Re: [I] bug: Plugins in config.yaml reported as disabled or unknown and plugin [xx] warning after upgrade to 3.15.0 [apisix]

Tue, 09 Jun 2026 00:59:53 -0700 


hanzhenfang commented on issue #13305:
URL: https://github.com/apache/apisix/issues/13305#issuecomment-4657526416

   Hi, @Baoyuantop  I created a minimal reproduction for this warning. The key 
point is that the
   warning is emitted from the **stream worker**, but the plugin in the warning 
is
   an HTTP plugin configured through `plugin_metadata`.
   
   ## Environment
   
   ```text
   Image: apache/apisix:3.15.0-debian
   APISIX version: 3.15.0
   Mode: standalone / data_plane / yaml
   proxy_mode: http&stream
   ```
   
   ## Minimal config
   
   `config.yaml`:
   
   ```yaml
   apisix:
     node_listen:
       - 9080
     enable_admin: false
     proxy_mode: "http&stream"
     stream_proxy:
       tcp:
         - 9102
   
   deployment:
     role: data_plane
     role_data_plane:
       config_provider: yaml
   
   plugins:
     - cors
     - ip-restriction
     - basic-auth
     - serverless-post-function
   
   stream_plugins:
     - ip-restriction
     - limit-conn
     - mqtt-proxy
   ```
   
   `apisix.yaml`:
   
   ```yaml
   routes:
     - id: 1
       uri: /hello
       upstream:
         type: roundrobin
         nodes:
           "127.0.0.1:1980": 1
       plugins:
         cors:
           allow_origins_by_metadata:
             - local
   
   stream_routes:
     - id: 1
       server_port: 9102
       upstream:
         type: roundrobin
         nodes:
           "127.0.0.1:1981": 1
       plugins:
         ip-restriction:
           whitelist:
             - 127.0.0.1
   
   plugin_metadata:
     - id: cors
       allow_origins:
         local: http://example.com
   #END
   ```
   
   `docker-compose.yaml`:
   
   ```yaml
   name: issue-13305
   
   services:
     apisix:
       image: apache/apisix:3.15.0-debian
       container_name: issue-13305-apisix
       restart: "no"
       volumes:
         - ./config.yaml:/usr/local/apisix/conf/config.yaml:ro
         - ./apisix.yaml:/usr/local/apisix/conf/apisix.yaml:ro
       ports:
         - "19081:9080"
         - "19102:9102"
         - "19091:9090"
   ```
   
   ## Steps to reproduce
   
   ```bash
   docker compose up -d
   
   docker logs --since 5m issue-13305-apisix 2>&1 \
     | rg -n 'disabled or unknown plugin|failed to load plugin|failed to check'
   ```
   
   ## Actual result
   
   The warning is printed by the stream worker:
   
   ```text
   [warn] ... stream [lua] plugin.lua:894: check_single_plugin_schema(): 
skipping check schema for disabled or unknown plugin [cors]. Enable the plugin 
or modify configuration, context: init_worker_by_lua*
   ```
   
   `cors` is already enabled in the HTTP `plugins` list:
   
   ```yaml
   plugins:
     - cors
   ```
   
   So the warning is misleading. The plugin is not disabled from the HTTP
   subsystem's point of view.
   
   I also checked for unrelated plugin loading or schema errors:
   
   ```bash
   docker logs --since 5m issue-13305-apisix 2>&1 \
     | rg -n '\[error\]|failed to load plugin|failed to check'
   ```
   
   There was no output from this broader error scan.
   
   ## Control experiment
   
   If I remove the HTTP `plugin_metadata`:
   
   ```yaml
   plugin_metadata:
     - id: cors
       allow_origins:
         local: http://example.com
   ```
   
   and change the route plugin config to not reference metadata:
   
   ```yaml
   plugins:
     cors:
       allow_origins: http://example.com
   ```
   
   then restart APISIX and run the same log filter again:
   
   ```bash
   docker compose down
   docker compose up -d
   
   docker logs --since 5m issue-13305-apisix 2>&1 \
     | rg -n 'disabled or unknown plugin|failed to load plugin|failed to check'
   ```
   
   the warning disappears.
   
   This suggests the trigger is specifically:
   
   ```text
   http&stream + yaml/data_plane + HTTP plugin_metadata + active stream worker
   ```
   
   not the stream route plugin config itself.
   
   ## Suspected cause
   
   From the 3.15.0 code path, both HTTP and stream init paths call:
   
   ```text
   plugin.init_worker()
   ```
   
   `plugin.init_worker()` registers `/plugin_metadata` with:
   
   ```text
   checker = check_plugin_metadata
   ```
   
   The metadata checker then calls:
   
   ```text
   check_plugin_metadata(item)
     -> check_single_plugin_schema(item.id, item, TYPE_METADATA, true)
     -> local_plugins_hash[item.id]
   ```
   
   For this reproduction, `item.id` is `cors`.
   
   In a stream worker, `cors` is not a stream plugin, so the current worker does
   not have that HTTP plugin loaded in its plugin table. As a result, the stream
   worker reports:
   
   ```text
   disabled or unknown plugin [cors]
   ```
   
   However, `cors` is valid and enabled for the HTTP subsystem.
   
   So the issue looks like a subsystem boundary problem in the `plugin_metadata`
   checker: stream workers are checking HTTP plugin metadata from their own 
plugin
   view and warning about plugins that belong to the HTTP subsystem.
   
   Expected behavior would be one of:
   
   - stream workers skip HTTP-only `plugin_metadata` without warning;
   - or the metadata checker chooses the correct HTTP/stream plugin registry;
   - or strict unknown-plugin validation happens only in the appropriate control
     plane/config validation path, not as a misleading data-plane stream worker
     warning.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to