Anonymous configuration does not accept consumer username.

[3to1null]

Summary

According to #4972 the anonymous configuration field should accept both a consumer ID and a consumer username, yet it throws a schema error when trying to use a username.

Steps To Reproduce

1. Setup an authentication plugin
2. Do the following curl call:

curl -i -X PATCH \
   --url http://kong:8001/plugins/<auth-plugin-id>\
   --data "config.anonymous=<anonymous-username>"

response body:

{
   "message":"schema violation (config.anonymous: expected a valid UUID)",
   "name":"schema violation",
   "fields":{
      "config":{
         "anonymous":"expected a valid UUID"
      }
   },
   "code":2
}

Additional Details & Logs

• Kong version: 2.0.0
• Using Kong Docker container
• Configuration:

{"plugins":{"enabled_in_cluster":["jsonrpc-request-transformer","jwt","acl","request-termination","jwt-crafter","account-swap","basic-auth"],"available_on_server":{"correlation-id":true,"pre-function":true,"cors":true,"ldap-auth":true,"loggly":true,"hmac-auth":true,"zipkin":true,"request-size-limiting":true,"azure-functions":true,"jwt-crafter":true,"request-transformer":true,"oauth2":true,"response-transformer":true,"ip-restriction":true,"statsd":true,"jwt":true,"proxy-cache":true,"basic-auth":true,"key-auth":true,"jsonrpc-request-transformer":true,"http-log":true,"account-swap":true,"datadog":true,"tcp-log":true,"post-function":true,"prometheus":true,"acl":true,"syslog":true,"file-log":true,"session":true,"udp-log":true,"response-ratelimiting":true,"aws-lambda":true,"bot-detection":true,"rate-limiting":true,"request-termination":true}},"tagline":"Welcome to kong","configuration":{"plugins":["bundled","jsonrpc-request-transformer","jwt-crafter","account-swap"],"admin_listen":["0.0.0.0:8001"],"proxy_access_log":"\/dev\/stdout","prefix":"\/usr\/local\/kong","nginx_conf":"\/usr\/local\/kong\/nginx.conf","cassandra_username":"kong","nginx_events_directives":[{"value":"auto","name":"worker_connections"},{"value":"on","name":"multi_accept"}],"dns_resolver":{},"nginx_upstream_keepalive_requests":"100","nginx_http_upstream_directives":[{"value":"100","name":"keepalive_requests"},{"value":"60s","name":"keepalive_timeout"},{"value":"60","name":"keepalive"}],"nginx_main_daemon":"off","stream_proxy_ssl_enabled":false,"nginx_acc_logs":"\/usr\/local\/kong\/logs\/access.log","pg_semaphore_timeout":60000,"proxy_listen":["0.0.0.0:8000 reuseport backlog=16384","0.0.0.0:8443 http2 ssl reuseport backlog=16384"],"client_ssl_cert_default":"\/usr\/local\/kong\/ssl\/kong-default.crt","go_pluginserver_exe":"\/usr\/local\/bin\/go-pluginserver","dns_no_sync":false,"db_update_propagation":0,"stream_listen":["off"],"nginx_err_logs":"\/usr\/local\/kong\/logs\/error.log","cassandra_port":9042,"headers":["server_tokens","latency_tokens"],"nginx_http_client_max_body_size":"0","status_listen":["off"],"dns_stale_ttl":4,"cluster_control_plane":"127.0.0.1:8005","nginx_http_ssl_prefer_server_ciphers":"off","pg_database":"kong","lua_package_cpath":"","admin_acc_logs":"\/usr\/local\/kong\/logs\/admin_access.log","cassandra_refresh_frequency":60,"nginx_pid":"\/usr\/local\/kong\/pids\/nginx.pid","nginx_main_worker_rlimit_nofile":"auto","admin_access_log":"\/dev\/stdout","proxy_listeners":[{"listener":"0.0.0.0:8000 reuseport backlog=16384","proxy_protocol":false,"reuseport":true,"deferred":false,"ssl":false,"ip":"0.0.0.0","backlog=16384":true,"http2":false,"port":8000,"bind":false},{"listener":"0.0.0.0:8443 ssl http2 reuseport backlog=16384","proxy_protocol":false,"reuseport":true,"deferred":false,"ssl":true,"ip":"0.0.0.0","backlog=16384":true,"http2":true,"port":8443,"bind":false}],"db_cache_warmup_entities":["services","plugins"],"enabled_headers":{"latency_tokens":true,"X-Kong-Response-Latency":true,"Server":true,"X-Kong-Admin-Latency":true,"X-Kong-Upstream-Status":false,"Via":true,"X-Kong-Proxy-Latency":true,"server_tokens":true,"X-Kong-Upstream-Latency":true},"nginx_http_ssl_protocols":"TLSv1.2 TLSv1.3","db_cache_ttl":0,"nginx_events_multi_accept":"on","admin_ssl_cert_default":"\/usr\/local\/kong\/ssl\/admin-kong-default.crt","pg_ssl":false,"status_access_log":"off","cluster_listeners":[{"listener":"0.0.0.0:8005","proxy_protocol":false,"reuseport":false,"backlog=%d+":false,"deferred":false,"ssl":false,"ip":"0.0.0.0","port":8005,"http2":false,"bind":false}],"kong_env":"\/usr\/local\/kong\/.kong_env","cassandra_schema_consensus_timeout":10000,"log_level":"notice","admin_ssl_cert_key_default":"\/usr\/local\/kong\/ssl\/admin-kong-default.key","real_ip_recursive":"off","proxy_error_log":"\/dev\/stderr","ssl_cipher_suite":"intermediate","router_consistency":"strict","pg_port":5432,"cassandra_keyspace":"kong","ssl_cert_default":"\/usr\/local\/kong\/ssl\/kong-default.crt","nginx_http_ssl_session_timeout":"1d","error_default_type":"text\/plain","role":"traditional","admin_ssl_enabled":false,"trusted_ips":{},"loaded_plugins":{"session":true,"pre-function":true,"cors":true,"ldap-auth":true,"loggly":true,"hmac-auth":true,"zipkin":true,"request-size-limiting":true,"azure-functions":true,"jwt-crafter":true,"request-transformer":true,"oauth2":true,"response-transformer":true,"syslog":true,"statsd":true,"jwt":true,"proxy-cache":true,"basic-auth":true,"key-auth":true,"jsonrpc-request-transformer":true,"http-log":true,"account-swap":true,"datadog":true,"tcp-log":true,"post-function":true,"correlation-id":true,"acl":true,"rate-limiting":true,"bot-detection":true,"ip-restriction":true,"udp-log":true,"response-ratelimiting":true,"aws-lambda":true,"file-log":true,"prometheus":true,"request-termination":true},"nginx_supstream_directives":{},"ssl_cert_key":"\/usr\/local\/kong\/ssl\/kong-default.key","pg_user":"kong","pg_password":"******","cassandra_data_centers":["dc1:2","dc2:3"],"nginx_admin_directives":{},"nginx_upstream_keepalive_timeout":"60s","nginx_http_directives":[{"value":"0","name":"client_max_body_size"},{"value":"off","name":"ssl_prefer_server_ciphers"},{"value":"8k","name":"client_body_buffer_size"},{"value":"TLSv1.2 TLSv1.3","name":"ssl_protocols"},{"value":"on","name":"ssl_session_tickets"},{"value":"1d","name":"ssl_session_timeout"},{"value":"prometheus_metrics 5m","name":"lua_shared_dict"}],"pg_host":"db-kong","nginx_kong_stream_conf":"\/usr\/local\/kong\/nginx-kong-stream.conf","ssl_cert_key_default":"\/usr\/local\/kong\/ssl\/kong-default.key","go_plugins_dir":"off","cluster_listen":["0.0.0.0:8005"],"dns_order":["LAST","SRV","A","CNAME"],"dns_error_ttl":1,"nginx_sproxy_directives":{},"nginx_http_upstream_keepalive_timeout":"60s","pg_timeout":5000,"nginx_http_upstream_keepalive_requests":"100","database":"postgres","nginx_upstream_keepalive":"60","nginx_worker_processes":"auto","nginx_http_status_directives":{},"lua_package_path":".\/?.lua;.\/?\/init.lua;","router_update_frequency":1,"upstream_keepalive":60,"pg_max_concurrent_queries":0,"proxy_ssl_enabled":true,"nginx_http_upstream_keepalive":"60","lua_socket_pool_size":30,"db_resurrect_ttl":30,"mem_cache_size":"128m","cassandra_consistency":"ONE","client_max_body_size":"0","admin_error_log":"\/dev\/stderr","pg_ssl_verify":false,"dns_not_found_ttl":30,"nginx_http_ssl_session_tickets":"on","ssl_ciphers":"ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384","client_ssl":false,"cassandra_repl_strategy":"SimpleStrategy","status_error_log":"logs\/status_error.log","ssl_cert_csr_default":"\/usr\/local\/kong\/ssl\/kong-default.csr","nginx_status_directives":{},"nginx_stream_directives":[{"value":"stream_prometheus_metrics 5m","name":"lua_shared_dict"}],"nginx_kong_conf":"\/usr\/local\/kong\/nginx-kong.conf","real_ip_header":"X-Real-IP","dns_hostsfile":"\/etc\/hosts","admin_listeners":[{"listener":"0.0.0.0:8001","proxy_protocol":false,"reuseport":false,"backlog=%d+":false,"deferred":false,"ssl":false,"ip":"0.0.0.0","port":8001,"http2":false,"bind":false}],"nginx_main_worker_processes":"auto","ssl_cert":"\/usr\/local\/kong\/ssl\/kong-default.crt","nginx_proxy_real_ip_recursive":"off","nginx_events_worker_connections":"auto","cassandra_ssl_verify":false,"cassandra_timeout":5000,"cassandra_repl_factor":1,"db_update_frequency":5,"nginx_optimizations":true,"client_ssl_cert_key_default":"\/usr\/local\/kong\/ssl\/kong-default.key","nginx_daemon":"off","anonymous_reports":true,"nginx_main_directives":[{"value":"off","name":"daemon"},{"value":"auto","name":"worker_rlimit_nofile"},{"value":"auto","name":"worker_processes"}],"status_listeners":{},"cassandra_ssl":false,"cassandra_contact_points":["db-kong"],"client_body_buffer_size":"8k","nginx_proxy_real_ip_header":"X-Real-IP","stream_listeners":{},"nginx_http_client_body_buffer_size":"8k","cassandra_lb_policy":"RequestRoundRobin","nginx_upstream_directives":[{"value":"100","name":"keepalive_requests"},{"value":"60s","name":"keepalive_timeout"},{"value":"60","name":"keepalive"}],"nginx_proxy_directives":[{"value":"X-Real-IP","name":"real_ip_header"},{"value":"off","name":"real_ip_recursive"}],"lua_ssl_verify_depth":1},"version":"2.0.0","node_id":"449e05d9-2db4-4f7c-b9ff-30a643e979ec","lua_version":"LuaJIT 2.1.0-beta3","prng_seeds":{"pid: 95":422622718018,"pid: 94":234101252511,"pid: 96":616530252242,"pid: 97":120601629351,"pid: 1":224156182989},"timers":{"pending":7,"running":0},"hostname":"39ec5d65eafc"}

This is the Kong-only version of Kong/deck#69 (comment).

[hbagdi]

I've reproduced this and have a fix. Working through tests and will open up a PR.

[3to1null]

Looking forward to the PR & thank you for the incredibly quick responses!

[teunis90]

@hbagdi should this be fixed in Docker container kong:latest? That image is two days old, like your commit.

For later reference I talk about digest: df5f1753c7b94726eb81979b87fe6eec1ffbfe57691f37d6b05e04e12095865f

[hbagdi]

should this be fixed in Docker container kong:latest?

No. That image is not updated with any commits in this repo.

[teunis90]

I don't understand, Do you mean branch?

That is the Kong container and this is the Kong repository. What else should be in there?

[hbagdi]

The kong Docker repository only contains tagged images of Kong versions that are released for public use.
Please wait until the above PR is merged in and for Kong 2.0.2.
Thank you for your continued patience.

[teunis90]

I see, no problem, thanks for all your effort and speedy replies!

[Ehekatl]

@hbagdi can we get this fix back port to 1.4/1.5?
would be good to use validation controller with stable branch
and 1.5 is broken, previous consumerRef no longer work after migrate from 1.4

it always require UUID

[hbagdi]

Please upgrade to Kong 2.0. It doesn't contain many breaking changes. If you are using Kong Ingress Controller, then you won't see any breaking changes at all for most deployments.

[ivanRylach]

@hbagdi thank you for addressing this issue! We are using Kong v1.5.1. with Ingress Controller v0.7.x and we see the same issue, but we can not upgrade to 2.x yet. Is it possible to back port this fix to 1.5.x?