From 7a7a192c610e7a8fdf63b574b62da854df11cad8 Mon Sep 17 00:00:00 2001 From: Lakshya Gupta Date: Fri, 5 Jan 2024 12:57:14 +0530 Subject: [PATCH 1/5] code change and test cases --- apisix/plugins/authz-keycloak.lua | 2 +- t/plugin/authz-keycloak2.t | 87 +++++++++++++++++++++++++++++++ 2 files changed, 88 insertions(+), 1 deletion(-) diff --git a/apisix/plugins/authz-keycloak.lua b/apisix/plugins/authz-keycloak.lua index 731e1f86cb93..5a7d32d26a9d 100644 --- a/apisix/plugins/authz-keycloak.lua +++ b/apisix/plugins/authz-keycloak.lua @@ -503,7 +503,7 @@ local function authz_keycloak_resolve_resource(conf, uri, sa_access_token) if not resource_registration_endpoint then local err = "Unable to determine registration endpoint." log.error(err) - return 503, err + return nil, err end log.debug("Resource registration endpoint: ", resource_registration_endpoint) diff --git a/t/plugin/authz-keycloak2.t b/t/plugin/authz-keycloak2.t index 09d5a8157f7c..7d5d9332fe4e 100644 --- a/t/plugin/authz-keycloak2.t +++ b/t/plugin/authz-keycloak2.t @@ -654,3 +654,90 @@ true GET /t --- response_body true + + + +=== TEST 16: add plugin with lazy_load_paths when resource_registration_endpoint is neither in config not in the discovery doc +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/routes/1', + ngx.HTTP_PUT, + [[{ + "plugins": { + "authz-keycloak": { + "discovery": "http://127.0.0.1:8080/realms/University/.well-known/openid-configuration", + "client_id": "course_management", + "client_secret": "d1ec69e9-55d2-4109-a3ea-befa071579d5", + "lazy_load_paths": true + } + }, + "upstream": { + "nodes": { + "127.0.0.1:1982": 1 + }, + "type": "roundrobin" + }, + "uri": "/course/foo" + }]] + ) + + if code >= 300 then + ngx.status = code + end + ngx.say(body) + } + } +--- request +GET /t +--- response_body +passed + + + +=== TEST 17: Get access token for student and access view course route. +--- config + location /t { + content_by_lua_block { + local json_decode = require("toolkit.json").decode + local http = require "resty.http" + local httpc = http.new() + local uri = "http://127.0.0.1:8080/realms/University/protocol/openid-connect/token" + local res, err = httpc:request_uri(uri, { + method = "POST", + body = "grant_type=password&client_id=course_management&client_secret=d1ec69e9-55d2-4109-a3ea-befa071579d5&username=student@gmail.com&password=123456", + headers = { + ["Content-Type"] = "application/x-www-form-urlencoded" + } + }) + + if res.status == 200 then + local body = json_decode(res.body) + local accessToken = body["access_token"] + + + uri = "http://127.0.0.1:" .. ngx.var.server_port .. "/course/foo" + local res, err = httpc:request_uri(uri, { + method = "GET", + headers = { + ["Authorization"] = "Bearer " .. accessToken, + } + }) + + if res.status == 503 then + ngx.say(true) + else + ngx.say(res.status) + end + else + ngx.say(false) + end + } + } +--- request +GET /t +--- response_body +true +--- error_log +Unable to determine registration endpoint. From aa8e4fe7d55045d82452d35eb4e956519370b619 Mon Sep 17 00:00:00 2001 From: Lakshya Gupta Date: Fri, 5 Jan 2024 15:17:57 +0530 Subject: [PATCH 2/5] typo --- t/plugin/authz-keycloak2.t | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/t/plugin/authz-keycloak2.t b/t/plugin/authz-keycloak2.t index 7d5d9332fe4e..8a16a33f1d8d 100644 --- a/t/plugin/authz-keycloak2.t +++ b/t/plugin/authz-keycloak2.t @@ -657,7 +657,7 @@ true -=== TEST 16: add plugin with lazy_load_paths when resource_registration_endpoint is neither in config not in the discovery doc +=== TEST 16: add plugin with lazy_load_paths when resource_registration_endpoint is neither in config nor in the discovery doc --- config location /t { content_by_lua_block { From 305f0dd26a3b728b6215cbf245a7ee7a7a14c2ad Mon Sep 17 00:00:00 2001 From: Lakshya Gupta Date: Fri, 5 Jan 2024 21:18:59 +0530 Subject: [PATCH 3/5] added empty line --- t/plugin/authz-keycloak2.t | 1 + 1 file changed, 1 insertion(+) diff --git a/t/plugin/authz-keycloak2.t b/t/plugin/authz-keycloak2.t index 8a16a33f1d8d..d8d608bce583 100644 --- a/t/plugin/authz-keycloak2.t +++ b/t/plugin/authz-keycloak2.t @@ -741,3 +741,4 @@ GET /t true --- error_log Unable to determine registration endpoint. + From 84e055245f56e1873b4523b495f8ff1fa7e06edf Mon Sep 17 00:00:00 2001 From: Lakshya Gupta Date: Sat, 6 Jan 2024 09:48:37 +0530 Subject: [PATCH 4/5] change ngx.say message --- t/plugin/authz-keycloak2.t | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/t/plugin/authz-keycloak2.t b/t/plugin/authz-keycloak2.t index d8d608bce583..c073c295261b 100644 --- a/t/plugin/authz-keycloak2.t +++ b/t/plugin/authz-keycloak2.t @@ -728,7 +728,7 @@ passed if res.status == 503 then ngx.say(true) else - ngx.say(res.status) + ngx.say(false) end else ngx.say(false) From 457ef5cffb9ad32d7943854917d3556f051a6596 Mon Sep 17 00:00:00 2001 From: Lakshya Gupta Date: Mon, 8 Jan 2024 13:37:47 +0530 Subject: [PATCH 5/5] styling --- t/plugin/authz-keycloak2.t | 1 - 1 file changed, 1 deletion(-) diff --git a/t/plugin/authz-keycloak2.t b/t/plugin/authz-keycloak2.t index c073c295261b..a8ced01a9025 100644 --- a/t/plugin/authz-keycloak2.t +++ b/t/plugin/authz-keycloak2.t @@ -741,4 +741,3 @@ GET /t true --- error_log Unable to determine registration endpoint. -