During flexible configuration setup, the backend's extra_config is not loaded.

[yrimjang]

hello. I am setting up a flexible configuration for krakend.
It works fine in most cases, but there are some parts that don't work.

krakend.json

`{
   "version": {{ .service.version }},
   "port": {{ .service.port }},
   "output_encoding": {{ marshal .service.output_encoding }},
   "name": {{ marshal .service.name }},
   "disable_tls_verify": {{ .service.disable_tls_verify }},
   "extra_config":{{ marshal .service.extra_config }},
   "endpoints": [
	   {{ range $idb, $endpoint := .endpoint.private_jwt_ecomon }}
            {{if $idb}} }, {{end}}
            {
            "endpoint": "{{ $endpoint.endpoint }}",
	    "method": "{{ $endpoint.method }}",
            "backend": [
                {
                    "url_pattern": "{{ $endpoint.backend }}",
                    "method": "{{ $endpoint.method }}",
		    "host": "{{  $endpoint.host }}",
                    "extra_config": {
			{{ include "krakend_jose_validator.tmpl" }}
                    },
                    "is_collection": {{ $endpoint.is_collection }}
                }
            ]
           {{ end }}
         },
	 {{ range $idc, $endpoint := .endpoint.jwt_request }}
            {{if $idc}} }, {{end}}
            {
            "endpoint": "{{ $endpoint.endpoint }}",
	    "method": "{{ $endpoint.method }}",
            "backend": [
                {
                    "url_pattern": "{{ $endpoint.backend }}",
                    "method": "{{ $endpoint.method }}",
		    "host": "{{  $endpoint.host }}"
                }
            ]
           {{ end }}
         }
        ]
}
`

partials/krakend_jose_validator.tmpl

`"github.com/devopsfaith/krakend-jose/validator": {
              "alg": "RS256",
              "jwk-url": "***",
              "issuer": "***",
              "roles_key": "***",
              "roles":["***"],
              "is_collection": true,
              "disable_jwk_security": true
              }`

In the private_jwt_ecomon configuration in krakend.json, the extra_config internal file in the backend is not applied.
I also checked with krakend check, but there were no syntax errors.

FC_ENABLE=1 \
FC_SETTINGS="./settings" \
FC_PARTIALS="./partials" \
FC_OUT="/tmp/test.json" \
krakend check -d -c krakend.json

Endpoint: /v1/monitoring/metrics, Method: GET, CacheTTL: 0s, Concurrent: 1, QueryString: []
	Extra (0):
	Backends (1):
		URL: /monitoring/metrics, Method: GET
			Timeout: 2s, Target: , Mapping: map[], BL: [], WL: [], Group: 
			Hosts: [https://192.168.31.10:31443]
			Extra (1):
			  github.com/devopsfaith/krakend-jose/validator: map[alg:RS256 disable_jwk_security:true is_collection:true issuer:*** jwk-url:*** roles:[***] roles_key:***]

I would appreciate it if you could check it out and help me.

[kpacha]

can you share the final config?

the flexibleconfig module should be dumping it at FC_OUT

[yrimjang]

{
  "version": 2,
  "port": 9000,
  "output_encoding": "json",
  "name": "ecobox-api",
  "extra_config":{"github_com/devopsfaith/krakend-cors":{"allow_credentials":true,"allow_headers":["Origin","Authorization","Content-Length","Content-Type","Accept","X-Auth-Token"],"allow_methods":["GET","HEAD","POST","PUT","DELETE","CONNECT","OPTIONS","TRACE","PATCH"],"allow_origins":["http*"],"expose_headers":["Content-Type","Content-Length"],"max_age":"12h"},"github_com/devopsfaith/krakend-gologging":{"format":"default","level":"DEBUG","prefix":"[KRAKEND]","stdout":true,"syslog":false}},
  "endpoints": [
            
            
            {
            "endpoint": "v1/public/monitoring/metrics",
	    "method": "GET",
            "backend": [
                {
                    "url_pattern": "/monitoring/metrics",
		    "method": "GET",
		    "host": "***",
                    "extra_config": {
                    },
		    "is_collection": false
                }
            ]
	   
             }, 
            {
            "endpoint": "/v1/monitoring/noti/grafana/alert",
	    "method": "POST",
            "backend": [
                {
                    "url_pattern": "monitoring/noti/grafana/alert",
		    "method": "POST",
		    "host": "***",
                    "extra_config": {
                    },
		    "is_collection": true
                }
            ]
	   
         },
	   
            
            {
            "endpoint": "v1/monitoring/metrics",
	    "method": "GET",
            "backend": [
                {
                    "url_pattern": "monitoring/metrics",
                    "method": "GET",
		    "host": "***",
                    "extra_config": {
			"github.com/devopsfaith/krakend-jose/validator": {
	"alg": "RS256",
	"jwk-url": "***",
	"issuer": "***",
	"roles_key": "***",
	"roles":["***"],
	"is_collection": true,
	"disable_jwk_security": true
}


                    },
                    "is_collection": false
                }
            ]
           
         },
	 
            
            {
            "endpoint": "v1/token",
	    "method": "POST",
            "backend": [
                {
                    "url_pattern": "/auth/realms/ecobox/protocol/openid-connect/token",
                    "method": "POST",
		    "host": "***"
                }
            ]
           
         }
        ]
}

The contents of the file created by FC_OUT. Could it be that it is not aligned and not recognized?

[alombarte]

Hello @yrimjang , you have placed the krakend-jose/validator component at the backend level, when it should be in the endpoint level. KrakenD ignores any unknown configuration, this is why is not working for you.

Move the extra_config one level up and you will be good to go.
https://www.krakend.io/docs/authorization/jwt-validation/

[github-actions]

This issue was marked as resolved a long time ago and now has been automatically locked as there has not been any recent activity after it. You can still open a new issue and reference this link.