-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rate-limiting plugin not executed after re-creation of the Consumer it is attached to (db mode) #6266
Comments
Is incorrect usage ? kong.client.get_consumer() Returns the consumer entity of the currently authenticated consumer. If not set yet, it returns nil. consumer and authenticate (BASIC/ API KEYS / HMAC /OAUTH2 / JWT), both indispensability. |
Hi @fairyqb Just to try to clarify:
So configuration is exactly the same... but in step #5, while authentication is working (and Consumer has been found and allocated to the request), rate limiting is not applied. Nothing related to the PDK I think. |
I didn't reproduce this problem ,I used the version v2.1.0 |
Oh, you are right: I initially tested with a custom authentication plugin. I thought I also tested with the standard
However, the main difference I have compared to the
my code is:
And then, instead of (https://github.com/Kong/kong/blob/master/kong/plugins/basic-auth/access.lua#L112):
my code is:
I thought it would be valid to use Strangely, the logs I put in my code show that no error happens when using my code during step # 3 as well as step # 5 ( So:
|
inspect identifier value from plugins\rate-limiting.lua `
` |
Yes, @fairyqb , that's the reason why I'm calling Indeed, I think I found where the problem is: I printed the id of the Consumer I'm retrieving from the cache (i.e. retrieved by the call to
My understanding is that the deletion of the Consumer through the Admi API is removing the Consumer from the cache using a cache key that has been built based on the uuid of the Consumer... while my plugin has built a cache key using the username (as it does not have the uuid of the Consumer but just the username). Both cache keys will never match, and deletion request through the Admin API will never remove the other instance from the cache. My conclusion is that I have 2 options:
What would be your advice ? Which one of the 2 solution looks better? (in stable mode, option 1 should costs 1 DB access while option 2 should cost only 2 cache access... but maybe the DB access has a cache itself that I don't see!) Any alternate solution you would recommend instead? Thanks a lot for your help ! |
@pamiel DB access does not have a cache, so solution 2 is better! I think we're good to close this issue since the rate-limiting plugin itself is okay and now the matter lies in your custom plugin, but I think you're well set in the path for a solution! If you spot any other issue on the Kong side, make sure to let us know! |
Summary
Rate-limiting plugin is no more executed if the Consumer (on which the plugin has been defined) is deleted and then recreated (together with the rate limiting plugin, of course!!).
Tested on Kong 1.5.2 and 2.0.5, single instance, in DB mode (Postgres).
Rate-limiting plugin configured in "local" mode.
Steps To Reproduce
X-RateLimit-
headers are presentX-RateLimit-
headers are not present) while it should!If you stop and restart Kong and call again the Route, rate limiting is now applied (which make me think that the issue is related to a the cache...).
Instead of deleting the Consumer:
Additional Details & Logs
As I'm suspecting the management of the cache to involved, here are the logs extract when deleting the Consumer:
Here are now the logs when re-creating the Consumer:
Finally, here are the logs when re-creating the rate-limiting plugin:
No specific logs are available when calling the Route after the re-creation process...
The text was updated successfully, but these errors were encountered: