Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Basic-Auth does not work DB-less with 2.8.1-alpine #9271

Closed
1 task done
Anhellikal opened this issue Aug 18, 2022 · 4 comments
Closed
1 task done

Basic-Auth does not work DB-less with 2.8.1-alpine #9271

Anhellikal opened this issue Aug 18, 2022 · 4 comments
Labels
pending author feedback Waiting for the issue author to get back to a maintainer with findings, more details, etc... plugins/basic-auth

Comments

@Anhellikal
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Kong version ($ kong version)

2.8.1-alpine

Current Behavior

Trying to implement basic_auth via DB_less mode in declarative pipeline, after enabling the basic_auth with username and password and sending a request Kong always return 401 unauthorized.

deployment-service.yaml: |

apiVersion: v1
kind: Service
metadata:
  name: kong-service
  namespace: kong-local
spec:
  ports:
    - name: kong-service
      port: 10000
      targetPort: 8000
    - name: kong-admin
      port: 10001
      targetPort: 8001
  selector:
    app: kong-proxy
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: kong-proxy
  namespace: kong-local
spec:
  replicas: 1
  selector:
    matchLabels:
      app: kong-proxy
  template:
    metadata:
      labels:
        app: kong-proxy
    spec:
      containers:
      - name: kong
        image: kong:latest
        imagePullPolicy: Always
        ports:
        - name: kong-proxy
          containerPort: 8000
        - name: kong-admin
          containerPort: 8001
        env:
         - name: KONG_DATABASE
           value: "off"
         - name: KONG_ADMIN_LISTEN
           value: "0.0.0.0:8001, 0.0.0.0:8444 ssl"
         - name: KONG_DECLARATIVE_CONFIG
           value: /mnt/kong.yaml    
        volumeMounts:
        - name: kong-config
          mountPath: /mnt
        resources:
          limits:
            cpu: 2000m
            memory: 4Gi
          requests:
            cpu: 2000m
            memory: 4Gi
      
      volumes:
      - name: kong-config
        configMap:
          name: kong-proxy-config

my kong.yaml: |

   _format_version: "2.1"
    _transform: false
    services:
    - name: backend-server
      
      host: backend-service
      
      port: 8080
      protocol: http
      routes:
      - name: backend-echo-server
        paths:
        - /
        strip_path: true
    plugins:
    - name: basic-auth
      config:
        hide_credentials: true
    consumers:
    - username: admin
    basicauth_credentials:
    - consumer: admin
      username: admin
      password: admin

request to kong
curl --location --request GET 'http://localhost:52838/echo' \ --header 'Authorization: Basic YWRtaW46YWRtaW4='

response:

HTTP/1.1 401 Unauthorized
Date: Thu, 18 Aug 2022 04:44:45 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Content-Length: 52
X-Kong-Response-Latency: 0
Server: kong/2.8.1

Expected Behavior

The response should be authorized 200 status code

Steps To Reproduce

Deploying in a kubernetes environment, to reproduce:

Create namespace kong-local in kubernetes
Deploy a configmap with kong.yaml file
Apply Deploy-Service.yaml
Portforward kong-service
Curl kong-service with the following request
curl --location --request GET 'http://localhost:52838/echo' \ --header 'Authorization: Basic YWRtaW46YWRtaW4='

Anything else?

No response
@bungle
Copy link
Member

bungle commented Aug 18, 2022
edited
Loading

@Anhellikal thanks for the report, I will check it out tomorrow.

@bungle bungle added the bug label Aug 22, 2022
@bungle
Copy link
Member

bungle commented Aug 22, 2022

@Anhellikal, I can reproduce this. Investigating.

@bungle bungle removed the bug label Aug 22, 2022
@bungle
Copy link
Member

bungle commented Aug 22, 2022
edited
Loading

@Anhellikal,

I think it does not work because of transform=false (or at least it seems to work if you set transform=true).

@bungle bungle added the pending author feedback Waiting for the issue author to get back to a maintainer with findings, more details, etc... label Aug 22, 2022
@Anhellikal
Copy link
Author

thanks, closing this

locao pushed a commit that referenced this issue Jun 21, 2024
@vm-001
fix(openid-connect): fixed a bug where anonymous consumers may be cac…
9e0fd84 
…hed as nil under a certain condition (#9271)
oowl pushed a commit that referenced this issue Jul 15, 2024
@catbro666
fix(openid-connect): return an error when subject is not a valid uuid…
90d911d 
… to prevent negative cache (#9511)

The issue has been fixed by #9271. This is a small improvement, so skip the changelog and test.

https://konghq.atlassian.net/browse/FTI-6026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
pending author feedback Waiting for the issue author to get back to a maintainer with findings, more details, etc... plugins/basic-auth
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bungle @chronolaw @Anhellikal