URL: https://github.com/apache/apisix/pull/11581#discussion_r1764662315
##
apisix/plugins/hmac-auth.lua:
##
@@ -354,86 +283,62 @@ local function validate(ctx, params)
end
-local function get_params(ctx)
-local params = {}
-local access_key = ACCESS_KEY
-local signature_key = SIGNATURE_KEY
-local algorithm_key = ALGORITHM_KEY
-local date_key = DATE_KEY
-local signed_headers_key = SIGNED_HEADERS_KEY
-local body_digest_key = BODY_DIGEST_KEY
-
-
-local attr = plugin.plugin_attr(plugin_name)
-if attr then
-access_key = attr.access_key or access_key
-signature_key = attr.signature_key or signature_key
-algorithm_key = attr.algorithm_key or algorithm_key
-date_key = attr.date_key or date_key
-signed_headers_key = attr.signed_headers_key or signed_headers_key
-body_digest_key = attr.body_digest_key or body_digest_key
+local function retrieve_hmac_fields(ctx)
+local hmac_params = {}
+local auth_string = core.request.header(ctx, "Authorization")
+if not auth_string then
+return nil, "missing Authorization header"
end
-local app_key = core.request.header(ctx, access_key)
-local signature = core.request.header(ctx, signature_key)
-local algorithm = core.request.header(ctx, algorithm_key)
-local date = core.request.header(ctx, date_key)
-local signed_headers = core.request.header(ctx, signed_headers_key)
-local body_digest = core.request.header(ctx, body_digest_key)
-core.log.info("signature_key: ", signature_key)
-
--- get params from header `Authorization`
-if not app_key then
-local auth_string = core.request.header(ctx, "Authorization")
-if not auth_string then
-return params
-end
-
-local auth_data = ngx_re.split(auth_string, "#")
-core.log.info("auth_string: ", auth_string, " #auth_data: ",
- #auth_data, " auth_data: ",
- core.json.delay_encode(auth_data))
-
-if #auth_data == 6 and auth_data[1] == "hmac-auth-v1" then
-app_key = auth_data[2]
-signature = auth_data[3]
-algorithm = auth_data[4]
-date = auth_data[5]
-signed_headers = auth_data[6]
-end
+if not auth_string:match("^Signature") then
Review Comment:
https://github.com/apache/apisix/blob/master/apisix/core/string.lua#L62
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Re: [PR] feat: rewrite hmac-auth plugin for usability [apisix]
membphis commented on code in PR #11581:
URL: https://github.com/apache/apisix/pull/11581#discussion_r1764650470
##
apisix/plugins/hmac-auth.lua:
##
@@ -148,204 +118,163 @@ function _M.check_schema(conf, schema_type)
end
-local function get_consumer(access_key)
-if not access_key then
-return nil, "missing access key"
+local function get_consumer(key_id)
+if not key_id then
+return nil, "missing key_id"
end
local consumer_conf = consumer.plugin(plugin_name)
if not consumer_conf then
return nil, "Missing related consumer"
end
-local consumers = consumer.consumers_kv(plugin_name, consumer_conf,
"access_key")
-local consumer = consumers[access_key]
+local consumers = consumer.consumers_kv(plugin_name, consumer_conf,
"key_id")
+local consumer = consumers[key_id]
if not consumer then
-return nil, "Invalid access key"
+return nil, "Invalid key_id"
end
core.log.info("consumer: ", core.json.delay_encode(consumer))
return consumer
end
-local function get_conf_field(access_key, field_name)
-local consumer, err = get_consumer(access_key)
-if err then
-return false, err
-end
-
-return consumer.auth_conf[field_name]
-end
-
-
-local function do_nothing(v)
-return v
-end
-
local function generate_signature(ctx, secret_key, params)
-local canonical_uri = ctx.var.uri
-local canonical_query_string = ""
+local uri = ctx.var.request_uri
local request_method = core.request.get_method()
-local args = core.request.get_uri_args(ctx)
-if canonical_uri == "" then
-canonical_uri = "/"
+if uri == "" then
+uri = "/"
end
-if type(args) == "table" then
-local keys = {}
-local query_tab = {}
-
-for k, v in pairs(args) do
-core.table.insert(keys, k)
-end
-core.table.sort(keys)
-
-local field_val = get_conf_field(params.access_key,
"encode_uri_params")
-core.log.info("encode_uri_params: ", field_val)
-
-local encode_or_not = do_nothing
-if field_val then
-encode_or_not = escape_uri
-end
-
-for _, key in pairs(keys) do
-local param = args[key]
--- when args without `=`, value is treated as true.
--- In order to be compatible with args lacking `=`,
--- we need to replace true with an empty string.
-if type(param) == "boolean" then
-param = ""
-end
-
--- whether to encode the uri parameters
-if type(param) == "table" then
-local vals = {}
-for _, val in pairs(param) do
-if type(val) == "boolean" then
-val = ""
-end
-core.table.insert(vals, val)
-end
-core.table.sort(vals)
-
-for _, val in pairs(vals) do
-core.table.insert(query_tab, encode_or_not(key) .. "=" ..
encode_or_not(val))
-end
-else
-core.table.insert(query_tab, encode_or_not(key) .. "=" ..
encode_or_not(param))
-end
-end
-canonical_query_string = core.table.concat(query_tab, "&")
-end
-
-core.log.info("all headers: ",
- core.json.delay_encode(core.request.headers(ctx), true))
-
local signing_string_items = {
-request_method,
-canonical_uri,
-canonical_query_string,
-params.access_key,
-params.date,
+params.keyId,
}
-if params.signed_headers then
-for _, h in ipairs(params.signed_headers) do
-local canonical_header = core.request.header(ctx, h) or ""
-core.table.insert(signing_string_items,
- h .. ":" .. canonical_header)
-core.log.info("canonical_header name:", core.json.delay_encode(h))
-core.log.info("canonical_header value: ",
- core.json.delay_encode(canonical_header))
+if params.headers then
+for _, h in ipairs(params.headers) do
+local canonical_header = core.request.header(ctx, h)
+if not canonical_header then
+ if h == "@request-target" then
+local request_target = request_method .. " " .. uri
+core.table.insert(signing_string_items, request_target)
+core.log.info("canonical_header name:",
core.json.delay_encode(h))
+core.log.info("canonical_header value: ",
+ core.json.delay_encode(request_target))
+ end
+else
+ core.table.insert(signing_string_items,
Review Comment:
bad alignment
https://github.com/user-attachments/assets/d832f906-fbf4-47c6-bc71-f47b3c074e1a";>
##
apisix/plug
Re: [I] bug: cors plugin does not allow setting ** if allow_credential is true [apisix]
rajan123456 commented on issue #11586: URL: https://github.com/apache/apisix/issues/11586#issuecomment-2357878300 Great! Thanks for pointing out! I was able to apply my config by additionally specifying ``` expose_headers: '**' ``` Do we need to update the docs? As the docs specify expose_headers does not have a default value of '*', which appears to be the issue here. https://apisix.apache.org/docs/apisix/plugins/cors/#cors-attributes -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[I] help request: is there a way for authz-keycloak plugin to redirect when an invalid bearer token is provided? [apisix]
Xb990219 opened a new issue, #11588: URL: https://github.com/apache/apisix/issues/11588 ### Description I have search for the current issues and cannot find a solution. I know there is an `access_denied_redirect_uri` attribute in authz-keycloak plugin to redirect the user when the permission is denied by keycloak. Is there a way to redirect to another uri when the bearer token is invalid, instead of throwing a 401 unauthorized error? Appreciate the help!! ### Environment - APISIX version (run `apisix version`): - Operating system (run `uname -a`): - OpenResty / Nginx version (run `openresty -V` or `nginx -V`): - etcd version, if relevant (run `curl http://127.0.0.1:9090/v1/server_info`): - APISIX Dashboard version, if relevant: - Plugin runner version, for issues related to plugin runners: - LuaRocks version, for installation issues (run `luarocks --version`): -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] feat: content-moderation plugin [apisix]
shreemaan-abhishek commented on code in PR #11541:
URL: https://github.com/apache/apisix/pull/11541#discussion_r1751581472
##
apisix/plugins/ai/openai.lua:
##
@@ -0,0 +1,33 @@
+--
+-- Licensed to the Apache Software Foundation (ASF) under one or more
+-- contributor license agreements. See the NOTICE file distributed with
+-- this work for additional information regarding copyright ownership.
+-- The ASF licenses this file to You under the Apache License, Version 2.0
+-- (the "License"); you may not use this file except in compliance with
+-- the License. You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+--
+local core = require("apisix.core")
+local ipairs = ipairs
+
+local _M = {}
+
+
+function _M.create_request_text_segments(msgs)
Review Comment:
this function can be merged with openai.lua file after ai-proxy PR is merged.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[I] bug: proxy-rewrite header priority wrong [apisix]
bpasson opened a new issue, #11587:
URL: https://github.com/apache/apisix/issues/11587
### Current Behavior
The current priority for header operations is: `add > remove > set`. This
makes it impossible to handle the use-case where you want to add multiple
headers with the same name but first remove all the headers with that name. The
following configuration would make sense in my opinion:
```
"proxy-rewrite": {
"headers": {
"remove: ["foo"]
"add": {
"foo": "bar1",
"foo": "bar2",
}
}
}
```
But due to the header priority `add > remove > set` this leads to no foo
headers, as first they are added and then all removed again.
### Expected Behavior
The expected behaviour would be to have both foo headers added and all
earlier foo headers removed. For this to work the priority order should be
`remove > set > add`. The `set` operation is basically a shortcut for `remove,
add` but is confusing when you need a header multiple times, which set does not
allow.
### Error Logs
_No response_
### Steps to Reproduce
1. Run APISIX via docker image
2. Create a route:
```
{
"uri": "/*",
"name": "httpbin-demo",
"host": "httpbin.org",
"upstream": {
"scheme": "https",
"type": "roundrobin",
"nodes": {
"httpbin.org:443": 1
}
},
"plugins": {
"proxy-rewrite": {
"headers": {
"remove": ["foo"],
"add": {
"foo": "bar2",
"foo": "bar3"
}
}
}
}
}
```
3. Test using `curl -H"foo: bar1" -H"Host: httpbin.org"
http://localhost:9080/anything
The resulting json is missing the expected `foo: bar1` and `foo: bar2`
headers.
### Environment
- APISIX version (run `apisix version`): Stock docker container with version
3.10.0
- Operating system (run `uname -a`): Not relevant, but Ubuntu 24.04 LTS
- OpenResty / Nginx version (run `openresty -V` or `nginx -V`):
- etcd version, if relevant (run `curl
http://127.0.0.1:9090/v1/server_info`): Not relevant
- APISIX Dashboard version, if relevant: Not relevant
- Plugin runner version, for issues related to plugin runners: Not relevant
- LuaRocks version, for installation issues (run `luarocks --version`): Not
relevant
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Re: [PR] feat: content-moderation plugin [apisix]
nic-6443 commented on code in PR #11541:
URL: https://github.com/apache/apisix/pull/11541#discussion_r1764593201
##
apisix/plugins/content-moderation.lua:
##
@@ -0,0 +1,155 @@
+--
+-- Licensed to the Apache Software Foundation (ASF) under one or more
+-- contributor license agreements. See the NOTICE file distributed with
+-- this work for additional information regarding copyright ownership.
+-- The ASF licenses this file to You under the Apache License, Version 2.0
+-- (the "License"); you may not use this file except in compliance with
+-- the License. You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+--
+local core = require("apisix.core")
+local aws = require("resty.aws")
+local aws_instance = aws()
+local http = require("resty.http")
+local next = next
+local pairs = pairs
+local unpack = unpack
+
+local aws_comprehend_schema = {
+type = "object",
+properties = {
+access_key_id = { type = "string" },
+secret_access_key = { type = "string" },
Review Comment:
got it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Re: [PR] docs: update config.yaml.example about upstream's keepalive. [apisix]
kayx23 commented on code in PR #11585: URL: https://github.com/apache/apisix/pull/11585#discussion_r1764574484 ## conf/config.yaml.example: ## @@ -238,12 +238,12 @@ nginx_config: # Config for render the template to generate n # the requested server name. upstream: - keepalive: 320 # Set the maximum time of keep-alive connections to the upstream servers. + keepalive: 320 # the maximum number of idle keepalive connections to the upstream service of each worker process. Review Comment: ```suggestion keepalive: 320 # Set the maximum number of idle keepalive connections to the upstream service of each worker process. ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[I] bug: cors plugin does not allow setting ** if allow_credential is true [apisix]
rajan123456 opened a new issue, #11586:
URL: https://github.com/apache/apisix/issues/11586
### Current Behavior
I am trying to define an APISIX route using CRD. I am trying to enable cors
plugin but facing an issue with specifying *
```
apiVersion: apisix.apache.org/v2
kind: ApisixRoute
metadata:
name: my-test-route
spec:
http:
- name: my-test-route-login-post
match:
hosts:
- "login.internal"
paths:
- /login*
methods:
- "POST"
backends:
- serviceName: my-internal-service
servicePort: 80
plugins:
- name: cors
enable: true
config:
allow_origins: "**"
allow_credential: true
allow_methods: "**"
allow_headers: "**"
```
I get the below error after applying the CRD
```
* unexpected status code 400; error message: {"error_msg":"failed to check
the configuration of plugin cors err: you can not set '*' for other option when
'allow_credential' is true"}
```
### Expected Behavior
As per docs, forcefully specifying wildcards is supported if ** is specified
instead of *
### Error Logs
_No response_
### Steps to Reproduce
1. Deploy APISIX using Helm chart
2. Deploy application as backend
3. Apply ApisixRoute CRD to create Route with specified settings
### Environment
- APISIX version (run `apisix version`): 3.9.1
- Operating system (run `uname -a`): Linux
aau-apisix-control-plane-69f888b585-lnzgt 5.15.0-1061-nvidia #62-Ubuntu SMP Mon
Jul 15 15:06:50 UTC 2024 x86_64 GNU/Linux
- OpenResty / Nginx version (run `openresty -V` or `nginx -V`):
nginx version: openresty/1.25.3.1
built with OpenSSL 3.2.0 23 Nov 2023
TLS SNI support enabled
configure arguments: --prefix=/opt/bitnami/apisix/openresty/nginx
--with-debug --with-cc-opt='-DNGX_LUA_USE_ASSERT -DNGX_LUA_ABORT_AT_PANIC -O2
-DAPISIX_RUNTIME_VER=1.2.0
-DNGX_GRPC_CLI_ENGINE_PATH=/opt/bitnami/apisix/openresty/libgrpc_engine.so
-DNGX_HTTP_GRPC_CLI_ENGINE_PATH=/opt/bitnami/apisix/openresty/libgrpc_engine.so
-DNGX_LUA_ABORT_AT_PANIC -I/opt/bitnami/apisix/openresty/zlib/include
-I/opt/bitnami/apisix/openresty/pcre/include
-I/opt/bitnami/apisix/openresty/openssl3/include'
--add-module=../ngx_devel_kit-0.3.3 --add-module=../echo-nginx-module-0.63
--add-module=../xss-nginx-module-0.06 --add-module=../ngx_coolkit-0.2
--add-module=../set-misc-nginx-module-0.33
--add-module=../form-input-nginx-module-0.12
--add-module=../encrypted-session-nginx-module-0.09
--add-module=../srcache-nginx-module-0.33 --add-module=../ngx_lua-0.10.26
--add-module=../ngx_lua_upstream-0.07
--add-module=../headers-more-nginx-module-0.37
--add-module=../array-var-nginx-module-0.06 --add-module=../
memc-nginx-module-0.20 --add-module=../redis2-nginx-module-0.15
--add-module=../redis-nginx-module-0.3.9 --add-module=../ngx_stream_lua-0.0.14
--with-ld-opt='-Wl,-rpath,/opt/bitnami/apisix/openresty/luajit/lib
-Wl,-rpath,/opt/bitnami/apisix/openresty/wasmtime-c-api/lib
-L/opt/bitnami/apisix/openresty/zlib/lib
-L/opt/bitnami/apisix/openresty/pcre/lib
-L/opt/bitnami/apisix/openresty/openssl3/lib
-Wl,-rpath,/opt/bitnami/apisix/openresty/zlib/lib:/opt/bitnami/apisix/openresty/pcre/lib:/opt/bitnami/apisix/openresty/openssl3/lib'
--add-module=/tmp/tmp.LFFzS0ylCK/openresty-1.25.3.1/../mod_dubbo-1.0.2
--add-module=/tmp/tmp.LFFzS0ylCK/openresty-1.25.3.1/../ngx_multi_upstream_module-1.2.0
--add-module=/tmp/tmp.LFFzS0ylCK/openresty-1.25.3.1/../apisix-nginx-module-1.16.0
--add-module=/tmp/tmp.LFFzS0ylCK/openresty-1.25.3.1/../apisix-nginx-module-1.16.0/src/stream
--add-module=/tmp/tmp.LFFzS0ylCK/openresty-1.25.3.1/../apisix-nginx-module-1.16.0/src/meta
--add-module=/tmp/tmp.LFFzS0ylCK/openresty-
1.25.3.1/../wasm-nginx-module-0.7.0
--add-module=/tmp/tmp.LFFzS0ylCK/openresty-1.25.3.1/../lua-var-nginx-module-v0.5.3
--add-module=/tmp/tmp.LFFzS0ylCK/openresty-1.25.3.1/../grpc-client-nginx-module-v0.5.0
--add-module=/tmp/tmp.LFFzS0ylCK/openresty-1.25.3.1/../lua-resty-events-0.2.0
--with-poll_module --with-pcre-jit --with-stream --with-stream_ssl_module
--with-stream_ssl_preread_module --with-http_v2_module --with-http_v3_module
--without-mail_pop3_module --without-mail_imap_module
--without-mail_smtp_module --with-http_stub_status_module
--with-http_realip_module --with-http_addition_module
--with-http_auth_request_module --with-http_secure_link_module
--with-http_random_index_module --with-http_gzip_static_module
--with-http_sub_module --with-http_dav_module --with-http_flv_module
--with-http_mp4_module --with-http_gunzip_module --with-threads --with-compat
--with-stream --without-pcre2 --with-http_ssl_module
- etcd version, if relevant (run `curl
http://127.0.0.1:9090/v1/server_info`): 3.5.14
- APISIX Dashboard version, if relevant: 3.0.1
- Plugi
[PR] docs: update config.yaml.example about upstream's keepalive. [apisix]
moonming opened a new pull request, #11585: URL: https://github.com/apache/apisix/pull/11585 ### Description Fixes # (issue) ### Checklist - [ ] I have explained the need for this PR and the problem it solves - [ ] I have explained the changes or the new features added to this PR - [ ] I have added tests corresponding to this change - [ ] I have updated the documentation to reflect this change - [ ] I have verified that this change is backward compatible (If not, please discuss on the [APISIX mailing list](https://github.com/apache/apisix/tree/master#community) first) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[I] bug: always restart automatically [apisix-ingress-controller]
yangkaa opened a new issue, #2298:
URL: https://github.com/apache/apisix-ingress-controller/issues/2298
### Current Behavior
When the ingress-apisix-controller has been running for too long, it will
restart
### Expected Behavior
Stable operation without triggering a restart.
### Error Logs
```
3564 2024-09-18T08:04:01+08:00 ^[[33mwarn^[[0m
apisix/apisix_route.go:486 sync ApisixRoute failed, will retry
{"object": {"Type":4,"Object":{"Key":"test001/53gref0d61-8080-daxf2mr5-app.fs-0
1-0001.test.xxx.com","OldObject":null,"GroupVersion":"apisix.apache.org/v2"},"OldObject":null,"Tombstone":null},
"error": "service.spec.ports: port not defined"}
3565 2024-09-18T08:04:01+08:00 ^[[31merror^[[0m
translation/apisix_route.go:629 ApisixRoute refers to non-existent Service port
{"namespace": "test001", "port": "8080"}
3566 fatal error: concurrent map iteration and map write
3567
3568 goroutine 269 [running]:
3569 reflect.mapiternext(0x4aabef?)
3570 /usr/local/go/src/runtime/map.go:1380 +0x19
3571 reflect.(*MapIter).Next(0xc003c222c0?)
3572 /usr/local/go/src/reflect/value.go:1924 +0x7e
3573 encoding/json.mapEncoder.encode({0x21aa76b?}, 0xc0037fcb00,
{0x1f1c3c0?, 0xc000a18018?, 0x7fbee7274878?}, {0x9?, 0x0?})
3574 /usr/local/go/src/encoding/json/encode.go:797 +0x33e
3575 encoding/json.structEncoder.encode({{{0xc000a7b200?, 0xc000c42050?,
0xede6b4b3b?}, 0xc000a60b10?}}, 0xc0037fcb00, {0x2016540?, 0xc000a18000?,
0x17?}, {0x0, 0x0})
3576 /usr/local/go/src/encoding/json/encode.go:759 +0x1f4
3577 encoding/json.arrayEncoder.encode({0x6000ef?}, 0xc0037fcb00,
{0x1d3a480?, 0xc000c42100?, 0xc003c22550?}, {0x45?, 0xc6?})
3578 /usr/local/go/src/encoding/json/encode.go:914 +0xd5
3579 encoding/json.sliceEncoder.encode({0xc003c22698?}, 0xc0037fcb00,
{0x1d3a480?, 0xc000c42100?, 0xc000c42020?}, {0xa?, 0x0?})
3580 /usr/local/go/src/encoding/json/encode.go:887 +0x32f
3581 encoding/json.structEncoder.encode({{{0xc002634000?, 0xc000a44650?,
0xede6b4b00?}, 0xc000a60e40?}}, 0xc0037fcb00, {0x21097a0?, 0xc000c42000?,
0x4?}, {0x0, 0x0})
3582 /usr/local/go/src/encoding/json/encode.go:759 +0x1f4
3583 encoding/json.arrayEncoder.encode({0x5fe6fa?}, 0xc0037fcb00,
{0x1d3a3c0?, 0xc000e107f8?, 0x1b?}, {0x50?, 0x1c?})
3584 /usr/local/go/src/encoding/json/encode.go:914 +0xd5
3585 encoding/json.sliceEncoder.encode({0x1da0380?}, 0xc0037fcb00,
{0x1d3a3c0?, 0xc000e107f8?, 0x6?}, {0x7?, 0x0?})
3586 /usr/local/go/src/encoding/json/encode.go:887 +0x32f
3587 encoding/json.structEncoder.encode({{{0xc000a7a6c0?, 0x3fc?,
0x1da0380?}, 0xc000a610e0?}}, 0xc0037fcb00, {0x1fb91c0?, 0xc000e107e8?, 0x7?},
{0x0, 0x0})
3588 /usr/local/go/src/encoding/json/encode.go:759 +0x1f4
3589 encoding/json.structEncoder.encode({{{0xc002606900?, 0x0?,
0xc0005aa400?}, 0xc000a61290?}}, 0xc0037fcb00, {0x2016300?, 0xc000e106e0?,
0x414016?}, {0x0, 0x0}qDqDqDqDqDqDqDqDqDqDqDqDqDqDqDqDqDqDqDqDqDqD)
3590 /usr/local/go/src/encoding/json/encode.go:759 +0x1f4
3591 encoding/json.ptrEncoder.encode({0xc003c22c88?}, 0xc0037fcb00,
{0x215c540?, 0xc000e106e0?, 0x215c540?}, {0x4c?, 0x0?})
3592 /usr/local/go/src/encoding/json/encode.go:943 +0x21c
3593 encoding/json.(*encodeState).reflectValue(0x20bfc20?, {0x215c540?,
0xc000e106e0?, 0x50?}, {0x0?, 0x0?})
3594 /usr/local/go/src/encoding/json/encode.go:358 +0x78
3595 encoding/json.interfaceEncoder(0xc0037fcb00, {0x20bfc20?,
0xc00360ff08?, 0x0?}, {0xc0?, 0x51?})
3596 /usr/local/go/src/encoding/json/encode.go:714 +0xc8
3597 encoding/json.structEncoder.encode({{{0xc002640240?, 0x0?,
0x21c2d1f?}, 0xc000a61350?}}, 0xc0037fcb00, {0x2159de0?, 0xc00360fef0?,
0xc003c22f88?}, {0x0, 0x0})
3598 /usr/local/go/src/encoding/json/encode.go:759 +0x1f4
3599 encoding/json.ptrEncoder.encode({0x0?}, 0xc0037fcb00, {0x214b500?,
0xc00360fef0?, 0x214b500?}, {0x30?, 0x30?})
3600 /usr/local/go/src/encoding/json/encode.go:943 +0x21c
3601 encoding/json.(*encodeState).reflectValue(0xc003c23028?,
{0x214b500?, 0xc00360fef0?, 0x4?}, {0x20?, 0xa7?})
3602 /usr/local/go/src/encoding/json/encode.go:358 +0x78
3603 encoding/json.(*encodeState).marshal(0x7fbebfaa01b8?, {0x214b500?,
0xc00360fef0?}, {0x0?, 0xa4?})
3604 /usr/local/go/src/encoding/json/encode.go:330 +0xfa
3605 encoding/json.(*Encoder).Encode(0xc0025d3090, {0x214b500,
0xc00360fef0})
3606 /usr/local/go/src/encoding/json/stream.go:209 +0xf3
3607 go.uber.org/zap/zapcore.(*jsonEncoder).encodeReflected(0xc0017ca480,
{0x214b500, 0xc00360fef0})
3608
/go/pkg/mod/go.uber.org/zap@v1.26.0/zapcore/json_encoder.go:172 +0x5c
Re: [PR] feat: support gcp secret manager [apisix]
HuanXin-Chen commented on PR #11436: URL: https://github.com/apache/apisix/pull/11436#issuecomment-2357603784 @bzp2010 @membphis @soulbird @kayx23 @shreemaan-abhishek I think there's no problem in my pr. Some failures in CI are not related to my code, no worries, just retry may solve it. Please review it when you're free. Only after this branch is merged can I proceed with the next step of work: https://github.com/apache/apisix/issues/11576. Thank you!💗 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] docs: add more secret information to the admin api [apisix]
HuanXin-Chen commented on code in PR #11569:
URL: https://github.com/apache/apisix/pull/11569#discussion_r1764435323
##
docs/en/latest/admin-api.md:
##
@@ -1497,6 +1497,102 @@ HTTP/1.1 200 OK
{"key":"\/apisix\/secrets\/vault\/test2","value":{"id":"vault\/test2","token":"apisix","prefix":"apisix","update_time":1669625828,"create_time":1669625828,"uri":"http:\/\/xxx\/get"}}
```
+ When Secret Manager is AWS
+
+| Parameter | Required | Type | Description | Example |
+| --- | --- | --- | --- | --- |
+| access_key_id | True | string | AWS Access Key ID | |
+| secret_access_key | True | string | AWS Secret Access Key | |
+| session_token | False | string | Temporary access credential information | |
+| region | False | string | AWS Region | |
+| endpoint_url | False | URI | AWS Secret Manager URL |
https://secretsmanager.{region}.amazonaws.com |
Review Comment:
Fixed.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Re: [PR] docs: add more secret information to the admin api [apisix]
shreemaan-abhishek commented on code in PR #11569:
URL: https://github.com/apache/apisix/pull/11569#discussion_r1764413982
##
docs/en/latest/admin-api.md:
##
@@ -1497,6 +1497,102 @@ HTTP/1.1 200 OK
{"key":"\/apisix\/secrets\/vault\/test2","value":{"id":"vault\/test2","token":"apisix","prefix":"apisix","update_time":1669625828,"create_time":1669625828,"uri":"http:\/\/xxx\/get"}}
```
+ When Secret Manager is AWS
+
+| Parameter | Required | Type | Description | Example |
+| --- | --- | --- | --- | --- |
+| access_key_id | True | string | AWS Access Key ID | |
+| secret_access_key | True | string | AWS Secret Access Key | |
+| session_token | False | string | Temporary access credential information | |
+| region | False | string | AWS Region | |
+| endpoint_url | False | URI | AWS Secret Manager URL |
https://secretsmanager.{region}.amazonaws.com |
Review Comment:
sure, fine by me. I wanted it to be removed because it's a very wide almost
empty column taking screen real estate away from other columns :D
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[I] help request: Need to help to install in windows server2022 [apisix]
pinki251991 opened a new issue, #11584: URL: https://github.com/apache/apisix/issues/11584 ### Description Need to help to deploy in windows server2022 ### Environment - APISIX version (run `apisix version`): - Operating system (run `uname -a`): - OpenResty / Nginx version (run `openresty -V` or `nginx -V`): - etcd version, if relevant (run `curl http://127.0.0.1:9090/v1/server_info`): - APISIX Dashboard version, if relevant: - Plugin runner version, for issues related to plugin runners: - LuaRocks version, for installation issues (run `luarocks --version`): -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] feat: rewrite hmac-auth plugin for usability [apisix]
Revolyssup commented on PR #11581: URL: https://github.com/apache/apisix/pull/11581#issuecomment-2357459004 > bad title, we can not use `backport` in this PR > > pls add more description about why we need this PR? done -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] help request: amzon linux 2023 install apisix [apisix]
kayx23 commented on issue #11578: URL: https://github.com/apache/apisix/issues/11578#issuecomment-2357413684 Can you share the specific error -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] help request: amzon linux 2023 install apisix [apisix]
251780722 commented on issue #11578: URL: https://github.com/apache/apisix/issues/11578#issuecomment-2357368984 The yum installation uses the centos repo file. An error occurs when executing commands on amamzon 2023 ami. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] help request: Body-transformer plugin template configuration issue [apisix]
Loyal1996 commented on issue #11556: URL: https://github.com/apache/apisix/issues/11556#issuecomment-2357315389 > maybe the error is due to `return` field not being present in the xml response? the xml response: ``` http://schemas.xmlsoap.org/soap/envelope/";> http://server.webservice.topwalk.com";> hello world ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] help request: Body-transformer plugin template configuration issue [apisix]
Loyal1996 commented on issue #11556: URL: https://github.com/apache/apisix/issues/11556#issuecomment-2357314136 > maybe the error is due to `return` field not being present in the xml response? the xml response: http://schemas.xmlsoap.org/soap/envelope/";> http://server.webservice.com";> hello world -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] bug: When my plugin configuration is incorrect, it will cause continuous memory growth [apisix-ingress-controller]
github-actions[bot] closed issue #2238: bug: When my plugin configuration is incorrect, it will cause continuous memory growth URL: https://github.com/apache/apisix-ingress-controller/issues/2238 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] feat: backport hmac-auth plugin refactor [apisix]
membphis commented on PR #11581: URL: https://github.com/apache/apisix/pull/11581#issuecomment-2357279723 bad title, we can not use `backport` in this PR pls add more description about why we need this PR? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] docs: add more secret information to the admin api [apisix]
HuanXin-Chen commented on code in PR #11569:
URL: https://github.com/apache/apisix/pull/11569#discussion_r1763440690
##
docs/en/latest/admin-api.md:
##
@@ -1497,6 +1497,102 @@ HTTP/1.1 200 OK
{"key":"\/apisix\/secrets\/vault\/test2","value":{"id":"vault\/test2","token":"apisix","prefix":"apisix","update_time":1669625828,"create_time":1669625828,"uri":"http:\/\/xxx\/get"}}
```
+ When Secret Manager is AWS
+
+| Parameter | Required | Type | Description | Example |
+| --- | --- | --- | --- | --- |
+| access_key_id | True | string | AWS Access Key ID | |
+| secret_access_key | True | string | AWS Secret Access Key | |
+| session_token | False | string | Temporary access credential information | |
+| region | False | string | AWS Region | |
+| endpoint_url | False | URI | AWS Secret Manager URL |
https://secretsmanager.{region}.amazonaws.com |
+
+Example Configuration:
+
+```shell
+{
+"endpoint_url": "http://127.0.0.1:4566";,
+"region": "us-east-1",
+"access_key_id": "access",
+"secret_access_key": "secret",
+"session_token": "token"
+}
+```
+
+Example API usage:
+
+```shell
+curl -i http://127.0.0.1:9180/apisix/admin/secrets/aws/test3 \
+-H "X-API-KEY: $admin_key" -X PUT -d '
+{
+"endpoint_url": "http://127.0.0.1:4566";,
+"region": "us-east-1",
+"access_key_id": "access",
+"secret_access_key": "secret",
+"session_token": "token"
+}'
+```
+
+```shell
+HTTP/1.1 200 OK
+...
+
+{"value":{"create_time":1726069970,"endpoint_url":"http://127.0.0.1:4566","region":"us-east-1","access_key_id":"access","secret_access_key":"secret","id":"aws/test3","update_time":1726069970,"session_token":"token"},"key":"/apisix/secrets/aws/test3"}
+```
+
+ When Secret Manager is GCP
+
+| Parameter | Required | Type | Description | Example |
+| --- | --- | --- | --- | --- |
+| auth_config | True | object | Either `auth_config` or `auth_file` must be
provided. | |
+| auth_config.client_email | True | string | Email address of the Google Cloud
service account. | |
+| auth_config.private_key | True | string | Private key of the Google Cloud
service account. | |
+| auth_config.project_id | True | string | Project ID in the Google Cloud
service account. | |
+| auth_config.token_uri | False | string | Token URI of the Google Cloud
service account. |
[https://oauth2.googleapis.com/token](https://oauth2.googleapis.com/token) |
+| auth_config.entries_uri | False | string | The API access endpoint for the
Google Secrets Manager. |
[https://secretmanager.googleapis.com/v1](https://secretmanager.googleapis.com/v1)
|
+| auth_config.scope | False | string | Access scopes of the Google Cloud
service account. See [OAuth 2.0 Scopes for Google
APIs](https://developers.google.com/identity/protocols/oauth2/scopes) |
[https://www.googleapis.com/auth/cloud-platform](https://www.googleapis.com/auth/cloud-platform)
|
+| auth_file | True | string | Path to the Google Cloud service account
authentication JSON file. Either `auth_config` or `auth_file` must be provided.
| |
+| ssl_verify | False | boolean | When set to `true`, enables SSL verification
as mentioned in [OpenResty
docs](https://github.com/openresty/lua-nginx-module#tcpsocksslhandshake). |
true |
Review Comment:
Fixed.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Re: [PR] docs: add more secret information to the admin api [apisix]
HuanXin-Chen commented on code in PR #11569:
URL: https://github.com/apache/apisix/pull/11569#discussion_r1763418452
##
docs/en/latest/admin-api.md:
##
@@ -1497,6 +1497,102 @@ HTTP/1.1 200 OK
{"key":"\/apisix\/secrets\/vault\/test2","value":{"id":"vault\/test2","token":"apisix","prefix":"apisix","update_time":1669625828,"create_time":1669625828,"uri":"http:\/\/xxx\/get"}}
```
+ When Secret Manager is AWS
+
+| Parameter | Required | Type | Description | Example |
+| --- | --- | --- | --- | --- |
+| access_key_id | True | string | AWS Access Key ID | |
+| secret_access_key | True | string | AWS Secret Access Key | |
+| session_token | False | string | Temporary access credential information | |
+| region | False | string | AWS Region | |
+| endpoint_url | False | URI | AWS Secret Manager URL |
https://secretsmanager.{region}.amazonaws.com |
Review Comment:
I think there is no need to remove the example field, as the vault document
also contains this field, and docs consistency should be maintained.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Re: [PR] docs: add more secret information to the admin api [apisix]
HuanXin-Chen commented on code in PR #11569:
URL: https://github.com/apache/apisix/pull/11569#discussion_r1763409618
##
docs/en/latest/admin-api.md:
##
@@ -1497,6 +1497,102 @@ HTTP/1.1 200 OK
{"key":"\/apisix\/secrets\/vault\/test2","value":{"id":"vault\/test2","token":"apisix","prefix":"apisix","update_time":1669625828,"create_time":1669625828,"uri":"http:\/\/xxx\/get"}}
```
+ When Secret Manager is AWS
+
+| Parameter | Required | Type | Description | Example |
+| --- | --- | --- | --- | --- |
+| access_key_id | True | string | AWS Access Key ID | |
+| secret_access_key | True | string | AWS Secret Access Key | |
+| session_token | False | string | Temporary access credential information | |
+| region | False | string | AWS Region | |
+| endpoint_url | False | URI | AWS Secret Manager URL |
https://secretsmanager.{region}.amazonaws.com |
+
+Example Configuration:
+
+```shell
Review Comment:
Fixed.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Re: [PR] docs: add more secret information to the admin api [apisix]
HuanXin-Chen commented on code in PR #11569:
URL: https://github.com/apache/apisix/pull/11569#discussion_r1763409136
##
docs/en/latest/admin-api.md:
##
@@ -1497,6 +1497,102 @@ HTTP/1.1 200 OK
{"key":"\/apisix\/secrets\/vault\/test2","value":{"id":"vault\/test2","token":"apisix","prefix":"apisix","update_time":1669625828,"create_time":1669625828,"uri":"http:\/\/xxx\/get"}}
```
+ When Secret Manager is AWS
+
+| Parameter | Required | Type | Description | Example |
+| --- | --- | --- | --- | --- |
+| access_key_id | True | string | AWS Access Key ID | |
+| secret_access_key | True | string | AWS Secret Access Key | |
+| session_token | False | string | Temporary access credential information | |
+| region | False | string | AWS Region | |
+| endpoint_url | False | URI | AWS Secret Manager URL |
https://secretsmanager.{region}.amazonaws.com |
+
+Example Configuration:
+
+```shell
+{
+"endpoint_url": "http://127.0.0.1:4566";,
+"region": "us-east-1",
+"access_key_id": "access",
+"secret_access_key": "secret",
+"session_token": "token"
+}
+```
+
+Example API usage:
+
+```shell
+curl -i http://127.0.0.1:9180/apisix/admin/secrets/aws/test3 \
+-H "X-API-KEY: $admin_key" -X PUT -d '
+{
+"endpoint_url": "http://127.0.0.1:4566";,
+"region": "us-east-1",
+"access_key_id": "access",
+"secret_access_key": "secret",
+"session_token": "token"
+}'
+```
+
+```shell
+HTTP/1.1 200 OK
+...
+
+{"value":{"create_time":1726069970,"endpoint_url":"http://127.0.0.1:4566","region":"us-east-1","access_key_id":"access","secret_access_key":"secret","id":"aws/test3","update_time":1726069970,"session_token":"token"},"key":"/apisix/secrets/aws/test3"}
+```
+
+ When Secret Manager is GCP
+
+| Parameter | Required | Type | Description | Example |
+| --- | --- | --- | --- | --- |
+| auth_config | True | object | Either `auth_config` or `auth_file` must be
provided. | |
+| auth_config.client_email | True | string | Email address of the Google Cloud
service account. | |
+| auth_config.private_key | True | string | Private key of the Google Cloud
service account. | |
+| auth_config.project_id | True | string | Project ID in the Google Cloud
service account. | |
+| auth_config.token_uri | False | string | Token URI of the Google Cloud
service account. |
[https://oauth2.googleapis.com/token](https://oauth2.googleapis.com/token) |
+| auth_config.entries_uri | False | string | The API access endpoint for the
Google Secrets Manager. |
[https://secretmanager.googleapis.com/v1](https://secretmanager.googleapis.com/v1)
|
+| auth_config.scope | False | string | Access scopes of the Google Cloud
service account. See [OAuth 2.0 Scopes for Google
APIs](https://developers.google.com/identity/protocols/oauth2/scopes) |
[https://www.googleapis.com/auth/cloud-platform](https://www.googleapis.com/auth/cloud-platform)
|
+| auth_file | True | string | Path to the Google Cloud service account
authentication JSON file. Either `auth_config` or `auth_file` must be provided.
| |
+| ssl_verify | False | boolean | When set to `true`, enables SSL verification
as mentioned in [OpenResty
docs](https://github.com/openresty/lua-nginx-module#tcpsocksslhandshake). |
true |
+
+Example Configuration:
+
+```shell
Review Comment:
Fixed.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Re: [PR] fix(log-rotate): skip access log when enable_access_log is set to false [apisix]
flearc commented on PR #11310: URL: https://github.com/apache/apisix/pull/11310#issuecomment-2355673753 @shreemaan-abhishek PTAL -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] feat: Rcommend to add the curl to image apache/apisix:version [apisix]
shreemaan-abhishek commented on issue #11531: URL: https://github.com/apache/apisix/issues/11531#issuecomment-2355160954 @kayx23 yes, you are right. @geekgao we cannot add it back to the image, plus, it's not a requirement of critical importance either. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] feat: Rcommend to add the curl to image apache/apisix:version [apisix]
shreemaan-abhishek closed issue #11531: feat: Rcommend to add the curl to image apache/apisix:version URL: https://github.com/apache/apisix/issues/11531 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] fix(log-rotate): skip access log when enable_access_log is set to false [apisix]
github-actions[bot] commented on PR #11310: URL: https://github.com/apache/apisix/pull/11310#issuecomment-2355153488 This pull request has been marked as stale due to 60 days of inactivity. It will be closed in 4 weeks if no further activity occurs. If you think that's incorrect or this pull request should instead be reviewed, please simply write any comment. Even if closed, you can still revive the PR at any time or discuss it on the d...@apisix.apache.org list. Thank you for your contributions. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] bug: Logout not working with OIDC Plugin and Keycloak [apisix]
github-actions[bot] commented on issue #9198: URL: https://github.com/apache/apisix/issues/9198#issuecomment-2355153113 This issue has been marked as stale due to 350 days of inactivity. It will be closed in 2 weeks if no further activity occurs. If this issue is still relevant, please simply write any comment. Even if closed, you can still revive the issue at any time or discuss it on the d...@apisix.apache.org list. Thank you for your contributions. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] help request: Can we refer to upstream in redirect plugin? [apisix]
shreemaan-abhishek commented on issue #11539: URL: https://github.com/apache/apisix/issues/11539#issuecomment-2355152961 The `uri` field can only modify the request uri, not the request's upstream node. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] help request: Can we refer to upstream in redirect plugin? [apisix]
shreemaan-abhishek closed issue #11539: help request: Can we refer to upstream in redirect plugin? URL: https://github.com/apache/apisix/issues/11539 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] bug: http2 not working [apisix]
shreemaan-abhishek commented on issue #11543: URL: https://github.com/apache/apisix/issues/11543#issuecomment-2355141219 @jialechan maybe this issue is because the httpbin server doesn't support http2? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] help request: Body-transformer plugin template configuration issue [apisix]
shreemaan-abhishek commented on issue #11556: URL: https://github.com/apache/apisix/issues/11556#issuecomment-2355112738 maybe the error is due to `return` field not being present in the xml response? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] help request: how to close keepalive [apisix]
shreemaan-abhishek commented on issue #11571: URL: https://github.com/apache/apisix/issues/11571#issuecomment-2355077578 > I noticed there's an enable_keepalive in the code; how should this be configured so that its value is false? after reading the code I can conclude that this cannot be configured. However, you may modify the code and test if it solved your issue. Then you may propose configuring the `keepalive` field. You can replace the following line of code with `return true` https://github.com/shreemaan-abhishek/apisix/blob/6e3bee2bffa97d03ba2ed7f33f92de9618acb94b/apisix/balancer.lua#L334 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] help request: About parameter configuration [apisix]
shreemaan-abhishek commented on issue #11557: URL: https://github.com/apache/apisix/issues/11557#issuecomment-2354952241 this isn't yet supported. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [I] help request: install APISIX 3.10.0 to Rocky Linux 8.10 via package manager [apisix]
kenhys commented on issue #11582: URL: https://github.com/apache/apisix/issues/11582#issuecomment-2354883548 Here is the workaround (maybe) 1. Switch `redhat` repository from `centos` ``` # cat /etc/yum.repos.d/apache-apisix.repo [release] name=Apache APISIX Repository for CentOS #baseurl=https://repos.apiseven.com/packages/centos/$releasever/$basearch baseurl=https://repos.apiseven.com/packages/redhat/$releasever/$basearch skip_if_unavailable=False gpgcheck=1 repo_gpgcheck=1 gpgkey=https://repos.apiseven.com/KEYS enabled=1 enabled_metadata=1 ``` 2. enable devel repolist ``` dnf install -y 'dnf-command(config-manager)' dnf config-manager --set-enabled devel ``` 3. install apisix via dnf install -y apisix. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] chore: update reusability of some parameters, update versions of ingr… [apisix-helm-chart]
ikatlinsky commented on PR #770: URL: https://github.com/apache/apisix-helm-chart/pull/770#issuecomment-2354876784 @Revolyssup @shreemaan-abhishek up -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
