feat: support secret fetching in authz-keycloak

[Revolyssup]

Description

Currently $secret uri cannot be used in authz-keycloak plugin. This PR adds support for it.

Checklist

• I have explained the need for this PR and the problem it solves
• I have explained the changes or the new features added to this PR
• I have added tests corresponding to this change
• I have updated the documentation to reflect this change
• I have verified that this change is backward compatible (If not, please discuss on the APISIX mailing list first)

[monkeyDluffy6017]

Please make the ci pass

[Revolyssup]

Please make the ci pass

done

[shreemaan-abhishek]

I'm not sure but importing just fetch_secrets() (instead of the whole module) might be more efficient. cc: @monkeyDluffy6017

[monkeyDluffy6017]

@Revolyssup please check this

[Revolyssup]

done

[Sn0rt]

pls add user document for guide

[Revolyssup]

pls add user document for guide

Updated the auth-keycloak plugin doc

[shreemaan-abhishek]

The links are wrong. And please add an example as well.

[Revolyssup]

I fixed the doc link. Though the lint points to the secret page which has the example in detail. So I think it will be redundant to add it again here.

[shreemaan-abhishek]

Does this PR introduce support to use env vars for accessing secrets? If yes, please add tests as well.

Regarding the docs, it would be nice to have an example like this:

(existing example that uses hard-coded value for secrets)

You can also set secrets using the secret resource to avoid having sensitive information in plain text <-- add this line

(add a basic configuration here)

See (add link to secrets.md documentation) for more information.

[Revolyssup]

@shreemaan-abhishek Though secret is the APISIX abstraction. Behind it can be vault or env variable or anything. So I thought just testing with any one of them should work. Okay I will add tests for env variable as well.

[Revolyssup]

okay i will modify the test case

[Sn0rt]

Please take a look at this case, I think it might be better understood if you can directly check the value after reslove.

apisix/t/plugin/authz-keycloak3.t

Line 168 in 1434335

ngx.say(res.value.plugins["authz-keycloak"].client_secret)

[Sn0rt]

why need this ?

[Revolyssup]

the test case whose configuration I picked also had this so I copy pasted. Should I remove it?

[Revolyssup]

Please take a look at this case, I think it might be better understood if you can directly check the value after reslove.

apisix/t/plugin/authz-keycloak3.t

Line 168 in 1434335

ngx.say(res.value.plugins["authz-keycloak"].client_secret)

@Sn0rt This variable extracts the exact string which is not a resolved secret. So the value of this will be $secret://...something. Here accessing this field doesn't give the resolved secret. So I am reverting back to previous test.

[Revolyssup]

Closing this PR. Recreating this with clean commits.