After create a consumer on dashboard, apisix throw a exception

[cleverpig]

Bug report

After create a consumer on dashboard with this config.
{"algorithm":"HS256","base64_secret":false,"exp":86400,"key":"123"}

then Apisix throws exception:
2020/11/23 18:20:25 [error] 3694#3694: *40311 [lua] config_etcd.lua:483: failed to fetch data from etcd: failed to check item data of [/apisix/consumers] err:additional properties forbidden, found id, etcd key: /apisix/consumers, context: ngx.timer

And if deleted this consumer, exception will disappear.

How to Reproduce

1. Go to 'main menu'
2. Click on 'consumer'
3. Add new consumer with jwt auth.
4. See error in apisix log output

System information

• OS: Centos7
• Browser: Chrome, Firefox
• dashboard version: checkout from the master
• apisix version: checkout from the master

Screensnap

[nic-chen]

hi，
what is your APISIX and dashboard version？
thanks.

[starsz]

Hi, I think it's because Apisix-dashboard had written consumer data with id field into etcd.

@cleverpig you can have a try on the v2.0 branch.

[membphis]

@idbeta pls confirm this issue, it seems to be a bug

[juzhiyuan]

Please use the latest master codes, it's 2.1 now.

[cleverpig]

Please use the latest master codes, it's 2.1 now.

I used the latest version.

dashboard version: checkout from the master
apisix version: checkout from the master

[spacewander]

I guess it is because consumer id is removed in the master branch. We need to update the stored etcd data.
apache/apisix#2679
Sorry, I got it wrong. It looks more like dashboard's bug.

[spacewander]

@cleverpig
Could you show your dashboard commit so that we can reproduce the issue? It look like the latest dashboard (1a38fa6) doesn't write the id to etcd.
OK, I can confirm that the latest dashboard (1a38fa6) does write the id to etcd. Please ignore me.

[juzhiyuan]

apache/apisix#2829

@spacewander Just to make sure, this PR will fix this issue?

[spacewander]

Yes

[idbeta]

@idbeta pls confirm this issue, it seems to be a bug

My 2.1 version environment also has this problem.

sorry, 2.1 version environment did not reproduce this problem.

[membphis]

apache/apisix@c8823d0

fixed in APISIX already. @cleverpig you can make a try with this commit or the latest version of APISIX.

[cleverpig]

apache/apisix@c8823d0

fixed in APISIX already. @cleverpig you can make a try with this commit or the latest version of APISIX.

@membphis
I checked out the master version of APISIX, the problem still stay on after I'd created a consumer from dashboard.

2020/11/27 16:40:20 [error] 3280#3280: *53 [lua] config_etcd.lua:483: failed to fetch data from etcd: failed to check item data of [/apisix/consumers] err:additional properties forbidden, found id,  etcd key: /apisix/consumers, context: ngx.timer
2020/11/27 16:40:20 [error] 3279#3279: *36 [lua] config_etcd.lua:483: failed to fetch data from etcd: failed to check item data of [/apisix/consumers] err:additional properties forbidden, found id,  etcd key: /apisix/consumers, context: ngx.timer
2020/11/27 16:40:20 [error] 3283#3283: *16 [lua] config_etcd.lua:483: failed to fetch data from etcd: failed to check item data of [/apisix/consumers] err:additional properties forbidden, found id,  etcd key: /apisix/consumers, context: ngx.timer

It's the output from git log:

commit f4161d39a495879edffbc75e2099f6e487bae81d
Author: willmafh <[email protected]>
Date:   Wed Nov 25 19:27:04 2020 +0800

    chore: minor change in bin/apisix (#2847)
....
commit c8823d0eedcdc6e329afc48d6f41e7c92637ae28
Author: 罗泽轩 <[email protected]>
Date:   Tue Nov 24 11:02:44 2020 +0800

    **fix(consumer): keep the id field for compatibility (#2829)**

[membphis]

@spacewander Do you have any suggestion?

[cleverpig]

If I use curl script to access JWT authed page following the guide (https://github.com/apache/apisix/blob/master/doc/plugins/jwt-auth.md),
Apisix will throw 500 exception.

curl http://127.0.0.1:9080/index.html -H 'Authorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJ1c2VyLWtleSIsImV4cCI6MTYwNjU1MzYwMH0.GnuK08zLtaNyNW6NiqhkBlnxe7amZpSltU2dYDRRJM4' -i
HTTP/1.1 500 Internal Server Error
Date: Fri, 27 Nov 2020 08:54:08 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 174
Connection: close
Server: APISIX/2.0

<html>
<head><title>500 Internal Server Error</title></head>
<body>
<center><h1>500 Internal Server Error</h1></center>
<hr><center>openresty</center>
</body>

This is backend output:

2020/11/27 16:54:08 [error] 3280#3280: *36299 lua entry thread aborted: runtime error: ...0-master-version//deps/share/lua/5.1/resty/radixtree.lua:380: invalid IP address: invalid ip address: 
stack traceback:
coroutine 0:
        [C]: in function 'error'
        ...0-master-version//deps/share/lua/5.1/resty/radixtree.lua:341: in function 'pre_insert_route'
        ...0-master-version//deps/share/lua/5.1/resty/radixtree.lua:380: in function 'new'
        .../git-storage/apisix/apisix/http/router/radixtree_uri.lua:77: in function 'create_radixtree_router'
        .../git-storage/apisix/apisix/http/router/radixtree_uri.lua:84: in function 'match'
        /app/install/git-storage/apisix/apisix/init.lua:382: in function 'fun_org'
        /app/install/git-storage/apisix/apisix/debug.lua:132: in function 'http_access_phase'
        access_by_lua(nginx.conf:163):2: in main chunk, client: 127.0.0.1, server: , request: "GET /index.html HTTP/1.1", host: "127.0.0.1:9080"

[spacewander]

apache/apisix@c8823d0
fixed in APISIX already. @cleverpig you can make a try with this commit or the latest version of APISIX.

@membphis
I checked out the master version of APISIX, the problem still stay on after I'd created a consumer from dashboard.

2020/11/27 16:40:20 [error] 3280#3280: *53 [lua] config_etcd.lua:483: failed to fetch data from etcd: failed to check item data of [/apisix/consumers] err:additional properties forbidden, found id,  etcd key: /apisix/consumers, context: ngx.timer
2020/11/27 16:40:20 [error] 3279#3279: *36 [lua] config_etcd.lua:483: failed to fetch data from etcd: failed to check item data of [/apisix/consumers] err:additional properties forbidden, found id,  etcd key: /apisix/consumers, context: ngx.timer
2020/11/27 16:40:20 [error] 3283#3283: *16 [lua] config_etcd.lua:483: failed to fetch data from etcd: failed to check item data of [/apisix/consumers] err:additional properties forbidden, found id,  etcd key: /apisix/consumers, context: ngx.timer

It's the output from git log:

commit f4161d39a495879edffbc75e2099f6e487bae81d
Author: willmafh <[email protected]>
Date:   Wed Nov 25 19:27:04 2020 +0800

    chore: minor change in bin/apisix (#2847)
....
commit c8823d0eedcdc6e329afc48d6f41e7c92637ae28
Author: 罗泽轩 <[email protected]>
Date:   Tue Nov 24 11:02:44 2020 +0800

    **fix(consumer): keep the id field for compatibility (#2829)**

Can't reproduce at my side with commit f4161d39a495879edffbc75e2099f6e487bae81d.

[spacewander]

If I use curl script to access JWT authed page following the guide (https://github.com/apache/apisix/blob/master/doc/plugins/jwt-auth.md),
Apisix will throw 500 exception.

curl http://127.0.0.1:9080/index.html -H 'Authorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJ1c2VyLWtleSIsImV4cCI6MTYwNjU1MzYwMH0.GnuK08zLtaNyNW6NiqhkBlnxe7amZpSltU2dYDRRJM4' -i
HTTP/1.1 500 Internal Server Error
Date: Fri, 27 Nov 2020 08:54:08 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 174
Connection: close
Server: APISIX/2.0

<html>
<head><title>500 Internal Server Error</title></head>
<body>
<center><h1>500 Internal Server Error</h1></center>
<hr><center>openresty</center>
</body>

This is backend output:

2020/11/27 16:54:08 [error] 3280#3280: *36299 lua entry thread aborted: runtime error: ...0-master-version//deps/share/lua/5.1/resty/radixtree.lua:380: invalid IP address: invalid ip address: 
stack traceback:
coroutine 0:
        [C]: in function 'error'
        ...0-master-version//deps/share/lua/5.1/resty/radixtree.lua:341: in function 'pre_insert_route'
        ...0-master-version//deps/share/lua/5.1/resty/radixtree.lua:380: in function 'new'
        .../git-storage/apisix/apisix/http/router/radixtree_uri.lua:77: in function 'create_radixtree_router'
        .../git-storage/apisix/apisix/http/router/radixtree_uri.lua:84: in function 'match'
        /app/install/git-storage/apisix/apisix/init.lua:382: in function 'fun_org'
        /app/install/git-storage/apisix/apisix/debug.lua:132: in function 'http_access_phase'
        access_by_lua(nginx.conf:163):2: in main chunk, client: 127.0.0.1, server: , request: "GET /index.html HTTP/1.1", host: "127.0.0.1:9080"

Please run etcdctl --endpoints=$your_server get /apisix/route --prefix to get your route configuration and paste them here.

[nic-chen]

It may be the default value from json schema problem

[cleverpig]

my route configuration :

/apisix/routes/
init_dir
/apisix/routes/328530522223411227
{"id":"328530522223411227","create_time":1605349050,"update_time":1606124128,"uris":["/index.html"],"name":"httpd-front","methods":["GET","HEAD","POST","PUT","DELETE","OPTIONS","PATCH"],"hosts":["192.168.56.101"],"vars":[],"plugins":{"limit-conn":{"burst":4,"conn":2,"default_conn_delay":2,"key":"remote_addr","rejected_code":503},"limit-req":{"burst":5,"key":"remote_addr","rate":2,"rejected_code":503}},"upstream_id":"328530185320136731"}
/apisix/routes/328543152380051483
{"id":"328543152380051483","create_time":1605356578,"update_time":1606120439,"uris":["/demo/*"],"name":"swPractice","methods":["GET","HEAD","POST","PUT","DELETE","OPTIONS","PATCH"],"hosts":["192.168.56.101"],"vars":[],"plugins":{"skywalking":{"endpoint":"http://192.168.56.101:12800","sample_ratio":1}},"upstream_id":"328543040492797979"}
/apisix/routes/329827033766952987
{"id":"329827033766952987","create_time":1606121831,"update_time":1606466025,"uris":["/jwt-auth.html"],"name":"httpd-jwt-test","methods":["GET","HEAD","POST","PUT","DELETE","OPTIONS","PATCH"],"hosts":["192.168.56.101"],"remote_addrs":[""],"vars":[],"plugins":{"jwt-auth":{}},"upstream_id":"328530185320136731"}

@spacewander

[spacewander]

It may be the default value from json schema problem

@nic-chen
Do you mean the "remote_addrs":[""] in @cleverpig's route?

[nic-chen]

@spacewander

field algorithm defines a default value (HS256) in json schema, but creating a consumer on dashboard will not set this default value.

it's for consumer not route.

[nic-chen]

@cleverpig

Please run etcdctl --endpoints=$your_server get /apisix/consumer --prefix to get your consumer configuration and paste them here. Thanks.

[membphis]

@cleverpig you can make a try with the latest master branch or 2.1 branch

https://github.com/apache/apisix/tree/v2.1

I think this issue should have been fixed in APISIX

[nic-chen]

Can't reproduce at my side, please make sure you are running the new code. Thanks. @cleverpig

[nic-chen]

close it according we have test case for it:
https://github.com/apache/apisix-dashboard/blob/master/api/test/e2e/route_with_auth_plugin_test.go#L38-L125

feel free to reopen this issue if need.

[cleverpig]

@cleverpig

Please run etcdctl --endpoints=$your_server get /apisix/consumer --prefix to get your consumer configuration and paste them here. Thanks.

ok, I ran "etcdctl --endpoints=IP:port get /apisix/consumer --prefix", and got these:

/apisix/consumers/
init_dir
/apisix/consumers/jack
{"update_time":1606723309,"username":"jack","create_time":1606723309,"plugins":{"jwt-auth":{"secret":"my-secret-key","algorithm":"HS256","exp":86400,"key":"user-key"}}}

@nic-chen

[cleverpig]

@cleverpig you can make a try with the latest master branch or 2.1 branch

https://github.com/apache/apisix/tree/v2.1

I think this issue should have been fixed in APISIX

Sorry,it still...I updated apisix and dashboard.

[membphis]

@idbeta please confirm if you can reproduce this error

[nic-chen]

@cleverpig

If you are convenient, please contact my QQ

thanks.

[cleverpig]

ok

[cleverpig]

haha, we found tow little bugs! Thanks @nic-chen

1.Route: remote address is required, it must input.

if not, this exception will be thrown:

2.Consumer: JWT secret is required, it must input.

if not, this exception will be thrown:

[nic-chen]

Thanks for feedback. @cleverpig

[nic-chen]

there are two bugs:

1. when user not fill in remote address , remote_addrs should be [], but not [""]
2. the field secret of plugin jwt-auth should be required.

@membphis @juzhiyuan @spacewander

[membphis]

• when user not fill in remote address , remote_addrs should be [], but not [""]

When the user not filled, should no field remote_addrs. this should be a bug of the frontend. @juzhiyuan

BTW, I think [""] should be an invalid input, the JSON schema should return wrong. I make a test, confirm this.

• the field secret of plugin jwt-auth should be required.

this depends on APISIX, we can fix this bug at 2.2. @nic-chen would you like to create a new issue to APISIX?

[nic-chen]

this depends on APISIX, we can fix this bug at 2.2. @nic-chen would you like to create a new issue to APISIX?

APISIX fixed this by addon code，not schema

[membphis]

APISIX fixed this by addon code，not schema

manager-api should keep the same way ^_^

[nic-chen]

APISIX fixed this by addon code，not schema

manager-api should keep the same way ^_^

OK

[nic-chen]

1. when user not fill in remote address , remote_addrs should be [], but not [""]
   has been fixed by fix: omit remote_addrs when users don't input it #948 and fix: hack to fix the checking of remote_addrs #952

2. the field secret of plugin jwt-auth should be required.
   we will continue the work by test: need to do custom check for plugins #941

close this issue now.