help request: serverless pre function is not working #11828
Labels
question
label for questions asked by users
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
apiVersion: apisix.apache.org/v2
kind: ApisixRoute
metadata:
name: feeservice-route-test
namespace: feeservice-test
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
http:
name: feeservice
match:
hosts:
services-test.airportauthority.net
paths:
/feeservice/*
backends:
serviceName: feeservice-test
servicePort: 8080
plugins:
name: proxy-rewrite
enable: true
config:
regex_uri:
^/feeservice/(.)
"/$1"
name: cors
enable: true
config:
allow_origins: ""
allow_methods: "GET, POST, PUT, DELETE, PATCH, OPTIONS, MKCOL, COPY, MOVE, PROPFIND, LOCK, UNLOCK, PATCH, TRACE"
allow_headers: ""
expose_headers: ""
name: openid-connect
enable: true
config:
bearer_only: true
client_id: apisix
client_secret: 5w0ne2td7AOf49FMT7pZr9BgQhverkPY
discovery: https://keycloak.airportauthority.net/realms/Airport-Authority/.well-known/openid-configuration
name: serverless-pre-function
enable: true
config:
functions:
return function(conf, ctx)
local core = require("apisix.core")
local jwt = require("resty.jwt")
local jwt_token = core.request.header(ctx, "Authorization")
if jwt_token then
local _, _, jwt_token_only = string.find(jwt_token, "Bearer%s+(.+)")
if jwt_token_only then
local jwt_obj = jwt:load_jwt(jwt_token_only)
if jwt_obj.valid and jwt_obj.payload.groups then
local groups_claim_value = table.concat(jwt_obj.payload.groups, ",")
core.request.set_header(ctx, "groups", groups_claim_value)
end
end
end
end
name: swagger-ui
match:
hosts:
services-test.airportauthority.net
paths:
/feeservice/swagger-ui/*
backends:
serviceName: feeservice-test
servicePort: 8080
plugins:
name: proxy-rewrite
enable: true
config:
regex_uri:
^/swagger-ui/(.)
"/$1"
name: cors
enable: true
config:
allow_origins: ""
allow_methods: "GET, POST, PUT, DELETE, PATCH, OPTIONS, MKCOL, COPY, MOVE, PROPFIND, LOCK, UNLOCK, PATCH, TRACE"
allow_headers: ""
expose_headers: ""
name: swagger-config
match:
hosts:
services-test.airportauthority.net
paths:
/feeservice/v3/*
backends:
serviceName: feeservice-test
servicePort: 8080
plugins:
name: proxy-rewrite
enable: true
config:
regex_uri:
^(feeservice/v3/.)
"/$1"
name: cors
enable: true
config:
allow_origins: ""
allow_methods: "GET, POST, PUT, DELETE, PATCH, OPTIONS, MKCOL, COPY, MOVE, PROPFIND, LOCK, UNLOCK, PATCH, TRACE"
allow_headers: ""
expose_headers: ""
name: feeservice-wildcard
match:
hosts:
services-test.airportauthority.net
paths:
"/-fee/"
backends:
serviceName: feeservice-test
servicePort: 8080
plugins:
name: proxy-rewrite
enable: true
config:
regex_uri:
^/(.)
"/$1"
name: cors
enable: true
config:
allow_origins: ""
allow_methods: "GET, POST, PUT, DELETE, PATCH, OPTIONS, MKCOL, COPY, MOVE, PROPFIND, LOCK, UNLOCK, PATCH, TRACE"
allow_headers: ""
expose_headers: ""
name: openid-connect
enable: true
config:
bearer_only: true
client_id: apisix
client_secret: 5w0ne2td7AOf49FMT7pZr9BgQhverkPY
discovery: https://keycloak.airportauthority.net/realms/Airport-Authority/.well-known/openid-configuration
name: serverless-pre-function
enable: true
config:
functions:
return function(conf, ctx)
local core = require("apisix.core")
local jwt = require("resty.jwt")
local jwt_token = core.request.header(ctx, "Authorization")
if jwt_token then
local _, _, jwt_token_only = string.find(jwt_token, "Bearer%s+(.+)")
if jwt_token_only then
local jwt_obj = jwt:load_jwt(jwt_token_only)
if jwt_obj.valid and jwt_obj.payload.groups then
local groups_claim_value = table.concat(jwt_obj.payload.groups, ",")
core.request.set_header(ctx, "groups", groups_claim_value)
end
end
end
end
my goal was the when I would use curl it would extract the groups from the bearer token and print it also
curl --location 'https://services-test.airportauthority.net/feeservice/v1/fees/contact-info'
--header 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJtbmkyaXZ5anh5d211d2Z0dGR3Rm1nMFFtQ1JhaUlYcnNIVnVFVDdHVUFzIn0.eyJleHAiOjE3MzI2OTIyMzksImlhdCI6MTczMjY5MTkzOSwianRpIjoiYTVlZjYwMWQtNTM5MS00YmRlLTkzMWYtYjgzM2ZmNGQxYmIyIiwiaXNzIjoiaHR0cHM6Ly9rZXljbG9hay5haXJwb3J0YXV0aG9yaXR5Lm5ldC9yZWFsbXMvQWlycG9ydC1BdXRob3JpdHkiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiOTg2NmI4M2QtMTE5NC00NDFlLWE4ZWYtYzJlNWEzYWVhNjM2IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoicmV2ZW51ZS1zb3VyY2Utd2ViLWFwcCIsInNpZCI6IjQ5ZmFhZGFmLWE0MGItNDZiYi1hYzczLTFkYmEzYWZmNjNjYSIsImFjciI6InBhc3N3b3JkIiwiYWxsb3dlZC1vcmlnaW5zIjpbImh0dHA6Ly9haXJsaW5lLWFkbWluaXN0cmF0aW9uLWFwcC5haXJwb3J0YXV0aG9yaXR5Lm5ldCIsImh0dHA6Ly9sYW5kaW5nLWF1dGhvcml6YXRpb24td29ya2Zsb3ctYXBwLmFpcnBvcnRhdXRob3JpdHkubmV0IiwiaHR0cHM6Ly9hcHAuYWlycG9ydGF1dGhvcml0eS5uZXQiLCJodHRwOi8vYXBwLmFpcnBvcnRhdXRob3JpdHkubmV0IiwiaHR0cDovLzM0LjQxLjIxNC4xNDEiLCJodHRwOi8vbG9jYWxob3N0OjMwMDAiLCJodHRwOi8vYXBwLXRlc3QuYWlycG9ydGF1dGhvcml0eS5uZXQiLCJodHRwOi8vMzQuNzEuMjE5LjI0NSJdLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsiZGVmYXVsdC1yb2xlcy1haXJwb3J0LWF1dGhvcml0eSIsIm5ld1VzZXJSb2xlIiwib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJtaWNyb3Byb2ZpbGUtand0IGVtYWlsIHByb2ZpbGUiLCJ1cG4iOiJhcmp1bkByYWRpYW50c29sdXRpb24uY28iLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwibmFtZSI6ImFyanVuIGJvc2UiLCJncm91cHMiOlsiZGVmYXVsdC1yb2xlcy1haXJwb3J0LWF1dGhvcml0eSIsIm5ld1VzZXJSb2xlIiwib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJhcmp1bkByYWRpYW50c29sdXRpb24uY28iLCJnaXZlbl9uYW1lIjoiYXJqdW4iLCJmYW1pbHlfbmFtZSI6ImJvc2UiLCJlbWFpbCI6ImFyanVuQHJhZGlhbnRzb2x1dGlvbi5jbyJ9.O617G1siU1kdBvmLnfJ1Bwm8J4LYST12sRVJinvjoXzligQ9ePP3HZOdva_IDILg2NI7vgYciaexVwU7nawk-cybcOIzhpN3iG6mCzpGzFtMSvegbzt_32g3geE1leC3oh96wliZivh2HBhd-2Moc8ZEqNPx-ZdEgD9k0a89b_ekO2XV2L9uvBB0VhENeCkEifTe5_IShPy2hV0Je-5oNRBqe0DvxBB5cB7_hCq-BKaa0CEKD1e8vIgJ_3RaKuEukdP5U_H9yb_cuJPrpwL9zLUfnG91hTTg4VIprsUMs10BjGhrWnTaPfCtoaA3PQZVULm0_M4Lo-x9l1HJk85Wtw' -v -k
Trying 35.188.157.114:443...
Connected to services-test.airportauthority.net (35.188.157.114) port 443 (#0)
ALPN, offering h2
ALPN, offering http/1.1
TLSv1.0 (OUT), TLS header, Certificate Status (22):
TLSv1.3 (OUT), TLS handshake, Client hello (1):
TLSv1.2 (IN), TLS header, Certificate Status (22):
TLSv1.3 (IN), TLS handshake, Server hello (2):
TLSv1.2 (IN), TLS header, Finished (20):
TLSv1.2 (IN), TLS header, Supplemental data (23):
TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
TLSv1.2 (IN), TLS header, Supplemental data (23):
TLSv1.3 (IN), TLS handshake, Certificate (11):
TLSv1.2 (IN), TLS header, Supplemental data (23):
TLSv1.3 (IN), TLS handshake, CERT verify (15):
TLSv1.2 (IN), TLS header, Supplemental data (23):
TLSv1.3 (IN), TLS handshake, Finished (20):
TLSv1.2 (OUT), TLS header, Finished (20):
TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
TLSv1.2 (OUT), TLS header, Supplemental data (23):
TLSv1.3 (OUT), TLS handshake, Finished (20):
SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
ALPN, server accepted to use h2
Server certificate:
subject: CN=services-test.airportauthority.net; O=your-organization
start date: Oct 21 11:50:36 2024 GMT
expire date: Oct 21 11:50:36 2025 GMT
issuer: CN=services-test.airportauthority.net; O=your-organization
SSL certificate verify result: self-signed certificate (18), continuing anyway.
Using HTTP2, server supports multiplexing
Connection state changed (HTTP/2 confirmed)
Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
TLSv1.2 (OUT), TLS header, Supplemental data (23):
TLSv1.2 (OUT), TLS header, Supplemental data (23):
TLSv1.2 (OUT), TLS header, Supplemental data (23):
Using Stream ID: 1 (easy handle 0x559ac65e7690)
TLSv1.2 (OUT), TLS header, Supplemental data (23):
GET /feeservice/v1/fees/contact-info HTTP/2
Host: services-test.airportauthority.net
user-agent: curl/7.81.0
accept: /
authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJtbmkyaXZ5anh5d211d2Z0dGR3Rm1nMFFtQ1JhaUlYcnNIVnVFVDdHVUFzIn0.eyJleHAiOjE3MzI2OTIyMzksImlhdCI6MTczMjY5MTkzOSwianRpIjoiYTVlZjYwMWQtNTM5MS00YmRlLTkzMWYtYjgzM2ZmNGQxYmIyIiwiaXNzIjoiaHR0cHM6Ly9rZXljbG9hay5haXJwb3J0YXV0aG9yaXR5Lm5ldC9yZWFsbXMvQWlycG9ydC1BdXRob3JpdHkiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiOTg2NmI4M2QtMTE5NC00NDFlLWE4ZWYtYzJlNWEzYWVhNjM2IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoicmV2ZW51ZS1zb3VyY2Utd2ViLWFwcCIsInNpZCI6IjQ5ZmFhZGFmLWE0MGItNDZiYi1hYzczLTFkYmEzYWZmNjNjYSIsImFjciI6InBhc3N3b3JkIiwiYWxsb3dlZC1vcmlnaW5zIjpbImh0dHA6Ly9haXJsaW5lLWFkbWluaXN0cmF0aW9uLWFwcC5haXJwb3J0YXV0aG9yaXR5Lm5ldCIsImh0dHA6Ly9sYW5kaW5nLWF1dGhvcml6YXRpb24td29ya2Zsb3ctYXBwLmFpcnBvcnRhdXRob3JpdHkubmV0IiwiaHR0cHM6Ly9hcHAuYWlycG9ydGF1dGhvcml0eS5uZXQiLCJodHRwOi8vYXBwLmFpcnBvcnRhdXRob3JpdHkubmV0IiwiaHR0cDovLzM0LjQxLjIxNC4xNDEiLCJodHRwOi8vbG9jYWxob3N0OjMwMDAiLCJodHRwOi8vYXBwLXRlc3QuYWlycG9ydGF1dGhvcml0eS5uZXQiLCJodHRwOi8vMzQuNzEuMjE5LjI0NSJdLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsiZGVmYXVsdC1yb2xlcy1haXJwb3J0LWF1dGhvcml0eSIsIm5ld1VzZXJSb2xlIiwib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJtaWNyb3Byb2ZpbGUtand0IGVtYWlsIHByb2ZpbGUiLCJ1cG4iOiJhcmp1bkByYWRpYW50c29sdXRpb24uY28iLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwibmFtZSI6ImFyanVuIGJvc2UiLCJncm91cHMiOlsiZGVmYXVsdC1yb2xlcy1haXJwb3J0LWF1dGhvcml0eSIsIm5ld1VzZXJSb2xlIiwib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJhcmp1bkByYWRpYW50c29sdXRpb24uY28iLCJnaXZlbl9uYW1lIjoiYXJqdW4iLCJmYW1pbHlfbmFtZSI6ImJvc2UiLCJlbWFpbCI6ImFyanVuQHJhZGlhbnRzb2x1dGlvbi5jbyJ9.O617G1siU1kdBvmLnfJ1Bwm8J4LYST12sRVJinvjoXzligQ9ePP3HZOdva_IDILg2NI7vgYciaexVwU7nawk-cybcOIzhpN3iG6mCzpGzFtMSvegbzt_32g3geE1leC3oh96wliZivh2HBhd-2Moc8ZEqNPx-ZdEgD9k0a89b_ekO2XV2L9uvBB0VhENeCkEifTe5_IShPy2hV0Je-5oNRBqe0DvxBB5cB7_hCq-BKaa0CEKD1e8vIgJ_3RaKuEukdP5U_H9yb_cuJPrpwL9zLUfnG91hTTg4VIprsUMs10BjGhrWnTaPfCtoaA3PQZVULm0_M4Lo-x9l1HJk85Wtw
TLSv1.2 (IN), TLS header, Supplemental data (23):
TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
TLSv1.2 (IN), TLS header, Supplemental data (23):
TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
old SSL session ID is stale, removing
TLSv1.2 (IN), TLS header, Supplemental data (23):
Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
TLSv1.2 (OUT), TLS header, Supplemental data (23):
TLSv1.2 (IN), TLS header, Supplemental data (23):
TLSv1.2 (IN), TLS header, Supplemental data (23):
< HTTP/2 200
< content-type: application/json
< date: Wed, 27 Nov 2024 07:19:38 GMT
< server: APISIX/3.11.0
< access-control-allow-origin: *
< access-control-allow-methods: GET, POST, PUT, DELETE, PATCH, OPTIONS, MKCOL, COPY, MOVE, PROPFIND, LOCK, UNLOCK, PATCH, TRACE
< access-control-max-age: 5
< access-control-expose-headers: *, groups
< access-control-allow-headers: *
<
Connection #0 to host services-test.airportauthority.net left intact
{"message":null,"contactDetails":null,"support":null}
but as you can see the groups are not being extracted from the token neither being shown.
Environment
apisix version):uname -a):openresty -Vornginx -V):curl http://127.0.0.1:9090/v1/server_info):luarocks --version):The text was updated successfully, but these errors were encountered: