search

gravitee-io / issues

Gravitee.io - API Platform - Issues
64 stars 26 forks source link

Shared API Key Does Not Always Bind to Subscriptions When Concurrent Requests Are Made #9502

Closed exalate-issue-sync[bot] closed 6 months ago

exalate-issue-sync[bot] commented 7 months ago

Describe the bug :

When multiple subscription calls are made to a single shared key application, all of the calls appear successful, but some of the subscriptions are missing the key.

To Reproduce :

Steps to reproduce the behaviour:

  1. Create an application that uses a shared API key. Add a couple of subscriptions initially in order to trigger setting the application to use the shared API key.
  2. Create and publish API key plans for a minimum of 3 APIs. Allow auto subscription.
  3. Simultaneously send the subscription requests. For example, use curl1 & curl2 & curl3, where a curl request has the following format, replacing only the planId for each request:

curl --location 'http://localhost:8083/management/v2/environments/DEFAULT/apis/0138de33-8656-45dd-b8de-338656f5ddd4/subscriptions' --header 'Content-Type: application/json' --header 'Authorization: Basic YWRtaW46YWRtaW4=' --header 'Cookie: XSRF-Graviteeio-AM-API-TOKEN=eyJraWQiOiJkZWZhdWx0LWdyYXZpdGVlLUFNLWtleSIsInR5cCI6IkpXVCIsImFsZyI6IkhTMjU2In0.eyJpc3MiOiJodHRwczpcL1wvZ3Jhdml0ZWUuYW0iLCJpYXQiOjE3MDU1MjgxNzksImp0aSI6IlNzeFluZVp2T2xSN2p0MnpQSm0zZmxvWTZ6VHJONXJJbENFVUNwdUhQam8iLCJ0b2tlbiI6IjRmMmU1MmQxLWE0MmQtNGM4NS1iYjA4LTMzNzZlMWRjNjVmZiJ9.lE_UYBcPaJBxHHybxTRrDr8NNe0sidXrxKgs1qfOXVU; XSRF-TOKEN=eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJncmF2aXRlZS1tYW5hZ2VtZW50LWF1dGgiLCJpYXQiOjE3MDU2OTA0MDksInRva2VuIjoiY2Y4NGU1ZjQtYjgwNS00ZjExLWI3NzQtYmVlNDA3ZDRlYmQwIn0.jrZLb0mz_PqoPk33Lg8bWvRajAGnANZ3gUnKPzljJzY' --data '

{ "planId": "bee094d4-055e-4e62-a094-d4055e6e6246", "applicationId": "d64623e1-b3ef-44e1-8623-e1b3ef14e19c"}

'

This behavior occurs with both v2 and v4 APIs. There was no clearly discernible pattern for which APIs would have a missing key.

Expected behaviour :

Simultaneous subscription calls should always successfully bind the key to all of the subscriptions.

Current behaviour :

The API key does not always bind to all subscriptions when concurrent requests are made.

Desktop :

* Please see Zendesk Support tab for further comments and attachments.

exalate-issue-sync[bot] commented 6 months ago

This issue will be fixed in versions 3.20.30, 4.0.19, 4.2.4, 4.1.10