Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(authz-keycloak): set permissions as empty table when lazy_load_path is false #4845

Merged
merged 3 commits into from
Aug 18, 2021
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion apisix/plugins/authz-keycloak.lua
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,8 @@ local schema = {
type = "string",
minLength = 1, maxLength = 100
},
uniqueItems = true
uniqueItems = true,
default = {}
},
lazy_load_paths = {type = "boolean", default = false},
http_method_as_scope = {type = "boolean", default = false},
Expand Down Expand Up @@ -83,6 +84,9 @@ local schema = {
{
properties = {
lazy_load_paths = {enum = {false}},
},
anyOf = {
{required = {"permissions"}}
tzssangglass marked this conversation as resolved.
Show resolved Hide resolved
}
},
{
Expand Down
42 changes: 34 additions & 8 deletions t/plugin/authz-keycloak.t
Original file line number Diff line number Diff line change
Expand Up @@ -152,7 +152,33 @@ done



=== TEST 6: full schema check
=== TEST 6: no permissions when lazy_load_paths=false
tzssangglass marked this conversation as resolved.
Show resolved Hide resolved
--- config
location /t {
content_by_lua_block {
local plugin = require("apisix.plugins.authz-keycloak")
local ok, err = plugin.check_schema({
token_endpoint = "https://host.domain/auth/realms/foo/protocol/openid-connect/token",
client_id = "University",
lazy_load_paths = false
})
if not ok then
ngx.say(err)
end

ngx.say("done")
}
}
--- request
GET /t
--- response_body
done
--- no_error_log
[error]



=== TEST 7: full schema check
--- config
location /t {
content_by_lua_block {
Expand Down Expand Up @@ -192,7 +218,7 @@ done



=== TEST 7: token_endpoint and discovery both missing
=== TEST 8: token_endpoint and discovery both missing
--- config
location /t {
content_by_lua_block {
Expand All @@ -215,7 +241,7 @@ done



=== TEST 8: client_id and audience both missing
=== TEST 9: client_id and audience both missing
--- config
location /t {
content_by_lua_block {
Expand All @@ -238,7 +264,7 @@ done



=== TEST 9: resource_registration_endpoint and discovery both missing and lazy_load_paths is true
=== TEST 10: resource_registration_endpoint and discovery both missing and lazy_load_paths is true
--- config
location /t {
content_by_lua_block {
Expand All @@ -265,7 +291,7 @@ done



=== TEST 10: Add https endpoint with ssl_verify true (default)
=== TEST 11: Add https endpoint with ssl_verify true (default)
--- config
location /t {
content_by_lua_block {
Expand Down Expand Up @@ -331,7 +357,7 @@ passed



=== TEST 11: TEST with fake token and https endpoint
=== TEST 12: TEST with fake token and https endpoint
--- config
location /t {
content_by_lua_block {
Expand Down Expand Up @@ -361,7 +387,7 @@ Error while sending authz request to https://127.0.0.1:8443/auth/realms/Universi



=== TEST 12: Add https endpoint with ssl_verify false
=== TEST 13: Add https endpoint with ssl_verify false
--- config
location /t {
content_by_lua_block {
Expand Down Expand Up @@ -429,7 +455,7 @@ passed



=== TEST 13: TEST for https based token verification with ssl_verify false
=== TEST 14: TEST for https based token verification with ssl_verify false
--- config
location /t {
content_by_lua_block {
Expand Down