Kong: Invalid property values in response on POST request using a nested parameter

Another note, the plugin schema for key-auth states that the key_names property is _required_, the documentation states _optional_, and the request obviously went through without supplying an error about the missing field. Would you like another issue for this as well?

Some findings with the function here. I couldn't reproduce this yet, but it seems like the bug is introduced in the latest commit: https://github.com/Kong/kong/commit/cee785fdfcd96a72fa01fa9ff8c213c6f9c2a1e1 which adds goto and ::continue:: to code. I am not sure why it did work on my machine with or without that commit, but that is something to look for for further investigation.

I tried but wasn't able to reproduce this locally either. I downgraded my httpie to 0.9.8 (it reports HTTPie 0.9.8, Requests 2.18.4, Pygments 2.2.0, Python 2.7.12) and ran Kong on tags master, 0.12.1 and 0.11.2 (resetting the database/migrations in between each run).

Also tried it with curl to control the JSON explicitly:

curl -i -X POST -H "Content-Type:application/json" --url http://localhost:8001/plugins -d '{ "name": "key-auth", "config":{ "run_on_preflight": true, "key_names": null } }'

but got this:

HTTP/1.1 201 Created
Date: Wed, 14 Feb 2018 21:27:32 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.12.1

{"created_at":1518643652000,"config":{"key_in_body":false,"key_names":["apikey"],"anonymous":"","run_on_preflight":true,"hide_credentials":false},"id":"0b3fcc53-dc2e-445c-88d3-5836cdbfce35","enabled":true,"name":"key-auth"}

Sending an explicit value for config.key_names also works:

curl -i -X POST -H "Content-Type:application/json" --url http://localhost:8001/plugins -d '{ "name": "key-auth", "config":{ "run_on_preflight": true, "key_names": ["ovo"] } }'

It set it correctly:

HTTP/1.1 201 Created
Date: Wed, 14 Feb 2018 21:29:17 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Server: kong/0.12.1

{"created_at":1518643757000,"config":{"key_in_body":false,"key_names":["ovo"],"anonymous":"","run_on_preflight":true,"hide_credentials":false},"id":"5e2326f2-e4c8-4e42-a52e-6321989aba16","enabled":true,"name":"key-auth"}

@nijikokun in which exact Kong version did you see the faulty behavior?

0.11, 0.10 variants. Easily reproducible using the Docker images.

@hishamhm you are not crazy, and neither am I (though, I will admit, for a while, I thought I was).

I have tracked down the exact reason for why this occurs and it actually has a good explanation as well.

https://github.com/Kong/kong/blob/master/kong/api/routes/plugins.lua#L9

When you make a request for the Plugin Schema, this method removes functions from the schema object. However, it does not do it on a cloned schema object. It does it directly against the in-memory object from the pcall(require ...) which modifies the cached object in the global require _LOADED[...] object.

So subsequent requests done against a worker with this cached object will have values set as function instead.

@nijikokun Great detective work! Reproduced on master with:

curl -i -X GET -H "Content-Type:application/json" --url http://localhost:8001/plugins/schema/key-auth
curl -i -X POST -H "Content-Type:application/json" --url http://localhost:8001/plugins -d '{ "name": "key-auth", "config":{ "run_on_preflight": true, "key_names": null } }'

Merged #3348, expect a fix in the next minor!

Thanks @thibaultcha and @hishamhm ❤️