fix: plugin behaviour while using metdata

Signed-off-by: Rushikesh Tote <rushi.tote@gmail.com>

.github/workflows/chaos.yml

@@ -29,7 +29,6 @@ jobs:
           bash ./t/chaos/utils/setup_chaos_utils.sh start_minikube
           wget https://raw.githubusercontent.com/apache/apisix-docker/master/alpine-local/Dockerfile
           mkdir logs
-          sudo apt install -y libpcre3 libpcre3-dev
           docker build -t apache/apisix:alpine-local --build-arg APISIX_PATH=. -f Dockerfile .
           minikube cache add apache/apisix:alpine-local -v 7 --alsologtostderr
 

apisix/plugins/authz-casbin.lua

@@ -68,48 +68,58 @@ function _M.check_schema(conf, schema_type)
     return false, err
 end
 
+local casbin_enforcer
 
-local function new_enforcer(conf, modifiedIndex)
+local function new_enforcer_if_need(conf)
     local model_path = conf.model_path
     local policy_path = conf.policy_path
 
-    local e
-
     if model_path and policy_path then
-        e = casbin:new(model_path, policy_path)
-        conf.type = "file"
+        if not conf.casbin_enforcer then
+            conf.casbin_enforcer = casbin:new(model_path, policy_path)
+        end
+        return true
     end
 
     local metadata = plugin.plugin_metadata(plugin_name)
-    if metadata and metadata.value.model and metadata.value.policy and not e then
+    if not (metadata and metadata.value.model and metadata.value.policy) then
+        return nil, "not enough configuration to create enforcer"
+    end
+
+    local modifiedIndex = metadata.modifiedIndex
+    if not casbin_enforcer or casbin_enforcer.modifiedIndex ~= modifiedIndex then
         local model = metadata.value.model
         local policy = metadata.value.policy
-        e = casbin:newEnforcerFromText(model, policy)
-        conf.type = "metadata"
-        conf.modifiedIndex = modifiedIndex
+        casbin_enforcer = casbin:newEnforcerFromText(model, policy)
+        casbin_enforcer.modifiedIndex = modifiedIndex
     end
-
-    conf.casbin_enforcer = e
+    return true
 end
 
 
 function _M.rewrite(conf, ctx)
     -- creates an enforcer when request sent for the first time
-    local metadata = plugin.plugin_metadata(plugin_name)
-    if (not conf.casbin_enforcer) or
-    (conf.type == "metadata" and conf.modifiedIndex ~= metadata.modifiedIndex) then
-        new_enforcer(conf, metadata.modifiedIndex)
+    local ok, err = new_enforcer_if_need(conf)
+    if not ok then
+        return 503, {message = err}
     end
 
     local path = ctx.var.uri
     local method = ctx.var.method
     local username = get_headers()[conf.username]
     if not username then username = "anonymous" end
 
-    if not conf.casbin_enforcer:enforce(username, path, method) then
-        return 403, {message = "Access Denied"}
+    if conf.casbin_enforcer then
+        if not conf.casbin_enforcer:enforce(username, path, method) then
+            return 403, {message = "Access Denied"}
+        end
+    else
+        if not casbin_enforcer:enforce(username, path, method) then
+            return 403, {message = "Access Denied"}
+        end
     end
 end
 
 
+
 return _M

rockspec/apisix-master-0.rockspec

@@ -66,7 +66,7 @@ dependencies = {
     "luasec = 0.9-1",
     "lua-resty-consul = 0.3-2",
     "penlight = 1.9.2-1",
-    "ext-plugin-proto = 0.1.1",
+    "ext-plugin-proto = 0.2.1",
     "casbin = 1.26.0",
 }