diff --git a/src/apisix/plugins/README.md b/src/apisix/plugins/README.md index ecfa077..7fa7cd5 100644 --- a/src/apisix/plugins/README.md +++ b/src/apisix/plugins/README.md @@ -19,7 +19,7 @@ 上下文注入,优先级:18000 ~ 19000 - bk-legacy-invalid-params # priority: 18880 # 用于兼容老版本 go1.16 使用 `;` 作为 query string 分隔符 -- bk-opentelemetry # priority: 18870 # 这个插件用于 opentelemetry, 需要尽量精准统计全局的耗时,同时需要注入 trace_id/span_id 作为后面所有插件自定义 opentelemetry 上报的 trace_id 即 parent span_id +- bk-opentelemetry # priority: 18870 # 这个插件用于 opentelemetry, 需要尽量精准统计全局的耗时,同时需要注入 trace_id/span_id 作为后面所有插件自定义 opentelemetry 上报的 trace_id 即 parent span_id (abandonned, will be replaced by another plugin) - bk-not-found-handler # priority: 18860 # 该插件仅适用于由 operator 创建的默认根路由,用以规范化 404 消息。该插件以较高优先级结束请求返回 404 错误信息 - bk-request-id # priority: 18850 - bk-stage-context # priority: 18840 @@ -63,17 +63,20 @@ proxy 预处理:17000 ~ 17500 - bk-resource-header-rewrite # priority: 17420 - bk-mock # priority: 17150 -响应后处理: +官方插件: -- bk-response-check # priority: 153 -- bk-time-cost # priority: 150 -- bk-debug # priority: 145 -- bk-error-wrapper # priority: 0 # 该插件应默认应用于所有路由 +- fault-injection # priority: 11000 +- request-validation # priority: 2800 +- api-breaker # priority: 1005 +- prometheus # priority: 500 +- file-logger (priority update) # priority: 399 -默认:优先级: +响应后处理: -- prometheus # priority: 500 -- file-logger (priority update) # priority: 399 +- bk-response-check # priority: 153 +- bk-time-cost # priority: 150 +- bk-debug # priority: 145 +- bk-error-wrapper # priority: 0 # 该插件应默认应用于所有路由 ## 插件开发 diff --git a/src/apisix/plugins/bk-auth-verify.lua b/src/apisix/plugins/bk-auth-verify.lua index d1f7927..39be5f9 100644 --- a/src/apisix/plugins/bk-auth-verify.lua +++ b/src/apisix/plugins/bk-auth-verify.lua @@ -71,6 +71,7 @@ local function get_auth_params_from_header(ctx) local auth_params = core.json.decode(authorization) if type(auth_params) ~= "table" then + core.log.error("the invalid X-Bkapi-Authorization: ", core.json.delay_encode(authorization)) return nil, "request header X-Bkapi-Authorization is not a valid JSON" end diff --git a/src/apisix/plugins/bk-permission.lua b/src/apisix/plugins/bk-permission.lua index 1e10e3f..a9eb6b1 100644 --- a/src/apisix/plugins/bk-permission.lua +++ b/src/apisix/plugins/bk-permission.lua @@ -129,7 +129,10 @@ function _M.access(conf, ctx) -- 0. no permission records, return app_no_permission if pl_types.is_empty(data) then - return errorx.exit_with_apigw_err(ctx, errorx.new_app_no_permission():with_field("reason", reason_no_perm), _M) + local reason = reason_no_perm .. ", bk_app_code=" .. app_code + return errorx.exit_with_apigw_err( + ctx, errorx.new_app_no_permission():with_field("reason", reason), _M + ) end local now = ngx_time() @@ -145,8 +148,9 @@ function _M.access(conf, ctx) -- if only has one record, means expired if pl_tablex.size(data) == 1 then -- expired: permission has expired + local reason = reason_perm_expired .. ", type=gateway_permission, bk_app_code=" .. app_code return errorx.exit_with_apigw_err( - ctx, errorx.new_app_no_permission():with_field("reason", reason_perm_expired), _M + ctx, errorx.new_app_no_permission():with_field("reason", reason), _M ) end @@ -161,8 +165,9 @@ function _M.access(conf, ctx) return else -- expired: permission has expired + local reason = reason_perm_expired .. ", type=resource_permission, bk_app_code=" .. app_code return errorx.exit_with_apigw_err( - ctx, errorx.new_app_no_permission():with_field("reason", reason_perm_expired), _M + ctx, errorx.new_app_no_permission():with_field("reason", reason), _M ) end end diff --git a/src/apisix/tests/test-bk-permission.lua b/src/apisix/tests/test-bk-permission.lua index a8948c7..332816a 100644 --- a/src/apisix/tests/test-bk-permission.lua +++ b/src/apisix/tests/test-bk-permission.lua @@ -171,6 +171,8 @@ describe( local code = plugin.access(conf, ctx) assert.is_equal(403, code) + assert.is_equal(ctx.var.bk_apigw_error.error.message, + 'App has no permission to the resource [reason="no permission, bk_app_code=bk-app-code"]') assert.stub(cache_fallback.get_with_fallback).was_called(1) end ) @@ -184,6 +186,9 @@ describe( local code = plugin.access(conf, ctx) assert.is_equal(403, code) + -- the last return in access + assert.is_equal(ctx.var.bk_apigw_error.error.message, + 'App has no permission to the resource [reason="no permission"]') assert.stub(cache_fallback.get_with_fallback).was_called(1) end ) @@ -197,6 +202,8 @@ describe( local code = plugin.access(conf, ctx) assert.is_equal(403, code) + assert.is_equal(ctx.var.bk_apigw_error.error.message, + 'App has no permission to the resource [reason="permission has expired, type=gateway_permission, bk_app_code=bk-app-code"]') assert.stub(cache_fallback.get_with_fallback).was_called(1) end ) @@ -223,6 +230,8 @@ describe( local code = plugin.access(conf, ctx) assert.is_equal(403, code) + assert.is_equal(ctx.var.bk_apigw_error.error.message, + 'App has no permission to the resource [reason="permission has expired, type=resource_permission, bk_app_code=bk-app-code"]') assert.stub(cache_fallback.get_with_fallback).was_called(1) end )