kayx23 opened a new issue, #12912:
URL: https://github.com/apache/apisix/issues/12912
### Current Behavior
Consumer group rate limiting rules are not being applied when consumer
credentials are configured using the `/consumers/{username}/credentials`
endpoint. However, rate limiting roles work correctly when authentication
plugins are configured directly on the consumer.
### Expected Behavior
Consumer group rate limiting rules should work correctly when consumer
credentials are configured using the `/consumers/{username}/credentials`
endpoint.
### Error Logs
_No response_
### Steps to Reproduce
## Use` /credentials` endpoint (rate limiting not working)
Create consumer groups:
```shell
curl "http://127.0.0.1:9180/apisix/admin/consumer_groups"; -X PUT -d '{
"id": "basic_plan",
"plugins": {
"limit-count": {
"count": 2,
"time_window": 30,
"rejected_code": 429
}
}
}'
curl "http://127.0.0.1:9180/apisix/admin/consumer_groups"; -X PUT -d '{
"id": "premium_plan",
"plugins": {
"limit-count": {
"count": 20,
"time_window": 30,
"rejected_code": 429
}
}
}'
```
Create consumers:
```shell
curl "http://127.0.0.1:9180/apisix/admin/consumers"; -X PUT -d '{
"username": "JohnDoe",
"group_id": "basic_plan"
}'
curl "http://127.0.0.1:9180/apisix/admin/consumers"; -X PUT -d '{
"username": "FetchBot",
"group_id": "premium_plan"
}'
```
Configure credentials:
```shell
curl "http://127.0.0.1:9180/apisix/admin/consumers/JohnDoe/credentials"; -X
PUT -d '{
"id": "cred-john-key-auth",
"plugins": {
"key-auth": {
"key": "john-key"
}
}
}'
curl "http://127.0.0.1:9180/apisix/admin/consumers/FetchBot/credentials"; -X
PUT -d '{
"id": "cred-bot-key-auth",
"plugins": {
"key-auth": {
"key": "bot-key"
}
}
}'
```
Create a route:
```shell
curl "http://127.0.0.1:9180/apisix/admin/routes"; -X PUT -d '{
"id": "rate-limiting",
"uri": "/internal",
"plugins": {
"key-auth": {}
},
"upstream": {
"nodes": {
"mock.api7.ai:443": 1
},
"pass_host": "node",
"scheme": "https"
}
}'
```
Test rate limiting:
```shell
resp=$(seq 10 | xargs -I{} curl "http://127.0.0.1:9080/internal"; -H 'apikey:
john-key' -o /dev/null -s -w "%{http_code}\n") && \
count_200=$(echo "$resp" | grep "200" | wc -l) && \
count_429=$(echo "$resp" | grep "429" | wc -l) && \
echo "200": $count_200, "429": $count_429
# Result: 200: 10, 429: 0
# SHOULD BE: 200: 2, 429: 8
```
## Configure auth credentials directly on the consumers (rate limiting works)
Create the same consumer groups as above.
Create consumers with auth plugins configured directly:
```shell
curl "http://127.0.0.1:9180/apisix/admin/consumers"; -X PUT -d '{
"username": "JohnDoe",
"group_id": "basic_plan",
"plugins": {
"key-auth": {
"key": "john-key"
}
}
}'
curl "http://127.0.0.1:9180/apisix/admin/consumers"; -X PUT -d '{
"username": "FetchBot",
"group_id": "premium_plan",
"plugins": {
"key-auth": {
"key": "bot-key"
}
}
}'
```
Test rate limiting:
```shell
resp=$(seq 10 | xargs -I{} curl "http://127.0.0.1:9080/internal"; -H 'apikey:
john-key' -o /dev/null -s -w "%{http_code}\n") && \
count_200=$(echo "$resp" | grep "200" | wc -l) && \
count_429=$(echo "$resp" | grep "429" | wc -l) && \
echo "200": $count_200, "429": $count_429
# Result: 200: 2, 429: 8 (CORRECT)
```
### Environment
APISIX version: 3.14.1
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
