Kong: Order in which Plugins are executed

Created on 28 May 2015  路  12Comments  路  Source: Kong/kong

We need a better way than having a PRIORITY constant in a plugin's handler to decide the order of execution of the plugins. As the number of plugins grow, it's not intuitive.

More appropriate would be putting the order in the configuration.

tasfeature
Source
picture shashiranjan84
👍17

Most helpful comment

Any more news on this issue? Being able to set priority order when applying the plugin would be great.
I would really like to be able to do something like this:

curl -X POST http://kong:8001/services/myservice/plugins \
    --data "name=myplugin" \
    --data "priority=1000"

As it stands the only way to change priority is to fork the plugin and change it manually (as far as I am aware anyway).

picture philbarr on 27 Jul 2018
👍4

All 12 comments

I agree. As the number of plugins grows it's hard to define what PRIORITY each plugin should have.

Having the order in the configuration is an option: plugins will be executed accordingly to their order in the available_plugins property in the configuration. But it's not bulletproof, because I am pretty sure users will add plugins to the array pretty randomly.

Another option would be to sit down and look at the use cases that we have, and introduce some triggers in the lifecycle of the request, like:

  • access.before_authentication
  • access.on_request_preconditions
  • access.before_proxy

Etc

subnetmarco picture subnetmarco on 28 May 2015
👍1

Another link to #505 when redesigning the Model.

thibaultcha picture thibaultcha on 21 Dec 2015

Hopefully this is still up for debate, but it seems to me that having some type of endpoints like /order/plugins and /order/apis/plugins or similar that returned and accepted an ordered list of plugins provides the best flexibility. This would allow the user to control the flow through plugins, and by default could be autosorted on the PRIORITY.

jdarling picture jdarling on 2 Jun 2017

As it currently stands, what is the plugin order? Undefined?

Edit: Sorry, here it is https://getkong.org/docs/0.11.x/plugin-development/custom-logic/

I'd say maybe a custom priority field for each plugin to override current the PRIORITY field would suffice, and an API retrieve the plugins in priority order might make sense.

ernsheong picture ernsheong on 31 Aug 2017

On Thu, 31 Aug 2017 05:23:55 -0700
Jonathan ES Lin notifications@github.com wrote:

As it currently stands, what is the plugin order? Undefined?

Hi Jonathan.

The plugin execution/priority order is defined here - https://getkong.org/docs/0.11.x/plugin-development/custom-logic/#plugins-execution-order .

Best regards.

Guilherme Macedo

Sent from my Android device with K-9 Mail. Please excuse my brevity.

macedogm picture macedogm on 31 Aug 2017

Any more news on this issue? Being able to set priority order when applying the plugin would be great.
I would really like to be able to do something like this:

curl -X POST http://kong:8001/services/myservice/plugins \
    --data "name=myplugin" \
    --data "priority=1000"

As it stands the only way to change priority is to fork the plugin and change it manually (as far as I am aware anyway).

philbarr picture philbarr on 27 Jul 2018
👍4

If two plugins's phases and priority are same, which one will be executed first?

samwonwyd picture samwonwyd on 15 Jan 2019

@samwonwyd In this case the order is undefined.

thibaultcha picture thibaultcha on 15 Jan 2019

@samwonwyd it is not undefined, it is sorted by plugin created_at.

bungle picture bungle on 15 Aug 2019

Any update on this issue? Being allowed to easily change the plugins priorities would be greatly appreciated, as it would allow us to avoid forking a plugin just to change the PRIORITY constant value. In my case I would set the rate-limiting plugin priority higher than basic-Auth for instance, as the Current order prevents rate limiting protection against password bruteforce attackers

julianguinard picture julianguinard on 8 May 2020

Just wondering, if any change to the plugin order be made, is it also possible to have a plugin executed more than once? for example applying rate-limit to route and route+consumer, to make sure that the route will serve max 100 tps but a certain consumer can only get max 10 tps on that route. I'm also thinking that this will benefit scripting-like plugin, maybe when we need to add some generic processing to a route but add some custom processing for a certain consumer without losing the generic processing done on the route.

rucciva picture rucciva on 9 May 2020

In the end I ended up with the following steps in order to adress this issue :

  • write a Dockerfile starting FROM kong:2.0.4 in which rate-limiting is copied as rate-limiting-1999-priority, and the latter's handler.lua has a RateLimitingHandler.PRIORITY = 1999 rather than 901, which is the initial priority for rate-limiting

  • run my kong containers using that forked image and passing them KONG_PLUGINS=bundled,rate-limiting-1999-priority environment variable

  • use rate-limiting-1999-priority, which runs directly after CORS plugin and before any Auth plugin, when I need to limit rates by IP, and original rate-limiting for others services/routes for which I want to limit by any other entity (consumer, credentual or service)

I will stay tuned for this issue in case there is a cleaner, config-driven way to do this

julianguinard picture julianguinard on 11 May 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

cospotato picture cospotato  路  3Comments
antoniott15 picture antoniott15  路  3Comments
gopirajum picture gopirajum  路  3Comments
luka1983 picture luka1983  路  4Comments
ghost picture ghost  路  3Comments