help request: My serverless pre function is not working , i am using apisix ver 3.11

[arjunradiant]

Description

apiVersion: apisix.apache.org/v2 kind: ApisixRoute metadata: name: feeservice-route-test namespace: feeservice-test annotations: cert-manager.io/cluster-issuer: "letsencrypt-prod" nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" nginx.ingress.kubernetes.io/ssl-redirect: "true" spec: http:

• name: feeservice match: hosts:

  • services-test.airportauthority.net paths:
  • /feeservice/* backends:
    • serviceName: feeservice-test servicePort: 8080 plugins:
    • name: proxy-rewrite enable: true config: regex_uri:
    • ^/feeservice/(.*)
    • "/$1"
    • name: cors enable: true config: allow_origins: "" allow_methods: "GET, POST, PUT, DELETE, PATCH, OPTIONS, MKCOL, COPY, MOVE, PROPFIND, LOCK, UNLOCK, PATCH, TRACE" allow_headers: "" expose_headers: "*"
    • name: openid-connect enable: true config: bearer_only: true client_id: apisix client_secret: 5w0ne2td7AOf49FMT7pZr9BgQhverkPY discovery: https://keycloak.airportauthority.net/realms/Airport-Authority/.well-known/openid-configuration
    • name: serverless-pre-function enable: true config: functions:
      • | return function(conf, ctx) local core = require("apisix.core") local jwt = require("resty.jwt") local jwt_token = core.request.header(ctx, "Authorization") if jwttoken then local , _, jwt_token_only = string.find(jwt_token, "Bearer%s+(.+)") if jwt_token_only then local jwt_obj = jwt:load_jwt(jwt_token_only) if jwt_obj.valid and jwt_obj.payload.groups then local groups_claim_value = table.concat(jwt_obj.payload.groups, ",") core.request.set_header(ctx, "groups", groups_claim_value) end end end end

• name: swagger-ui match: hosts:

  • services-test.airportauthority.net paths:
  • /feeservice/swagger-ui/* backends:
    • serviceName: feeservice-test servicePort: 8080 plugins:
    • name: proxy-rewrite enable: true config: regex_uri:
    • ^/swagger-ui/(.*)
    • "/$1"
    • name: cors enable: true config: allow_origins: "" allow_methods: "GET, POST, PUT, DELETE, PATCH, OPTIONS, MKCOL, COPY, MOVE, PROPFIND, LOCK, UNLOCK, PATCH, TRACE" allow_headers: "" expose_headers: "*"

• name: swagger-config match: hosts:

  • services-test.airportauthority.net paths:
  • /feeservice/v3/* backends:
    • serviceName: feeservice-test servicePort: 8080 plugins:
    • name: proxy-rewrite enable: true config: regex_uri:
    • ^(feeservice/v3/.*)
    • "/$1"
    • name: cors enable: true config: allow_origins: "" allow_methods: "GET, POST, PUT, DELETE, PATCH, OPTIONS, MKCOL, COPY, MOVE, PROPFIND, LOCK, UNLOCK, PATCH, TRACE" allow_headers: "" expose_headers: "*"

• name: feeservice-wildcard match: hosts:

  • services-test.airportauthority.net paths:
  • "/-fee/" backends:
    • serviceName: feeservice-test servicePort: 8080 plugins:
    • name: proxy-rewrite enable: true config: regex_uri:
    • ^/(.*)
    • "/$1"
    • name: cors enable: true config: allow_origins: "" allow_methods: "GET, POST, PUT, DELETE, PATCH, OPTIONS, MKCOL, COPY, MOVE, PROPFIND, LOCK, UNLOCK, PATCH, TRACE" allow_headers: "" expose_headers: "*"
    • name: openid-connect enable: true config: bearer_only: true client_id: apisix client_secret: 5w0ne2td7AOf49FMT7pZr9BgQhverkPY discovery: https://keycloak.airportauthority.net/realms/Airport-Authority/.well-known/openid-configuration
    • name: serverless-pre-function enable: true config: functions:
      • | return function(conf, ctx) local core = require("apisix.core") local jwt = require("resty.jwt") local jwt_token = core.request.header(ctx, "Authorization") if jwttoken then local , _, jwt_token_only = string.find(jwt_token, "Bearer%s+(.+)") if jwt_token_only then local jwt_obj = jwt:load_jwt(jwt_token_only) if jwt_obj.valid and jwt_obj.payload.groups then local groups_claim_value = table.concat(jwt_obj.payload.groups, ",") core.request.set_header(ctx, "groups", groups_claim_value) end end end end

Environment

• APISIX version (run apisix version):
• Operating system (run uname -a):
• OpenResty / Nginx version (run openresty -V or nginx -V):
• etcd version, if relevant (run curl http://127.0.0.1:9090/v1/server_info):
• APISIX Dashboard version, if relevant:
• Plugin runner version, for issues related to plugin runners:
• LuaRocks version, for installation issues (run luarocks --version):

[kayx23]

Not working how? What was the expected behaviour and what's the actual outcome?

[arjunradiant]

@kayx23 , my goal was the when I would use curl it would extract the groups from the bearer token and print it also

curl --location 'https://services-test.airportauthority.net/feeservice/v1/fees/contact-info' \ --header 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJtbmkyaXZ5anh5d211d2Z0dGR3Rm1nMFFtQ1JhaUlYcnNIVnVFVDdHVUFzIn0.eyJleHAiOjE3MzI2OTIyMzksImlhdCI6MTczMjY5MTkzOSwianRpIjoiYTVlZjYwMWQtNTM5MS00YmRlLTkzMWYtYjgzM2ZmNGQxYmIyIiwiaXNzIjoiaHR0cHM6Ly9rZXljbG9hay5haXJwb3J0YXV0aG9yaXR5Lm5ldC9yZWFsbXMvQWlycG9ydC1BdXRob3JpdHkiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiOTg2NmI4M2QtMTE5NC00NDFlLWE4ZWYtYzJlNWEzYWVhNjM2IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoicmV2ZW51ZS1zb3VyY2Utd2ViLWFwcCIsInNpZCI6IjQ5ZmFhZGFmLWE0MGItNDZiYi1hYzczLTFkYmEzYWZmNjNjYSIsImFjciI6InBhc3N3b3JkIiwiYWxsb3dlZC1vcmlnaW5zIjpbImh0dHA6Ly9haXJsaW5lLWFkbWluaXN0cmF0aW9uLWFwcC5haXJwb3J0YXV0aG9yaXR5Lm5ldCIsImh0dHA6Ly9sYW5kaW5nLWF1dGhvcml6YXRpb24td29ya2Zsb3ctYXBwLmFpcnBvcnRhdXRob3JpdHkubmV0IiwiaHR0cHM6Ly9hcHAuYWlycG9ydGF1dGhvcml0eS5uZXQiLCJodHRwOi8vYXBwLmFpcnBvcnRhdXRob3JpdHkubmV0IiwiaHR0cDovLzM0LjQxLjIxNC4xNDEiLCJodHRwOi8vbG9jYWxob3N0OjMwMDAiLCJodHRwOi8vYXBwLXRlc3QuYWlycG9ydGF1dGhvcml0eS5uZXQiLCJodHRwOi8vMzQuNzEuMjE5LjI0NSJdLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsiZGVmYXVsdC1yb2xlcy1haXJwb3J0LWF1dGhvcml0eSIsIm5ld1VzZXJSb2xlIiwib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJtaWNyb3Byb2ZpbGUtand0IGVtYWlsIHByb2ZpbGUiLCJ1cG4iOiJhcmp1bkByYWRpYW50c29sdXRpb24uY28iLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwibmFtZSI6ImFyanVuIGJvc2UiLCJncm91cHMiOlsiZGVmYXVsdC1yb2xlcy1haXJwb3J0LWF1dGhvcml0eSIsIm5ld1VzZXJSb2xlIiwib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJhcmp1bkByYWRpYW50c29sdXRpb24uY28iLCJnaXZlbl9uYW1lIjoiYXJqdW4iLCJmYW1pbHlfbmFtZSI6ImJvc2UiLCJlbWFpbCI6ImFyanVuQHJhZGlhbnRzb2x1dGlvbi5jbyJ9.O617G1siU1kdBvmLnfJ1Bwm8J4LYST12sRVJinvjoXzligQ9ePP3HZOdva_IDILg2NI7vgYciaexVwU7nawk-cybcOIzhpN3iG6mCzpGzFtMSvegbzt_32g3geE1leC3oh96wliZivh2HBhd-2Moc8ZEqNPx-ZdEgD9k0a89b_ekO2XV2L9uvBB0VhENeCkEifTe5_IShPy2hV0Je-5oNRBqe0DvxBB5cB7_hCq-BKaa0CEKD1e8vIgJ_3RaKuEukdP5U_H9yb_cuJPrpwL9zLUfnG91hTTg4VIprsUMs10BjGhrWnTaPfCtoaA3PQZVULm0_M4Lo-x9l1HJk85Wtw' -v -k

• Trying 35.188.157.114:443...
• Connected to services-test.airportauthority.net (35.188.157.114) port 443 (#0)
• ALPN, offering h2
• ALPN, offering http/1.1
• TLSv1.0 (OUT), TLS header, Certificate Status (22):
• TLSv1.3 (OUT), TLS handshake, Client hello (1):
• TLSv1.2 (IN), TLS header, Certificate Status (22):
• TLSv1.3 (IN), TLS handshake, Server hello (2):
• TLSv1.2 (IN), TLS header, Finished (20):
• TLSv1.2 (IN), TLS header, Supplemental data (23):
• TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
• TLSv1.2 (IN), TLS header, Supplemental data (23):
• TLSv1.3 (IN), TLS handshake, Certificate (11):
• TLSv1.2 (IN), TLS header, Supplemental data (23):
• TLSv1.3 (IN), TLS handshake, CERT verify (15):
• TLSv1.2 (IN), TLS header, Supplemental data (23):
• TLSv1.3 (IN), TLS handshake, Finished (20):
• TLSv1.2 (OUT), TLS header, Finished (20):
• TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
• TLSv1.2 (OUT), TLS header, Supplemental data (23):
• TLSv1.3 (OUT), TLS handshake, Finished (20):
• SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
• ALPN, server accepted to use h2
• Server certificate:
• subject: CN=services-test.airportauthority.net; O=your-organization
• start date: Oct 21 11:50:36 2024 GMT
• expire date: Oct 21 11:50:36 2025 GMT
• issuer: CN=services-test.airportauthority.net; O=your-organization
• SSL certificate verify result: self-signed certificate (18), continuing anyway.
• Using HTTP2, server supports multiplexing
• Connection state changed (HTTP/2 confirmed)
• Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
• TLSv1.2 (OUT), TLS header, Supplemental data (23):
• TLSv1.2 (OUT), TLS header, Supplemental data (23):
• TLSv1.2 (OUT), TLS header, Supplemental data (23):
• Using Stream ID: 1 (easy handle 0x559ac65e7690)
• TLSv1.2 (OUT), TLS header, Supplemental data (23):

  GET /feeservice/v1/fees/contact-info HTTP/2 Host: services-test.airportauthority.net user-agent: curl/7.81.0 accept: / authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJtbmkyaXZ5anh5d211d2Z0dGR3Rm1nMFFtQ1JhaUlYcnNIVnVFVDdHVUFzIn0.eyJleHAiOjE3MzI2OTIyMzksImlhdCI6MTczMjY5MTkzOSwianRpIjoiYTVlZjYwMWQtNTM5MS00YmRlLTkzMWYtYjgzM2ZmNGQxYmIyIiwiaXNzIjoiaHR0cHM6Ly9rZXljbG9hay5haXJwb3J0YXV0aG9yaXR5Lm5ldC9yZWFsbXMvQWlycG9ydC1BdXRob3JpdHkiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiOTg2NmI4M2QtMTE5NC00NDFlLWE4ZWYtYzJlNWEzYWVhNjM2IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoicmV2ZW51ZS1zb3VyY2Utd2ViLWFwcCIsInNpZCI6IjQ5ZmFhZGFmLWE0MGItNDZiYi1hYzczLTFkYmEzYWZmNjNjYSIsImFjciI6InBhc3N3b3JkIiwiYWxsb3dlZC1vcmlnaW5zIjpbImh0dHA6Ly9haXJsaW5lLWFkbWluaXN0cmF0aW9uLWFwcC5haXJwb3J0YXV0aG9yaXR5Lm5ldCIsImh0dHA6Ly9sYW5kaW5nLWF1dGhvcml6YXRpb24td29ya2Zsb3ctYXBwLmFpcnBvcnRhdXRob3JpdHkubmV0IiwiaHR0cHM6Ly9hcHAuYWlycG9ydGF1dGhvcml0eS5uZXQiLCJodHRwOi8vYXBwLmFpcnBvcnRhdXRob3JpdHkubmV0IiwiaHR0cDovLzM0LjQxLjIxNC4xNDEiLCJodHRwOi8vbG9jYWxob3N0OjMwMDAiLCJodHRwOi8vYXBwLXRlc3QuYWlycG9ydGF1dGhvcml0eS5uZXQiLCJodHRwOi8vMzQuNzEuMjE5LjI0NSJdLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsiZGVmYXVsdC1yb2xlcy1haXJwb3J0LWF1dGhvcml0eSIsIm5ld1VzZXJSb2xlIiwib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJtaWNyb3Byb2ZpbGUtand0IGVtYWlsIHByb2ZpbGUiLCJ1cG4iOiJhcmp1bkByYWRpYW50c29sdXRpb24uY28iLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwibmFtZSI6ImFyanVuIGJvc2UiLCJncm91cHMiOlsiZGVmYXVsdC1yb2xlcy1haXJwb3J0LWF1dGhvcml0eSIsIm5ld1VzZXJSb2xlIiwib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJhcmp1bkByYWRpYW50c29sdXRpb24uY28iLCJnaXZlbl9uYW1lIjoiYXJqdW4iLCJmYW1pbHlfbmFtZSI6ImJvc2UiLCJlbWFpbCI6ImFyanVuQHJhZGlhbnRzb2x1dGlvbi5jbyJ9.O617G1siU1kdBvmLnfJ1Bwm8J4LYST12sRVJinvjoXzligQ9ePP3HZOdva_IDILg2NI7vgYciaexVwU7nawk-cybcOIzhpN3iG6mCzpGzFtMSvegbzt_32g3geE1leC3oh96wliZivh2HBhd-2Moc8ZEqNPx-ZdEgD9k0a89b_ekO2XV2L9uvBB0VhENeCkEifTe5_IShPy2hV0Je-5oNRBqe0DvxBB5cB7_hCq-BKaa0CEKD1e8vIgJ_3RaKuEukdP5U_H9yb_cuJPrpwL9zLUfnG91hTTg4VIprsUMs10BjGhrWnTaPfCtoaA3PQZVULm0_M4Lo-x9l1HJk85Wtw

• TLSv1.2 (IN), TLS header, Supplemental data (23):
• TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
• TLSv1.2 (IN), TLS header, Supplemental data (23):
• TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
• old SSL session ID is stale, removing
• TLSv1.2 (IN), TLS header, Supplemental data (23):
• Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
• TLSv1.2 (OUT), TLS header, Supplemental data (23):
• TLSv1.2 (IN), TLS header, Supplemental data (23):
• TLSv1.2 (IN), TLS header, Supplemental data (23): < HTTP/2 200 < content-type: application/json < date: Wed, 27 Nov 2024 07:19:38 GMT < server: APISIX/3.11.0 < access-control-allow-origin: < access-control-allow-methods: GET, POST, PUT, DELETE, PATCH, OPTIONS, MKCOL, COPY, MOVE, PROPFIND, LOCK, UNLOCK, PATCH, TRACE < access-control-max-age: 5 < access-control-expose-headers: , groups < access-control-allow-headers: * <
• Connection #0 to host services-test.airportauthority.net left intact {"message":null,"contactDetails":null,"support":null}

but as you can see the groups are not being extracted from the token neither being shown.

[arjunradiant]

please can you help on this @kayx23 @indrekj @huacnlee @markokocic