janiussyafiq opened a new pull request, #12998:
URL: https://github.com/apache/apisix/pull/12998
### Description
<!-- Please include a summary of the change and which issue is fixed. -->
<!-- Please also include relevant motivation and context. -->
This PR fixes a bug where consumer group plugins are not applied when
consumers are configured using the credentials endpoint. The issue occurs
because the `merge_consumer_route()` function in `plugin.lua` returns early
when a consumer has no direct plugins, without checking if the consumer belongs
to a consumer group that has plugins.
When using the credentials endpoint
(`/apisix/admin/consumers/{consumer}/credentials/{credential_id}`), the
credential object stores the authentication plugin (e.g., `key-auth`), while
the parent consumer may have no direct plugins but references a consumer group
via `group_id`. The bug is in `apisix/plugin.lua` lines 706-712:
https://github.com/apache/apisix/blob/184678ccc1b3ca97bb0a9c5df2dfc92286d04514/apisix/plugin.lua#L708-L714
This early return prevents consumer group plugins from being merged into the
request context.
Solution
The fix modifies merge_consumer_route() to:
1. Check both consumer_conf.plugins and consumer_group_conf for plugins
before early return
2. Merge consumer group plugins first, then consumer plugins (maintaining
correct precedence)
3. Only return early if neither consumer nor consumer group has plugins
This ensures consumer group plugins are applied regardless of whether the
consumer has direct plugins.
#### Which issue(s) this PR fixes:
<!--
*Automatically closes linked issue when PR is merged.
Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`.
-->
Fixes #12912
### Checklist
- [x] I have explained the need for this PR and the problem it solves
- [x] I have explained the changes or the new features added to this PR
- [x] I have added tests corresponding to this change
- [ ] I have updated the documentation to reflect this change
- [x] I have verified that this change is backward compatible (If not,
please discuss on the [APISIX mailing
list](https://github.com/apache/apisix/tree/master#community) first)
<!--
Note
1. Mark the PR as draft until it's ready to be reviewed.
2. Always add/update tests for any changes unless you have a good reason.
3. Always update the documentation to reflect the changes made in the PR.
4. Make a new commit to resolve conversations instead of `push -f`.
5. To resolve merge conflicts, merge master instead of rebasing.
6. Use "request review" to notify the reviewer after making changes.
7. Only a reviewer can mark a conversation as resolved.
-->
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
