fix(consumer): missed consumer update due to wrong version in cache (#12413)

Author: Revolyssup

apisix/consumer.lua

@@ -94,7 +94,7 @@ do
             count = consumers_count_for_lrucache
         })
 
-local function construct_consumer_data(val, plugin_config)
+local function construct_consumer_data(val, name, plugin_config)
     -- if the val is a Consumer, clone it to the local consumer;
     -- if the val is a Credential, to get the Consumer by consumer_name and then clone
     -- it to the local consumer.
@@ -103,20 +103,28 @@ local function construct_consumer_data(val, plugin_config)
         local consumer_name = get_consumer_name_from_credential_etcd_key(val.key)
         local the_consumer = consumers:get(consumer_name)
         if the_consumer and the_consumer.value then
-            consumer = core.table.clone(the_consumer.value)
-            consumer.modifiedIndex = the_consumer.modifiedIndex
-            consumer.credential_id = get_credential_id_from_etcd_key(val.key)
+            consumer = consumers_id_lrucache(val.value.id .. name, val.modifiedIndex..
+                                                the_consumer.modifiedIndex,
+                function (val, the_consumer)
+                    consumer = core.table.clone(the_consumer.value)
+                    consumer.modifiedIndex = the_consumer.modifiedIndex
+                    consumer.credential_id = get_credential_id_from_etcd_key(val.key)
+                    return consumer
+                end, val, the_consumer)
         else
             -- Normally wouldn't get here:
             -- it should belong to a consumer for any credential.
-            core.log.error("failed to get the consumer for the credential,",
+            return nil, "failed to get the consumer for the credential,",
                 " a wild credential has appeared!",
-                " credential key: ", val.key, ", consumer name: ", consumer_name)
-            return nil, "failed to get the consumer for the credential"
+                " credential key: ", val.key, ", consumer name: ", consumer_name
         end
     else
-        consumer = core.table.clone(val.value)
-        consumer.modifiedIndex = val.modifiedIndex
+        consumer = consumers_id_lrucache(val.value.id .. name, val.modifiedIndex,
+            function (val)
+                consumer = core.table.clone(val.value)
+                consumer.modifiedIndex = val.modifiedIndex
+                return consumer
+            end, val)
     end
 
     -- if the consumer has labels, set the field custom_id to it.
@@ -160,9 +168,10 @@ function plugin_consumer()
                     }
                 end
 
-                local consumer = consumers_id_lrucache(val.value.id .. name,
-                        val.modifiedIndex, construct_consumer_data, val, config)
-                if consumer == nil then
+                local consumer, err = construct_consumer_data(val, name, config)
+                if not consumer then
+                    core.log.error("failed to construct consumer data for plugin ",
+                                   name, ": ", err)
                     goto CONTINUE
                 end
 

t/admin/consumer-credentials.t

@@ -0,0 +1,161 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+use t::APISIX 'no_plan';
+
+repeat_each(1);
+no_long_string();
+no_root_location();
+no_shuffle();
+log_level("info");
+
+run_tests;
+
+__DATA__
+
+=== TEST 1: Verify consumer plugin update takes effect immediately
+--- extra_yaml_config
+nginx_config:
+  worker_processes: 1
+--- config
+    location /t {
+        content_by_lua_block {
+            local t = require("lib.test_admin").test
+            local json = require("toolkit.json")
+            local http = require("resty.http")
+
+            -- 1. Create route with key-auth plugin
+            local code, body = t('/apisix/admin/routes/1',
+                ngx.HTTP_PUT,
+                [[{
+                    "uri": "/anything",
+                    "upstream": {
+                        "type": "roundrobin",
+                        "nodes": {
+                            "httpbin.org:80": 1
+                        }
+                    },
+                    "plugins": {
+                        "key-auth": {
+                            "query": "apikey"
+                        }
+                    }
+                }]]
+            )
+            if code >= 300 then
+                ngx.status = code
+                ngx.say("Route creation failed: " .. body)
+                return
+            end
+
+            -- 2. Create consumer jack
+            code, body = t('/apisix/admin/consumers',
+                ngx.HTTP_PUT,
+                [[{
+                    "username": "jack"
+                }]]
+            )
+            if code >= 300 then
+                ngx.status = code
+                ngx.say("Consumer creation failed: " .. body)
+                return
+            end
+
+            -- 3. Create credentials for jack
+            code, body = t('/apisix/admin/consumers/jack/credentials/auth-one',
+                ngx.HTTP_PUT,
+                [[{
+                    "plugins": {
+                        "key-auth": {
+                            "key": "auth-one"
+                        }
+                    }
+                }]]
+            )
+            if code >= 300 then
+                ngx.status = code
+                ngx.say("Credential creation failed: " .. body)
+                return
+            end
+            ngx.sleep(0.5)  -- wait for etcd to sync
+            -- 4. Verify valid request succeeds
+            local httpc = http.new()
+            local res, err = httpc:request_uri(
+                "http://127.0.0.1:"..ngx.var.server_port.."/anything?apikey=auth-one",
+                { method = "GET" }
+            )
+            if not res then
+                ngx.say("Request failed: ", err)
+                return
+            end
+
+            if res.status ~= 200 then
+                ngx.say("Unexpected status: ", res.status)
+                ngx.say(res.body)
+                return
+            end
+
+            -- 5. Update consumer with fault-injection plugin
+            code, body = t('/apisix/admin/consumers/jack',
+                ngx.HTTP_PUT,
+                [[{
+                    "username": "jack",
+                    "plugins": {
+                        "fault-injection": {
+                            "abort": {
+                                "http_status": 400,
+                                "body": "abort"
+                            }
+                        }
+                    }
+                }]]
+            )
+            if code >= 300 then
+                ngx.status = code
+                ngx.say("Consumer update failed: " .. body)
+                return
+            end
+
+            -- 6. Verify all requests return 400
+            for i = 1, 5 do
+                local res, err = httpc:request_uri(
+                    "http://127.0.0.1:"..ngx.var.server_port.."/anything?apikey=auth-one",
+                    { method = "GET" }
+                )
+                if not res then
+                    ngx.say(i, ": Request failed: ", err)
+                    return
+                end
+
+                if res.status ~= 400 then
+                    ngx.say(i, ": Expected 400 but got ", res.status)
+                    return
+                end
+
+                if res.body ~= "abort" then
+                    ngx.say(i, ": Unexpected response body: ", res.body)
+                    return
+                end
+            end
+
+            ngx.say("All requests aborted as expected")
+        }
+    }
+--- request
+GET /t
+--- response_body
+All requests aborted as expected