After create a consumer on dashboard with this config.
{"algorithm":"HS256","base64_secret":false,"exp":86400,"key":"123"}
then Apisix throws exception:
2020/11/23 18:20:25 [error] 3694#3694: *40311 [lua] config_etcd.lua:483: failed to fetch data from etcd: failed to check item data of [/apisix/consumers] err:additional properties forbidden, found id, etcd key: /apisix/consumers, context: ngx.timer
And if deleted this consumer, exception will disappear.

hi,
what is your APISIX and dashboard version?
thanks.
Hi, I think it's because Apisix-dashboard had written consumer data with id field into etcd.
@cleverpig you can have a try on the v2.0 branch.
@idbeta pls confirm this issue, it seems to be a bug
Please use the latest master codes, it's 2.1 now.
Please use the latest master codes, it's 2.1 now.
I used the latest version.
dashboard version: checkout from the master
apisix version: checkout from the master
I guess it is because consumer id is removed in the master branch. We need to update the stored etcd data.
https://github.com/apache/apisix/pull/2679~~
Sorry, I got it wrong. It looks more like dashboard's bug.
@cleverpig
Could you show your dashboard commit so that we can reproduce the issue? It look like the latest dashboard (1a38fa6cf6540bc966098f6467a160312fb6b0fd) doesn't write the id to etcd.
OK, I can confirm that the latest dashboard (1a38fa6cf6540bc966098f6467a160312fb6b0fd) does write the id to etcd. Please ignore me.
https://github.com/apache/apisix/pull/2829
@spacewander Just to make sure, this PR will fix this issue?
Yes
@idbeta pls confirm this issue, it seems to be a bug
~My 2.1 version environment also has this problem.~
sorry, 2.1 version environment did not reproduce this problem.
https://github.com/apache/apisix/commit/c8823d0eedcdc6e329afc48d6f41e7c92637ae28
fixed in APISIX already. @cleverpig you can make a try with this commit or the latest version of APISIX.
fixed in APISIX already. @cleverpig you can make a try with this commit or the latest version of APISIX.
@membphis
I checked out the master version of APISIX, the problem still stay on after I'd created a consumer from dashboard.
2020/11/27 16:40:20 [error] 3280#3280: *53 [lua] config_etcd.lua:483: failed to fetch data from etcd: failed to check item data of [/apisix/consumers] err:additional properties forbidden, found id, etcd key: /apisix/consumers, context: ngx.timer
2020/11/27 16:40:20 [error] 3279#3279: *36 [lua] config_etcd.lua:483: failed to fetch data from etcd: failed to check item data of [/apisix/consumers] err:additional properties forbidden, found id, etcd key: /apisix/consumers, context: ngx.timer
2020/11/27 16:40:20 [error] 3283#3283: *16 [lua] config_etcd.lua:483: failed to fetch data from etcd: failed to check item data of [/apisix/consumers] err:additional properties forbidden, found id, etcd key: /apisix/consumers, context: ngx.timer
It's the output from git log:
commit f4161d39a495879edffbc75e2099f6e487bae81d
Author: willmafh <[email protected]>
Date: Wed Nov 25 19:27:04 2020 +0800
chore: minor change in bin/apisix (#2847)
....
commit c8823d0eedcdc6e329afc48d6f41e7c92637ae28
Author: 罗泽轩 <[email protected]>
Date: Tue Nov 24 11:02:44 2020 +0800
**fix(consumer): keep the id field for compatibility (#2829)**
@spacewander Do you have any suggestion?
If I use curl script to access JWT authed page following the guide (https://github.com/apache/apisix/blob/master/doc/plugins/jwt-auth.md),
Apisix will throw 500 exception.
curl http://127.0.0.1:9080/index.html -H 'Authorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJ1c2VyLWtleSIsImV4cCI6MTYwNjU1MzYwMH0.GnuK08zLtaNyNW6NiqhkBlnxe7amZpSltU2dYDRRJM4' -i
HTTP/1.1 500 Internal Server Error
Date: Fri, 27 Nov 2020 08:54:08 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 174
Connection: close
Server: APISIX/2.0
<html>
<head><title>500 Internal Server Error</title></head>
<body>
<center><h1>500 Internal Server Error</h1></center>
<hr><center>openresty</center>
</body>
This is backend output:
2020/11/27 16:54:08 [error] 3280#3280: *36299 lua entry thread aborted: runtime error: ...0-master-version//deps/share/lua/5.1/resty/radixtree.lua:380: invalid IP address: invalid ip address:
stack traceback:
coroutine 0:
[C]: in function 'error'
...0-master-version//deps/share/lua/5.1/resty/radixtree.lua:341: in function 'pre_insert_route'
...0-master-version//deps/share/lua/5.1/resty/radixtree.lua:380: in function 'new'
.../git-storage/apisix/apisix/http/router/radixtree_uri.lua:77: in function 'create_radixtree_router'
.../git-storage/apisix/apisix/http/router/radixtree_uri.lua:84: in function 'match'
/app/install/git-storage/apisix/apisix/init.lua:382: in function 'fun_org'
/app/install/git-storage/apisix/apisix/debug.lua:132: in function 'http_access_phase'
access_by_lua(nginx.conf:163):2: in main chunk, client: 127.0.0.1, server: , request: "GET /index.html HTTP/1.1", host: "127.0.0.1:9080"
apache/apisix@c8823d0
fixed in APISIX already. @cleverpig you can make a try with this commit or the latest version of APISIX.@membphis
I checked out the master version of APISIX, the problem still stay on after I'd created a consumer from dashboard.2020/11/27 16:40:20 [error] 3280#3280: *53 [lua] config_etcd.lua:483: failed to fetch data from etcd: failed to check item data of [/apisix/consumers] err:additional properties forbidden, found id, etcd key: /apisix/consumers, context: ngx.timer 2020/11/27 16:40:20 [error] 3279#3279: *36 [lua] config_etcd.lua:483: failed to fetch data from etcd: failed to check item data of [/apisix/consumers] err:additional properties forbidden, found id, etcd key: /apisix/consumers, context: ngx.timer 2020/11/27 16:40:20 [error] 3283#3283: *16 [lua] config_etcd.lua:483: failed to fetch data from etcd: failed to check item data of [/apisix/consumers] err:additional properties forbidden, found id, etcd key: /apisix/consumers, context: ngx.timerIt's the output from git log:
commit f4161d39a495879edffbc75e2099f6e487bae81d Author: willmafh <[email protected]> Date: Wed Nov 25 19:27:04 2020 +0800 chore: minor change in bin/apisix (#2847) .... commit c8823d0eedcdc6e329afc48d6f41e7c92637ae28 Author: 罗泽轩 <[email protected]> Date: Tue Nov 24 11:02:44 2020 +0800 **fix(consumer): keep the id field for compatibility (#2829)**
Can't reproduce at my side with commit f4161d39a495879edffbc75e2099f6e487bae81d.
If I use curl script to access JWT authed page following the guide (https://github.com/apache/apisix/blob/master/doc/plugins/jwt-auth.md),
Apisix will throw 500 exception.curl http://127.0.0.1:9080/index.html -H 'Authorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJ1c2VyLWtleSIsImV4cCI6MTYwNjU1MzYwMH0.GnuK08zLtaNyNW6NiqhkBlnxe7amZpSltU2dYDRRJM4' -i HTTP/1.1 500 Internal Server Error Date: Fri, 27 Nov 2020 08:54:08 GMT Content-Type: text/html; charset=utf-8 Content-Length: 174 Connection: close Server: APISIX/2.0 <html> <head><title>500 Internal Server Error</title></head> <body> <center><h1>500 Internal Server Error</h1></center> <hr><center>openresty</center> </body>This is backend output:
2020/11/27 16:54:08 [error] 3280#3280: *36299 lua entry thread aborted: runtime error: ...0-master-version//deps/share/lua/5.1/resty/radixtree.lua:380: invalid IP address: invalid ip address: stack traceback: coroutine 0: [C]: in function 'error' ...0-master-version//deps/share/lua/5.1/resty/radixtree.lua:341: in function 'pre_insert_route' ...0-master-version//deps/share/lua/5.1/resty/radixtree.lua:380: in function 'new' .../git-storage/apisix/apisix/http/router/radixtree_uri.lua:77: in function 'create_radixtree_router' .../git-storage/apisix/apisix/http/router/radixtree_uri.lua:84: in function 'match' /app/install/git-storage/apisix/apisix/init.lua:382: in function 'fun_org' /app/install/git-storage/apisix/apisix/debug.lua:132: in function 'http_access_phase' access_by_lua(nginx.conf:163):2: in main chunk, client: 127.0.0.1, server: , request: "GET /index.html HTTP/1.1", host: "127.0.0.1:9080"
Please run etcdctl --endpoints=$your_server get /apisix/route --prefix to get your route configuration and paste them here.
It may be the default value from json schema problem
my route configuration :
/apisix/routes/
init_dir
/apisix/routes/328530522223411227
{"id":"328530522223411227","create_time":1605349050,"update_time":1606124128,"uris":["/index.html"],"name":"httpd-front","methods":["GET","HEAD","POST","PUT","DELETE","OPTIONS","PATCH"],"hosts":["192.168.56.101"],"vars":[],"plugins":{"limit-conn":{"burst":4,"conn":2,"default_conn_delay":2,"key":"remote_addr","rejected_code":503},"limit-req":{"burst":5,"key":"remote_addr","rate":2,"rejected_code":503}},"upstream_id":"328530185320136731"}
/apisix/routes/328543152380051483
{"id":"328543152380051483","create_time":1605356578,"update_time":1606120439,"uris":["/demo/*"],"name":"swPractice","methods":["GET","HEAD","POST","PUT","DELETE","OPTIONS","PATCH"],"hosts":["192.168.56.101"],"vars":[],"plugins":{"skywalking":{"endpoint":"http://192.168.56.101:12800","sample_ratio":1}},"upstream_id":"328543040492797979"}
/apisix/routes/329827033766952987
{"id":"329827033766952987","create_time":1606121831,"update_time":1606466025,"uris":["/jwt-auth.html"],"name":"httpd-jwt-test","methods":["GET","HEAD","POST","PUT","DELETE","OPTIONS","PATCH"],"hosts":["192.168.56.101"],"remote_addrs":[""],"vars":[],"plugins":{"jwt-auth":{}},"upstream_id":"328530185320136731"}
@spacewander
It may be the default value from json schema problem
@nic-chen
Do you mean the "remote_addrs":[""] in @cleverpig's route?
@spacewander
field algorithm defines a default value (HS256) in json schema, but creating a consumer on dashboard will not set this default value.
it's for consumer not route.
@cleverpig
Please run etcdctl --endpoints=$your_server get /apisix/consumer --prefix to get your consumer configuration and paste them here. Thanks.
@cleverpig you can make a try with the latest master branch or 2.1 branch
https://github.com/apache/apisix/tree/v2.1
I think this issue should have been fixed in APISIX
Can't reproduce at my side, please make sure you are running the new code. Thanks. @cleverpig
close it according we have test case for it:
https://github.com/apache/apisix-dashboard/blob/master/api/test/e2e/route_with_auth_plugin_test.go#L38-L125
feel free to reopen this issue if need.
@cleverpig
Please run etcdctl --endpoints=$your_server get /apisix/consumer --prefix to get your consumer configuration and paste them here. Thanks.
ok, I ran "etcdctl --endpoints=IP:port get /apisix/consumer --prefix", and got these:
/apisix/consumers/
init_dir
/apisix/consumers/jack
{"update_time":1606723309,"username":"jack","create_time":1606723309,"plugins":{"jwt-auth":{"secret":"my-secret-key","algorithm":"HS256","exp":86400,"key":"user-key"}}}
@nic-chen
@cleverpig you can make a try with the latest
masterbranch or2.1branchhttps://github.com/apache/apisix/tree/v2.1
I think this issue should have been fixed in APISIX
Sorry,it still...I updated apisix and dashboard.
@idbeta please confirm if you can reproduce this error
@cleverpig
If you are convenient, please contact my QQ
thanks.
ok
haha, we found tow little bugs! Thanks @nic-chen
1.Route: remote address is required, it must input.

if not, this exception will be thrown:

2.Consumer: JWT secret is required, it must input.

if not, this exception will be thrown:

Thanks for feedback. @cleverpig
there are two bugs:
remote address , remote_addrs should be [], but not [""]secret of plugin jwt-auth should be required. @membphis @juzhiyuan @spacewander
- when user not fill in
remote address,remote_addrsshould be [], but not [""]
When the user not filled, should no field remote_addrs. this should be a bug of the frontend. @juzhiyuan
BTW, I think [""] should be an invalid input, the JSON schema should return wrong. I make a test, confirm this.
- the field
secretof pluginjwt-authshould be required.
this depends on APISIX, we can fix this bug at 2.2. @nic-chen would you like to create a new issue to APISIX?
this depends on APISIX, we can fix this bug at
2.2. @nic-chen would you like to create a new issue to APISIX?APISIX fixed this by addon code,not schema
APISIX fixed this by addon code,not schema
manager-api should keep the same way ^_^
APISIX fixed this by addon code,not schema
manager-api should keep the same way ^_^
OK
- when user not fill in remote address , remote_addrs should be [], but not [""]
has been fixed by #948 and #952
- the field secret of plugin jwt-auth should be required.
we will continue the work by #941
close this issue now.