This is an automated email from the ASF dual-hosted git repository.
spacewander pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git
The following commit(s) were added to refs/heads/master by this push:
new 2a44ba61b change: move admin conf under deployment (#7823)
2a44ba61b is described below
commit 2a44ba61b25224f585dc67caed7131d248cf9792
Author: 罗泽轩 <[email protected]>
AuthorDate: Tue Sep 13 16:51:25 2022 +0800
change: move admin conf under deployment (#7823)
---
apisix/admin/init.lua | 6 +--
apisix/admin/v3_adapter.lua | 2 +-
apisix/cli/ops.lua | 53 ++++++++++++---------
apisix/cli/schema.lua | 64 ++++++++++++++++---------
apisix/init.lua | 2 +-
benchmark/run.sh | 5 --
conf/config-default.yaml | 66 +++++++++++++-------------
conf/config.yaml | 14 ++++--
docs/en/latest/FAQ.md | 16 ++++---
docs/en/latest/admin-api.md | 2 +-
docs/en/latest/certificate.md | 33 ++++++-------
docs/en/latest/deployment-modes.md | 5 +-
docs/en/latest/installation-guide.md | 13 ++---
docs/en/latest/plugin-develop.md | 6 ---
docs/zh/latest/FAQ.md | 30 ++++++------
docs/zh/latest/admin-api.md | 2 +-
docs/zh/latest/certificate.md | 33 ++++++-------
docs/zh/latest/installation-guide.md | 13 ++---
docs/zh/latest/plugins/aws-lambda.md | 2 -
docs/zh/latest/plugins/azure-functions.md | 2 -
t/APISIX.pm | 14 +++++-
t/admin/api.t | 47 ++++++++++++++++--
t/admin/filter.t | 9 +++-
t/admin/plugins-reload.t | 38 +++++++++++----
t/admin/plugins.t | 5 +-
t/admin/response_body_format.t | 9 +++-
t/admin/ssl2.t | 2 -
t/admin/stream-routes-disable.t | 1 -
t/admin/token.t | 7 +++
t/cli/test_access_log.sh | 15 +++---
t/cli/test_admin.sh | 66 ++++++++++++++------------
t/cli/test_admin_mtls.sh | 18 +++----
t/cli/test_main.sh | 15 +++---
t/cli/test_makefile.sh | 8 ++--
t/cli/test_snippet.sh | 2 -
t/cli/test_upstream_mtls.sh | 8 ----
t/cli/test_validate_config.sh | 6 ++-
t/control/schema.t | 5 +-
t/core/config-default.t | 16 ++++---
t/core/config_etcd.t | 5 +-
t/core/utils.t | 2 -
t/deployment/conf_server.t | 22 +++++----
t/deployment/conf_server2.t | 6 +--
t/deployment/mtls.t | 6 +--
t/discovery/nacos2.t | 1 -
t/node/route-status.t | 1 -
t/node/upstream-mtls.t | 1 -
t/plugin/dubbo-proxy/route.t | 3 --
t/plugin/error-log-logger-clickhouse.t | 44 ++++-------------
t/plugin/error-log-logger-skywalking.t | 49 +++++--------------
t/plugin/error-log-logger.t | 79 ++++---------------------------
t/plugin/log-rotate.t | 8 +---
t/plugin/log-rotate2.t | 9 +---
t/plugin/log-rotate3.t | 9 ++--
t/router/radixtree-host-uri-priority.t | 1 -
t/router/radixtree-host-uri.t | 1 -
t/router/radixtree-host-uri2.t | 1 -
t/router/radixtree-host-uri3.t | 1 -
t/router/radixtree-uri-keep-end-slash.t | 1 -
t/router/radixtree-uri-sanity.t | 1 -
t/router/radixtree-uri-with-parameter.t | 1 -
61 files changed, 448 insertions(+), 464 deletions(-)
diff --git a/apisix/admin/init.lua b/apisix/admin/init.lua
index 7aaf8f99f..bdf19da38 100644
--- a/apisix/admin/init.lua
+++ b/apisix/admin/init.lua
@@ -63,8 +63,8 @@ local router
local function check_token(ctx)
local local_conf = core.config.local_conf()
- if not local_conf or not local_conf.apisix
- or not local_conf.apisix.admin_key then
+ local admin_key = core.table.try_read_attr(local_conf, "deployment",
"admin", "admin_key")
+ if not admin_key then
return true
end
@@ -75,7 +75,7 @@ local function check_token(ctx)
end
local admin
- for i, row in ipairs(local_conf.apisix.admin_key) do
+ for i, row in ipairs(admin_key) do
if req_token == row.key then
admin = row
break
diff --git a/apisix/admin/v3_adapter.lua b/apisix/admin/v3_adapter.lua
index 2bb03cbeb..154efe463 100644
--- a/apisix/admin/v3_adapter.lua
+++ b/apisix/admin/v3_adapter.lua
@@ -48,7 +48,7 @@ local function enable_v3()
return false
end
- local api_ver = try_read_attr(local_conf, "apisix", "admin_api_version")
+ local api_ver = try_read_attr(local_conf, "deployment", "admin",
"admin_api_version")
if api_ver ~= "v3" then
admin_api_version = "default"
return false
diff --git a/apisix/cli/ops.lua b/apisix/cli/ops.lua
index 320efb15f..a362d111c 100644
--- a/apisix/cli/ops.lua
+++ b/apisix/cli/ops.lua
@@ -183,8 +183,10 @@ local function init(env)
-- check the Admin API token
local checked_admin_key = false
- if yaml_conf.apisix.enable_admin and yaml_conf.apisix.allow_admin then
- for _, allow_ip in ipairs(yaml_conf.apisix.allow_admin) do
+ local allow_admin = yaml_conf.deployment.admin and
+ yaml_conf.deployment.admin.allow_admin
+ if yaml_conf.apisix.enable_admin and allow_admin then
+ for _, allow_ip in ipairs(allow_admin) do
if allow_ip == "127.0.0.0/24" then
checked_admin_key = true
end
@@ -198,13 +200,17 @@ local function init(env)
Please modify "admin_key" in conf/config.yaml .
]]
- if type(yaml_conf.apisix.admin_key) ~= "table" or
- #yaml_conf.apisix.admin_key == 0
+ local admin_key = yaml_conf.deployment.admin
+ if admin_key then
+ admin_key = admin_key.admin_key
+ end
+
+ if type(admin_key) ~= "table" or #admin_key == 0
then
util.die(help:format("ERROR: missing valid Admin API token."))
end
- for _, admin in ipairs(yaml_conf.apisix.admin_key) do
+ for _, admin in ipairs(admin_key) do
if type(admin.key) == "table" then
admin.key = ""
else
@@ -224,6 +230,19 @@ Please modify "admin_key" in conf/config.yaml .
end
end
+ if yaml_conf.deployment.admin then
+ local admin_api_mtls = yaml_conf.deployment.admin.admin_api_mtls
+ local https_admin = yaml_conf.deployment.admin.https_admin
+ if https_admin and not (admin_api_mtls and
+ admin_api_mtls.admin_ssl_cert and
+ admin_api_mtls.admin_ssl_cert ~= "" and
+ admin_api_mtls.admin_ssl_cert_key and
+ admin_api_mtls.admin_ssl_cert_key ~= "")
+ then
+ util.die("missing ssl cert for https admin")
+ end
+ end
+
if yaml_conf.apisix.enable_admin and
yaml_conf.apisix.config_center == "yaml"
then
@@ -315,8 +334,8 @@ Please modify "admin_key" in conf/config.yaml .
-- listen in admin use a separate port, support specific IP, compatible
with the original style
local admin_server_addr
if yaml_conf.apisix.enable_admin then
- local ip = yaml_conf.apisix.admin_listen.ip
- local port = yaml_conf.apisix.admin_listen.port
+ local ip = yaml_conf.deployment.admin.admin_listen.ip
+ local port = yaml_conf.deployment.admin.admin_listen.port
admin_server_addr = validate_and_get_listen_addr("admin port",
"0.0.0.0", ip,
9180, port)
end
@@ -464,17 +483,6 @@ Please modify "admin_key" in conf/config.yaml .
yaml_conf.apisix.ssl.ssl_trusted_certificate = cert_path
end
- local admin_api_mtls = yaml_conf.apisix.admin_api_mtls
- if yaml_conf.apisix.https_admin and
- not (admin_api_mtls and
- admin_api_mtls.admin_ssl_cert and
- admin_api_mtls.admin_ssl_cert ~= "" and
- admin_api_mtls.admin_ssl_cert_key and
- admin_api_mtls.admin_ssl_cert_key ~= "")
- then
- util.die("missing ssl cert for https admin")
- end
-
-- enable ssl with place holder crt&key
yaml_conf.apisix.ssl.ssl_cert = "cert/ssl_PLACE_HOLDER.crt"
yaml_conf.apisix.ssl.ssl_cert_key = "cert/ssl_PLACE_HOLDER.key"
@@ -570,6 +578,11 @@ Please modify "admin_key" in conf/config.yaml .
for k,v in pairs(yaml_conf.nginx_config) do
sys_conf[k] = v
end
+ if yaml_conf.deployment.admin then
+ for k,v in pairs(yaml_conf.deployment.admin) do
+ sys_conf[k] = v
+ end
+ end
sys_conf["wasm"] = yaml_conf.wasm
@@ -588,10 +601,6 @@ Please modify "admin_key" in conf/config.yaml .
sys_conf["worker_processes"] = "auto"
end
- if sys_conf.allow_admin and #sys_conf.allow_admin == 0 then
- sys_conf.allow_admin = nil
- end
-
local dns_resolver = sys_conf["dns_resolver"]
if not dns_resolver or #dns_resolver == 0 then
local dns_addrs, err = local_dns_resolver("/etc/resolv.conf")
diff --git a/apisix/cli/schema.lua b/apisix/cli/schema.lua
index dbf83ef78..1a501ca32 100644
--- a/apisix/cli/schema.lua
+++ b/apisix/cli/schema.lua
@@ -65,6 +65,7 @@ local etcd_schema = {
},
required = {"prefix", "host"}
}
+
local config_schema = {
type = "object",
properties = {
@@ -133,19 +134,6 @@ local config_schema = {
}
}
},
- https_admin = {
- type = "boolean",
- },
- admin_listen = {
- properties = {
- listen = { type = "string" },
- port = { type = "integer" },
- },
- default = {
- listen = "0.0.0.0",
- port = 9180,
- }
- },
stream_proxy = {
type = "object",
properties = {
@@ -292,17 +280,51 @@ local config_schema = {
type = "object",
properties = {
role = {
- enum = {"traditional", "control_plane", "data_plane",
"standalone"}
+ enum = {"traditional", "control_plane", "data_plane",
"standalone"},
+ default = "traditional"
+ }
+ },
+ },
+ },
+ required = {"apisix", "deployment"},
+}
+
+local admin_schema = {
+ type = "object",
+ properties = {
+ admin_key = {
+ type = "array",
+ properties = {
+ items = {
+ properties = {
+ name = {type = "string"},
+ key = {type = "string"},
+ role = {type = "string"},
+ }
}
+ }
+ },
+ admin_listen = {
+ properties = {
+ listen = { type = "string" },
+ port = { type = "integer" },
},
- required = {"role"},
+ default = {
+ listen = "0.0.0.0",
+ port = 9180,
+ }
+ },
+ https_admin = {
+ type = "boolean",
},
}
}
+
local deployment_schema = {
traditional = {
properties = {
etcd = etcd_schema,
+ admin = admin_schema,
role_traditional = {
properties = {
config_provider = {
@@ -402,13 +424,11 @@ function _M.validate(yaml_conf)
end
end
- if yaml_conf.deployment then
- local role = yaml_conf.deployment.role
- local validator =
jsonschema.generate_validator(deployment_schema[role])
- local ok, err = validator(yaml_conf.deployment)
- if not ok then
- return false, "invalid deployment " .. role .. " configuration: "
.. err
- end
+ local role = yaml_conf.deployment.role
+ local validator = jsonschema.generate_validator(deployment_schema[role])
+ local ok, err = validator(yaml_conf.deployment)
+ if not ok then
+ return false, "invalid deployment " .. role .. " configuration: " ..
err
end
return true
diff --git a/apisix/init.lua b/apisix/init.lua
index 80621432c..7f29fbc6b 100644
--- a/apisix/init.lua
+++ b/apisix/init.lua
@@ -762,7 +762,7 @@ end
local function cors_admin()
local_conf = core.config.local_conf()
- if local_conf.apisix and not local_conf.apisix.enable_admin_cors then
+ if not core.table.try_read_attr(local_conf, "deployment", "admin",
"enable_admin_cors") then
return
end
diff --git a/benchmark/run.sh b/benchmark/run.sh
index 570d8e8fb..f119afb84 100755
--- a/benchmark/run.sh
+++ b/benchmark/run.sh
@@ -68,11 +68,6 @@ else
fi
echo "
-apisix:
- admin_key:
- - name: admin
- key: edd1c9f034335f136f87ad84b625c8f1
- role: admin
nginx_config:
worker_processes: ${worker_cnt}
" > conf/config.yaml
diff --git a/conf/config-default.yaml b/conf/config-default.yaml
index 96a0e692b..287613a57 100755
--- a/conf/config-default.yaml
+++ b/conf/config-default.yaml
@@ -29,7 +29,6 @@ apisix:
# port: 9082
# enable_http2: true
enable_admin: true
- enable_admin_cors: true # Admin API support CORS response headers.
enable_dev_mode: false # Sets nginx worker_processes to 1 if set
to true
enable_reuseport: true # Enable nginx SO_REUSEPORT switch if set
to true.
show_upstream_status_in_response_header: false # when true all upstream
status write to `X-APISIX-Upstream-Status` otherwise only 5xx code
@@ -71,37 +70,6 @@ apisix:
- name: memory_cache
memory_size: 50m
- allow_admin: #
http://nginx.org/en/docs/http/ngx_http_access_module.html#allow
- - 127.0.0.0/24 # If we don't set any IP list, then any IP
access is allowed by default.
- #- "::/64"
- admin_listen: # use a separate port
- ip: 0.0.0.0 # Specific IP, if not set, the default value
is `0.0.0.0`.
- port: 9180 # Specific port, which must be different from
node_listen's port.
-
- #https_admin: true # enable HTTPS when use a separate port for
Admin API.
- # Admin API will use conf/apisix_admin_api.crt
and conf/apisix_admin_api.key as certificate.
- admin_api_mtls: # Depends on `admin_listen` and `https_admin`.
- admin_ssl_cert: "" # Path of your self-signed server side cert.
- admin_ssl_cert_key: "" # Path of your self-signed server side key.
- admin_ssl_ca_cert: "" # Path of your self-signed ca cert.The CA is
used to sign all admin api callers' certificates.
-
- admin_api_version: v3 # The version of admin api, latest version is
v3.
-
- # Default token when use API to call for Admin API.
- # *NOTE*: Highly recommended to modify this value to protect APISIX's Admin
API.
- # Disabling this configuration item means that the Admin API does not
- # require any authentication.
- admin_key:
- -
- name: admin
- key: edd1c9f034335f136f87ad84b625c8f1
- role: admin # admin: manage all configuration data
- # viewer: only can view configuration data
- -
- name: viewer
- key: 4054f7cf07e344346cd3f287985e76a2
- role: viewer
-
delete_uri_tail_slash: false # delete the '/' at the end of the URI
# The URI normalization in servlet is a little different from the RFC's.
# See
https://github.com/jakartaee/servlet/blob/master/spec/src/main/asciidoc/servlet-spec-body.adoc#352-uri-path-canonicalization,
@@ -543,6 +511,40 @@ deployment:
role: traditional
role_traditional:
config_provider: etcd
+ admin:
+ # Default token when use API to call for Admin API.
+ # *NOTE*: Highly recommended to modify this value to protect APISIX's
Admin API.
+ # Disabling this configuration item means that the Admin API does not
+ # require any authentication.
+ admin_key:
+ -
+ name: admin
+ key: edd1c9f034335f136f87ad84b625c8f1
+ role: admin # admin: manage all configuration data
+ # viewer: only can view configuration data
+ -
+ name: viewer
+ key: 4054f7cf07e344346cd3f287985e76a2
+ role: viewer
+
+ enable_admin_cors: true # Admin API support CORS response headers.
+ allow_admin: #
http://nginx.org/en/docs/http/ngx_http_access_module.html#allow
+ - 127.0.0.0/24 # If we don't set any IP list, then any IP
access is allowed by default.
+ #- "::/64"
+ admin_listen: # use a separate port
+ ip: 0.0.0.0 # Specific IP, if not set, the default value
is `0.0.0.0`.
+ port: 9180 # Specific port, which must be different
from node_listen's port.
+
+ #https_admin: true # enable HTTPS when use a separate port for
Admin API.
+ # Admin API will use
conf/apisix_admin_api.crt and conf/apisix_admin_api.key as certificate.
+
+ admin_api_mtls: # Depends on `admin_listen` and
`https_admin`.
+ admin_ssl_cert: "" # Path of your self-signed server side cert.
+ admin_ssl_cert_key: "" # Path of your self-signed server side key.
+ admin_ssl_ca_cert: "" # Path of your self-signed ca cert.The CA is
used to sign all admin api callers' certificates.
+
+ admin_api_version: v3 # The version of admin api, latest version
is v3.
+
etcd:
host: # it's possible to define multiple etcd
hosts addresses of the same etcd cluster.
- "http://127.0.0.1:2379"; # multiple etcd address, if your etcd
cluster enables TLS, please use https scheme,
diff --git a/conf/config.yaml b/conf/config.yaml
index 6a5f56205..a77ce21e6 100644
--- a/conf/config.yaml
+++ b/conf/config.yaml
@@ -52,8 +52,12 @@
#
# This will find environment variable `ETCD_HOST` first, and if it's not exist
it will use `localhost` as default value.
#
-apisix:
- admin_key:
- - name: admin
- key: edd1c9f034335f136f87ad84b625c8f1 # using fixed API token has
security risk, please update it when you deploy to production environment
- role: admin
+deployment:
+ role: traditional
+ role_traditional:
+ config_provider: etcd
+ admin:
+ admin_key:
+ - name: admin
+ key: edd1c9f034335f136f87ad84b625c8f1 # using fixed API token has
security risk, please update it when you deploy to production environment
+ role: admin
diff --git a/docs/en/latest/FAQ.md b/docs/en/latest/FAQ.md
index 169a03ffe..8515c564e 100644
--- a/docs/en/latest/FAQ.md
+++ b/docs/en/latest/FAQ.md
@@ -365,10 +365,11 @@ You can follow the steps below to configure this:
1. Configure different ports for Apache APISIX proxy and Admin API. Or,
disable the Admin API.
```yaml
-apisix:
- admin_listen: # use a separate port
- ip: 127.0.0.1
- port: 9180
+deployment:
+ admin:
+ admin_listen: # use a separate port
+ ip: 127.0.0.1
+ port: 9180
```
2. Add a proxy Route for the Apache APISIX dashboard:
@@ -501,9 +502,10 @@ By default, Apache APISIX only allows IPs in the range
`127.0.0.0/24` to access
To allow IPs in all ranges, you can update your configuration file as show
below and restart or reload Apache APISIX.
```yaml
-apisix:
- allow_admin:
- - 0.0.0.0/0
+deployment:
+ admin:
+ allow_admin:
+ - 0.0.0.0/0
```
**Note**: This should only be used in non-production environments to allow all
clients to access Apache APISIX and is not safe for production environments.
Always authorize specific IP addresses or address ranges for production
environments.
diff --git a/docs/en/latest/admin-api.md b/docs/en/latest/admin-api.md
index 87191479d..ada9b9f4a 100644
--- a/docs/en/latest/admin-api.md
+++ b/docs/en/latest/admin-api.md
@@ -25,7 +25,7 @@ The Admin API lets users control their deployed Apache APISIX
instance. The [arc
By default, the Admin API listens to port `9180` when APISIX is launched. This
can be changed by modifying your configuration file
([conf/config.yaml](https://github.com/apache/apisix/blob/master/conf/config.yaml)).
-**Note**: Mentions of `X-API-KEY` in this document refers to
`apisix.admin_key.key`—the access token for Admin API—in your configuration
file.
+**Note**: Mentions of `X-API-KEY` in this document refers to
`deployment.admin.admin_key.key`—the access token for Admin API—in your
configuration file.
## V3
diff --git a/docs/en/latest/certificate.md b/docs/en/latest/certificate.md
index 94e74d722..4bcfa5ae2 100644
--- a/docs/en/latest/certificate.md
+++ b/docs/en/latest/certificate.md
@@ -191,8 +191,8 @@ The following table details the configurations involved in
this example and what
| foo_ca.crt | CA cert | Issues the secondary certificate required for
the client to communicate with the APISIX Admin API over mTLS.
|
| foo_client.crt | cert | A certificate issued by `foo_ca.crt` and used
by the client to prove its identity when accessing the APISIX Admin API.
|
| foo_client.key | key | Issued by `foo_ca.crt`, used by the client,
the key file required to access the APISIX Admin API.
|
-| foo_server.crt | cert | Issued by `foo_ca.crt`, used by APISIX,
corresponding to the `apisix.admin_api_mtls.admin_ssl_cert` configuration
entry. |
-| foo_server.key | key | Issued by `foo_ca.crt`, used by APISIX,
corresponding to the `apisix.admin_api_mtls.admin_ssl_cert_key` configuration
entry. |
+| foo_server.crt | cert | Issued by `foo_ca.crt`, used by APISIX,
corresponding to the `admin_api_mtls.admin_ssl_cert` configuration entry.
|
+| foo_server.key | key | Issued by `foo_ca.crt`, used by APISIX,
corresponding to the `admin_api_mtls.admin_ssl_cert_key` configuration entry.
|
| admin.apisix.dev | doname | Common Name used in issuing `foo_server.crt`
certificate, through which the client accesses APISIX Admin API
|
| bar_ca.crt | CA cert | Issues the secondary certificate required for
APISIX to communicate with ETCD over mTLS.
|
| bar_etcd.crt | cert | Issued by `bar_ca.crt` and used by ETCD,
corresponding to the `-cert-file` option in the ETCD startup command.
|
@@ -228,21 +228,22 @@ goreman -f Procfile-single-enable-mtls start >
goreman.log 2>&1 &
3. Update `config.yaml`
```yaml
-apisix:
- admin_key:
- - name: admin
- key: edd1c9f034335f136f87ad84b625c8f1
- role: admin
- admin_listen:
- ip: 127.0.0.1
- port: 9180
- https_admin: true
-
- admin_api_mtls:
- admin_ssl_ca_cert: /path/to/apisix.ca-bundle
- admin_ssl_cert: /path/to/foo_server.crt
- admin_ssl_cert_key: /path/to/foo_server.key
+deployment:
+ admin:
+ admin_key
+ - name: admin
+ key: edd1c9f034335f136f87ad84b625c8f1
+ role: admin
+ admin_listen:
+ ip: 127.0.0.1
+ port: 9180
+ https_admin: true
+ admin_api_mtls:
+ admin_ssl_ca_cert: /path/to/apisix.ca-bundle
+ admin_ssl_cert: /path/to/foo_server.crt
+ admin_ssl_cert_key: /path/to/foo_server.key
+apisix:
ssl:
ssl_trusted_certificate: /path/to/apisix.ca-bundle
diff --git a/docs/en/latest/deployment-modes.md
b/docs/en/latest/deployment-modes.md
index d4180f419..645782dcd 100644
--- a/docs/en/latest/deployment-modes.md
+++ b/docs/en/latest/deployment-modes.md
@@ -49,12 +49,13 @@ An example configuration of the traditional deployment mode
is shown below:
apisix:
node_listen:
- port: 9080
- admin_listen:
- port: 9180
deployment:
role: traditional
role_traditional:
config_provider: etcd
+ admin:
+ admin_listen:
+ port: 9180
etcd:
host:
- http://${IP}:${Port}
diff --git a/docs/en/latest/installation-guide.md
b/docs/en/latest/installation-guide.md
index a383d2505..837a34b7f 100644
--- a/docs/en/latest/installation-guide.md
+++ b/docs/en/latest/installation-guide.md
@@ -272,12 +272,13 @@ It is recommended to modify the Admin API key to ensure
security.
You can update your configuration file as shown below:
```yaml title="conf/config.yaml"
-apisix:
- admin_key
- -
- name: "admin"
- key: newsupersecurekey
- role: admin
+deployment:
+ admin:
+ admin_key
+ -
+ name: "admin"
+ key: newsupersecurekey
+ role: admin
```
Now, to access the Admin API, you can use the new key:
diff --git a/docs/en/latest/plugin-develop.md b/docs/en/latest/plugin-develop.md
index ca1d3a23f..b47d9dfdf 100644
--- a/docs/en/latest/plugin-develop.md
+++ b/docs/en/latest/plugin-develop.md
@@ -144,12 +144,6 @@ Note: the order of the plugins is not related to the order
of execution.
To enable your plugin, copy this plugin list into `conf/config.yaml`, and add
your plugin name. For instance:
```yaml
-apisix:
- admin_key:
- - name: "admin"
- key: edd1c9f034335f136f87ad84b625c8f1 # using fixed API token has
security risk, please update it when you deploy to production environment
- role: admin
-
plugins: # copied from config-default.yaml
...
- your-plugin
diff --git a/docs/zh/latest/FAQ.md b/docs/zh/latest/FAQ.md
index 2722d7dd7..3df0c44f9 100644
--- a/docs/zh/latest/FAQ.md
+++ b/docs/zh/latest/FAQ.md
@@ -368,10 +368,11 @@ make: *** [deps] Error 1
1. 为 Apache APISIX 代理和 Admin API 配置不同的端口,或者禁用 Admin API。
```yaml
-apisix:
- admin_listen: # use a separate port
- ip: 127.0.0.1
- port: 9180
+deployment:
+ admin:
+ admin_listen: # use a separate port
+ ip: 127.0.0.1
+ port: 9180
```
2、添加 APISIX Dashboard 的代理路由:
@@ -457,17 +458,17 @@ curl http://127.0.0.1:9080/ip -i
## Admin API 的 `X-API-KEY` 指的是什么?是否可以修改?
-Admin API 的 `X-API-KEY` 指的是 `./conf/config.yaml` 文件中的
`apisix.admin_key.key`,默认值是 `edd1c9f034335f136f87ad84b625c8f1`。它是 Admin API 的访问
token。
+Admin API 的 `X-API-KEY` 指的是 `./conf/config.yaml` 文件中的
`deployment.admin.admin_key.key`,默认值是 `edd1c9f034335f136f87ad84b625c8f1`。它是
Admin API 的访问 token。
默认情况下,它被设置为 `edd1c9f034335f136f87ad84b625c8f1`,也可以通过修改 `./conf/conf/config`
中的参数来修改,如下示例:
```yaml
-apisix:
- admin_key
- -
- name: "admin"
- key: newkey
- role: admin
+deployment:
+ admin:
+ admin_key
+ - name: "admin"
+ key: newkey
+ role: admin
```
然后访问 Admin API:
@@ -502,9 +503,10 @@ Apache APISIX 默认只允许 `127.0.0.0/24` 的 IP 段范围访问 `Admin API`
如果你想允许所有的 IP 访问,只需在 `./conf/config.yaml` 配置文件中添加如下的配置,然后重启或重新加载 APISIX 就可以让所有
IP 访问 `Admin API`。
```yaml
-apisix:
- allow_admin:
- - 0.0.0.0/0
+deployment:
+ admin:
+ allow_admin:
+ - 0.0.0.0/0
```
**注意**:你可以在非生产环境中使用此方法,以允许所有客户端从任何地方访问 Apache APISIX
实例,但是在生产环境中该设置并不安全。在生产环境中,请仅授权特定的 IP 地址或地址范围访问 Apache APISIX 实例。
diff --git a/docs/zh/latest/admin-api.md b/docs/zh/latest/admin-api.md
index e1454ac7e..a0dbceba2 100644
--- a/docs/zh/latest/admin-api.md
+++ b/docs/zh/latest/admin-api.md
@@ -27,7 +27,7 @@ Admin API 是为 Apache APISIX 服务的一组 API,我们可以将参数传递
启动 Apache APISIX 时,默认情况下 Admin API 将监听 `9180` 端口。您可以通过修改
[conf/config.yaml](https://github.com/apache/apisix/blob/master/conf/config.yaml)
文件来改变默认监听的端口。
-在下面出现的 `X-API-KEY` 指的是 `conf/config.yaml` 文件中的 `apisix.admin_key.key`,它是 Admin
API 的访问 token。
+在下面出现的 `X-API-KEY` 指的是 `conf/config.yaml` 文件中的
`deployment.admin.admin_key.key`,它是 Admin API 的访问 token。
## V3
diff --git a/docs/zh/latest/certificate.md b/docs/zh/latest/certificate.md
index 06f7933c2..310f53890 100644
--- a/docs/zh/latest/certificate.md
+++ b/docs/zh/latest/certificate.md
@@ -188,8 +188,8 @@ APISIX 目前支持在多处设置 CA 证书,比如 [保护 Admin API](./mtls.
| foo_ca.crt | CA 证书 | 签发客户端与 APISIX Admin API 进行 mTLS 通信所需的次级证书。
|
| foo_client.crt | 证书 | 由 `foo_ca.crt` 签发,客户端使用,访问 APISIX Admin API
时证明自身身份的证书。 |
| foo_client.key | 密钥文件 | 由 `foo_ca.crt` 签发,客户端使用,访问 APISIX Admin API
所需的密钥文件。 |
-| foo_server.crt | 证书 | 由 `foo_ca.crt` 签发,APISIX 使用,对应
`apisix.admin_api_mtls.admin_ssl_cert` 配置项。 |
-| foo_server.key | 密钥文件 | 由 `foo_ca.crt` 签发,APISIX 使用,对应
`apisix.admin_api_mtls.admin_ssl_cert_key` 配置项。 |
+| foo_server.crt | 证书 | 由 `foo_ca.crt` 签发,APISIX 使用,对应
`admin_api_mtls.admin_ssl_cert` 配置项。 |
+| foo_server.key | 密钥文件 | 由 `foo_ca.crt` 签发,APISIX 使用,对应
`admin_api_mtls.admin_ssl_cert_key` 配置项。 |
| admin.apisix.dev | 域名 | 签发 `foo_server.crt` 证书时使用的 Common
Name,客户端通过该域名访问 APISIX Admin API |
| bar_ca.crt | CA 证书 | 签发 APISIX 与 ETCD 进行 mTLS 通信所需的次级证书。
|
| bar_etcd.crt | 证书 | 由 `bar_ca.crt` 签发,ETCD 使用,对应 ETCD 启动命令中的
`--cert-file` 选项。 |
@@ -225,21 +225,22 @@ goreman -f Procfile-single-enable-mtls start >
goreman.log 2>&1 &
3. 更新 `config.yaml`
```yaml
-apisix:
- admin_key:
- - name: admin
- key: edd1c9f034335f136f87ad84b625c8f1
- role: admin
- admin_listen:
- ip: 127.0.0.1
- port: 9180
- https_admin: true
-
- admin_api_mtls:
- admin_ssl_ca_cert: /path/to/apisix.ca-bundle
- admin_ssl_cert: /path/to/foo_server.crt
- admin_ssl_cert_key: /path/to/foo_server.key
+deployment:
+ admin:
+ admin_key
+ - name: admin
+ key: edd1c9f034335f136f87ad84b625c8f1
+ role: admin
+ admin_listen:
+ ip: 127.0.0.1
+ port: 9180
+ https_admin: true
+ admin_api_mtls:
+ admin_ssl_ca_cert: /path/to/apisix.ca-bundle
+ admin_ssl_cert: /path/to/foo_server.crt
+ admin_ssl_cert_key: /path/to/foo_server.key
+apisix:
ssl:
ssl_trusted_certificate: /path/to/apisix.ca-bundle
diff --git a/docs/zh/latest/installation-guide.md
b/docs/zh/latest/installation-guide.md
index 5b0ea80e3..2b19d1502 100644
--- a/docs/zh/latest/installation-guide.md
+++ b/docs/zh/latest/installation-guide.md
@@ -261,12 +261,13 @@ APISIX 的默认配置可以在 `./conf/config-default.yaml` 文件中看到,
请参考如下信息更新配置文件:
```yaml title="./conf/config.yaml"
-apisix:
- admin_key
- -
- name: "admin"
- key: newsupersecurekey # 请修改 key 的值
- role: admin
+deployment:
+ admin:
+ admin_key
+ -
+ name: "admin"
+ key: newsupersecurekey # 请修改 key 的值
+ role: admin
```
更新完成后,你可以使用新的 key 访问 Admin API:
diff --git a/docs/zh/latest/plugins/aws-lambda.md
b/docs/zh/latest/plugins/aws-lambda.md
index fb0fdb960..7398016e4 100644
--- a/docs/zh/latest/plugins/aws-lambda.md
+++ b/docs/zh/latest/plugins/aws-lambda.md
@@ -101,8 +101,6 @@ Content-Type: application/json
```yaml
apisix:
- admin_key:
-...
node_listen: # 支持监听多个端口
- 9080
- port: 9081
diff --git a/docs/zh/latest/plugins/azure-functions.md
b/docs/zh/latest/plugins/azure-functions.md
index 4664e09fa..8e1ae90d0 100644
--- a/docs/zh/latest/plugins/azure-functions.md
+++ b/docs/zh/latest/plugins/azure-functions.md
@@ -116,8 +116,6 @@ Hello, APISIX
```yaml
apisix:
- admin_key:
-...
node_listen: # 支持监听多个端口
- 9080
- port: 9081
diff --git a/t/APISIX.pm b/t/APISIX.pm
index 070733c28..0e5d8b5e3 100644
--- a/t/APISIX.pm
+++ b/t/APISIX.pm
@@ -105,7 +105,6 @@ apisix:
stream_proxy:
tcp:
- 9100
- admin_key: null
enable_resolv_search_opt: false
_EOC_
@@ -838,6 +837,19 @@ _EOC_
my $yaml_config = $block->yaml_config // $user_yaml_config;
+ my $default_deployment = <<_EOC_;
+deployment:
+ role: traditional
+ role_traditional:
+ config_provider: etcd
+ admin:
+ admin_key: null
+_EOC_
+
+ if ($yaml_config !~ m/deployment:/) {
+ $yaml_config = $default_deployment . $yaml_config;
+ }
+
if ($block->extra_yaml_config) {
$yaml_config .= $block->extra_yaml_config;
}
diff --git a/t/admin/api.t b/t/admin/api.t
index 71c924915..43e5ac163 100644
--- a/t/admin/api.t
+++ b/t/admin/api.t
@@ -44,6 +44,12 @@ Server: APISIX/(.*)
=== TEST 2: Server header for admin API without token
--- yaml_config
+deployment:
+ admin:
+ admin_key:
+ - key: a
+ name: a
+ role: admin
apisix:
node_listen: 1984
enable_server_tokens: false
@@ -55,6 +61,12 @@ Server: APISIX
=== TEST 3: Version header for admin API (without apikey)
--- yaml_config
+deployment:
+ admin:
+ admin_key:
+ - key: a
+ name: a
+ role: admin
apisix:
admin_api_version: default
--- error_code: 401
@@ -65,8 +77,13 @@ apisix:
=== TEST 4: Version header for admin API (v2)
--- yaml_config
-apisix:
- admin_api_version: v2 # default may change
+deployment:
+ role: traditional
+ role_traditional:
+ config_provider: etcd
+ admin:
+ admin_key: ~
+ admin_api_version: v2
--- more_headers
X-API-KEY: edd1c9f034335f136f87ad84b625c8f1
--- response_headers
@@ -76,9 +93,31 @@ X-API-VERSION: v2
=== TEST 5: Version header for admin API (v3)
--- yaml_config
-apisix:
- admin_api_version: v3
+deployment:
+ role: traditional
+ role_traditional:
+ config_provider: etcd
+ admin:
+ admin_key: ~
+ admin_api_version: v3
--- more_headers
X-API-KEY: edd1c9f034335f136f87ad84b625c8f1
--- response_headers
X-API-VERSION: v3
+
+
+
+=== TEST 6: CORS header for admin API
+--- response_headers
+Access-Control-Allow-Origin: *
+
+
+
+=== TEST 7: CORS header disabled for admin API
+--- yaml_config
+deployment:
+ admin:
+ admin_key: ~
+ enable_admin_cors: false
+--- response_headers
+Access-Control-Allow-Origin:
diff --git a/t/admin/filter.t b/t/admin/filter.t
index 6173a8548..98844b186 100644
--- a/t/admin/filter.t
+++ b/t/admin/filter.t
@@ -25,10 +25,15 @@ add_block_preprocessor(sub {
my ($block) = @_;
my $user_yaml_config = <<_EOC_;
+deployment:
+ role: traditional
+ role_traditional:
+ config_provider: etcd
+ admin:
+ admin_key: ~
+ admin_api_version: v3
apisix:
node_listen: 1984
- admin_key: null
- admin_api_version: v3
_EOC_
$block->set_value("yaml_config", $user_yaml_config);
diff --git a/t/admin/plugins-reload.t b/t/admin/plugins-reload.t
index e4841f1bf..c301acf19 100644
--- a/t/admin/plugins-reload.t
+++ b/t/admin/plugins-reload.t
@@ -95,9 +95,14 @@ location /t {
ngx.sleep(0.5)
local data = [[
+deployment:
+ role: traditional
+ role_traditional:
+ config_provider: etcd
+ admin:
+ admin_key: null
apisix:
node_listen: 1984
- admin_key: null
plugins:
- jwt-auth
stream_plugins:
@@ -133,7 +138,6 @@ filter():
[{"name":"jwt-auth"},{"name":"mqtt-proxy","stream":true}]
--- yaml_config
apisix:
node_listen: 1984
- admin_key: null
plugins:
- example-plugin
plugin_attr:
@@ -145,9 +149,14 @@ location /t {
local core = require "apisix.core"
ngx.sleep(0.1)
local data = [[
+deployment:
+ role: traditional
+ role_traditional:
+ config_provider: etcd
+ admin:
+ admin_key: null
apisix:
node_listen: 1984
- admin_key: null
plugins:
- example-plugin
plugin_attr:
@@ -165,9 +174,14 @@ plugin_attr:
ngx.sleep(0.1)
local data = [[
+deployment:
+ role: traditional
+ role_traditional:
+ config_provider: etcd
+ admin:
+ admin_key: null
apisix:
node_listen: 1984
- admin_key: null
plugins:
- example-plugin
plugin_attr:
@@ -207,7 +221,6 @@ example-plugin get plugin attr val: 1
--- yaml_config
apisix:
node_listen: 1984
- admin_key: null
plugins:
- public-api
- prometheus
@@ -238,9 +251,14 @@ location /t {
ngx.say(code)
local data = [[
+deployment:
+ role: traditional
+ role_traditional:
+ config_provider: etcd
+ admin:
+ admin_key: null
apisix:
node_listen: 1984
- admin_key: null
plugins:
- public-api
- prometheus
@@ -275,7 +293,6 @@ done
--- yaml_config
apisix:
node_listen: 1984
- admin_key: null
plugins:
- skywalking
plugin_attr:
@@ -292,9 +309,14 @@ location /t {
local t = require("lib.test_admin").test
local data = [[
+deployment:
+ role: traditional
+ role_traditional:
+ config_provider: etcd
+ admin:
+ admin_key: null
apisix:
node_listen: 1984
- admin_key: null
plugins:
- prometheus
]]
diff --git a/t/admin/plugins.t b/t/admin/plugins.t
index cfa7173f6..2bd1a4703 100644
--- a/t/admin/plugins.t
+++ b/t/admin/plugins.t
@@ -375,10 +375,7 @@
qr/\{"properties":\{"password":\{"type":"string"\},"username":\{"type":"string"\
=== TEST 12: confirm the scope of plugin
---- yaml_config
-apisix:
- node_listen: 1984
- admin_key: null
+--- extra_yaml_config
plugins:
- batch-requests
- error-log-logger
diff --git a/t/admin/response_body_format.t b/t/admin/response_body_format.t
index ae7431387..86f4e5d80 100644
--- a/t/admin/response_body_format.t
+++ b/t/admin/response_body_format.t
@@ -26,10 +26,15 @@ add_block_preprocessor(sub {
my ($block) = @_;
my $user_yaml_config = <<_EOC_;
+deployment:
+ role: traditional
+ role_traditional:
+ config_provider: etcd
+ admin:
+ admin_key: ~
+ admin_api_version: v3
apisix:
node_listen: 1984
- admin_key: null
- admin_api_version: v3
_EOC_
$block->set_value("yaml_config", $user_yaml_config);
diff --git a/t/admin/ssl2.t b/t/admin/ssl2.t
index c1e1a9e4a..da286db1a 100644
--- a/t/admin/ssl2.t
+++ b/t/admin/ssl2.t
@@ -431,7 +431,6 @@ qr/"snis":\["update1.com","update2.com"\]/
--- yaml_config
apisix:
node_listen: 1984
- admin_key: null
ssl:
key_encrypt_salt: "edd1c9f0985e76a2"
--- config
@@ -469,7 +468,6 @@ false
--- yaml_config
apisix:
node_listen: 1984
- admin_key: null
ssl:
key_encrypt_salt: "edd1c9f0985e76a2"
--- config
diff --git a/t/admin/stream-routes-disable.t b/t/admin/stream-routes-disable.t
index 7752663bf..7d7ffbb09 100644
--- a/t/admin/stream-routes-disable.t
+++ b/t/admin/stream-routes-disable.t
@@ -29,7 +29,6 @@ add_block_preprocessor(sub {
my $user_yaml_config = <<_EOC_;
apisix:
node_listen: 1984
- admin_key: null
_EOC_
$block->set_value("yaml_config", $user_yaml_config);
diff --git a/t/admin/token.t b/t/admin/token.t
index 22308e1c9..43cdf3605 100644
--- a/t/admin/token.t
+++ b/t/admin/token.t
@@ -27,6 +27,13 @@ add_block_preprocessor(sub {
my ($block) = @_;
my $user_yaml_config = <<_EOC_;
+deployment:
+ admin:
+ admin_key:
+ - name: admin
+ role: admin
+ key: edd1c9f034335f136f87ad84b625c8f1
+
apisix:
node_listen: 1984
_EOC_
diff --git a/t/cli/test_access_log.sh b/t/cli/test_access_log.sh
index ad48dcb4c..7c40b35a3 100755
--- a/t/cli/test_access_log.sh
+++ b/t/cli/test_access_log.sh
@@ -187,13 +187,14 @@ echo "don't log uninitialized access log variable when
the HTTP request is malfo
# TLS upstream
echo "
-apisix:
- admin_api_mtls:
- admin_ssl_cert: '../t/certs/apisix_admin_ssl.crt'
- admin_ssl_cert_key: '../t/certs/apisix_admin_ssl.key'
- admin_listen:
- port: 9180
- https_admin: true
+deployment:
+ admin:
+ admin_listen:
+ port: 9180
+ https_admin: true
+ admin_api_mtls:
+ admin_ssl_cert: '../t/certs/apisix_admin_ssl.crt'
+ admin_ssl_cert_key: '../t/certs/apisix_admin_ssl.key'
nginx_config:
http:
access_log_format: '\"\$upstream_scheme://\$upstream_host\"
\$ssl_server_name'
diff --git a/t/cli/test_admin.sh b/t/cli/test_admin.sh
index 960975417..bbca12270 100755
--- a/t/cli/test_admin.sh
+++ b/t/cli/test_admin.sh
@@ -24,13 +24,14 @@
git checkout conf/config.yaml
echo "
-apisix:
- admin_api_mtls:
- admin_ssl_cert: '../t/certs/apisix_admin_ssl.crt'
- admin_ssl_cert_key: '../t/certs/apisix_admin_ssl.key'
- admin_listen:
- port: 9180
- https_admin: true
+deployment:
+ admin:
+ admin_listen:
+ port: 9180
+ https_admin: true
+ admin_api_mtls:
+ admin_ssl_cert: '../t/certs/apisix_admin_ssl.crt'
+ admin_ssl_cert_key: '../t/certs/apisix_admin_ssl.key'
" > conf/config.yaml
make init
@@ -56,9 +57,11 @@ echo "passed: admin https enabled"
echo '
apisix:
enable_admin: true
- admin_listen:
- ip: 127.0.0.2
- port: 9181
+deployment:
+ admin:
+ admin_listen:
+ ip: 127.0.0.2
+ port: 9181
' > conf/config.yaml
make init
@@ -100,9 +103,10 @@ echo "passed: rollback to the default admin config"
# set allow_admin in conf/config.yaml
echo "
-apisix:
- allow_admin:
- - 127.0.0.9
+deployment:
+ admin:
+ allow_admin:
+ - 127.0.0.9
" > conf/config.yaml
make init
@@ -114,8 +118,9 @@ if [ $count -eq 0 ]; then
fi
echo "
-apisix:
- allow_admin: ~
+deployment:
+ admin:
+ allow_admin: ~
" > conf/config.yaml
make init
@@ -133,9 +138,10 @@ echo "passed: empty allow_admin in conf/config.yaml"
git checkout conf/config.yaml
echo '
-apisix:
- allow_admin: ~
- admin_key: ~
+deployment:
+ admin:
+ admin_key: ~
+ allow_admin: ~
' > conf/config.yaml
make init > output.log 2>&1 | true
@@ -151,13 +157,14 @@ echo "pass: missing admin key and show ERROR message"
# admin api, allow any IP but use default key
echo '
-apisix:
- allow_admin: ~
- admin_key:
- -
- name: "admin"
- key: edd1c9f034335f136f87ad84b625c8f1
- role: admin
+deployment:
+ admin:
+ allow_admin: ~
+ admin_key:
+ -
+ name: "admin"
+ key: edd1c9f034335f136f87ad84b625c8f1
+ role: admin
' > conf/config.yaml
make init > output.log 2>&1 | true
@@ -172,9 +179,10 @@ echo "pass: show WARNING message if the user used default
token and allow any IP
# admin_listen set
echo '
-apisix:
- admin_listen:
- port: 9180
+deployment:
+ admin:
+ admin_listen:
+ port: 9180
' > conf/config.yaml
rm logs/error.log
@@ -258,7 +266,7 @@ code=$(curl -v -k -i -m 20 -o /dev/null -s -w %{http_code}
-X PUT http://127.0.0
\"public-api\": {}
}
}")
-if [ ! $code -eq 201 ]; then
+if [ ! $code -lt 300 ]; then
echo "failed: initialize node status public API failed #1"
exit 1
fi
diff --git a/t/cli/test_admin_mtls.sh b/t/cli/test_admin_mtls.sh
index 881530a66..7bbad286e 100755
--- a/t/cli/test_admin_mtls.sh
+++ b/t/cli/test_admin_mtls.sh
@@ -22,15 +22,15 @@
# The 'admin.apisix.dev' is injected by ci/common.sh@set_coredns
echo '
-apisix:
- admin_listen:
- port: 9180
- https_admin: true
-
- admin_api_mtls:
- admin_ssl_cert: "../t/certs/mtls_server.crt"
- admin_ssl_cert_key: "../t/certs/mtls_server.key"
- admin_ssl_ca_cert: "../t/certs/mtls_ca.crt"
+deployment:
+ admin:
+ admin_listen:
+ port: 9180
+ https_admin: true
+ admin_api_mtls:
+ admin_ssl_cert: "../t/certs/mtls_server.crt"
+ admin_ssl_cert_key: "../t/certs/mtls_server.key"
+ admin_ssl_ca_cert: "../t/certs/mtls_ca.crt"
' > conf/config.yaml
diff --git a/t/cli/test_main.sh b/t/cli/test_main.sh
index 6a0358405..079d36578 100755
--- a/t/cli/test_main.sh
+++ b/t/cli/test_main.sh
@@ -525,13 +525,14 @@ echo "passed: worker_processes number is configurable"
git checkout conf/config.yaml
echo "
-apisix:
- admin_api_mtls:
- admin_ssl_cert: '../t/certs/apisix_admin_ssl.crt'
- admin_ssl_cert_key: '../t/certs/apisix_admin_ssl.key'
- admin_listen:
- port: 9180
- https_admin: true
+deployment:
+ admin:
+ admin_listen:
+ port: 9180
+ https_admin: true
+ admin_api_mtls:
+ admin_ssl_cert: '../t/certs/apisix_admin_ssl.crt'
+ admin_ssl_cert_key: '../t/certs/apisix_admin_ssl.key'
" > conf/customized_config.yaml
cp conf/config.yaml conf/config_original.yaml
diff --git a/t/cli/test_makefile.sh b/t/cli/test_makefile.sh
index 5b1ecd712..30a196d00 100755
--- a/t/cli/test_makefile.sh
+++ b/t/cli/test_makefile.sh
@@ -22,11 +22,13 @@
make run
echo "
+deployment:
+ admin:
+ admin_listen:
+ ip: 127.0.0.2
+ port: 9181
apisix:
enable_admin: true
- admin_listen:
- ip: 127.0.0.2
- port: 9181
" > conf/config.yaml
make reload
diff --git a/t/cli/test_snippet.sh b/t/cli/test_snippet.sh
index ad55151f1..1b545dd9c 100755
--- a/t/cli/test_snippet.sh
+++ b/t/cli/test_snippet.sh
@@ -25,8 +25,6 @@ echo '
apisix:
node_listen: 9080
enable_admin: true
- admin_listen:
- port: 9180
stream_proxy:
only: false
tcp:
diff --git a/t/cli/test_upstream_mtls.sh b/t/cli/test_upstream_mtls.sh
index b2b53cfab..b2e437fff 100755
--- a/t/cli/test_upstream_mtls.sh
+++ b/t/cli/test_upstream_mtls.sh
@@ -28,10 +28,6 @@ exit_if_not_customed_nginx
echo '
apisix:
- admin_key:
- - name: admin
- key: edd1c9f034335f136f87ad84b625c8f1
- role: admin
ssl:
ssl_trusted_certificate: t/certs/apisix.crt
nginx_config:
@@ -91,10 +87,6 @@ echo "passed: connection to upstream with mTLS success"
# test proxy_ssl_trusted_certificate and use incorrect ca cert
echo '
apisix:
- admin_key:
- - name: admin
- key: edd1c9f034335f136f87ad84b625c8f1
- role: admin
ssl:
ssl_trusted_certificate: t/certs/apisix_ecc.crt
nginx_config:
diff --git a/t/cli/test_validate_config.sh b/t/cli/test_validate_config.sh
index 2fe5d4066..1c00360f1 100755
--- a/t/cli/test_validate_config.sh
+++ b/t/cli/test_validate_config.sh
@@ -75,11 +75,13 @@ make stop
echo "passed: find the certificate correctly"
echo '
+deployment:
+ admin:
+ admin_listen:
+ port: 9180
apisix:
node_listen: 9080
enable_admin: true
- admin_listen:
- port: 9180
stream_proxy:
tcp:
- "localhost:9100"
diff --git a/t/control/schema.t b/t/control/schema.t
index ae9c676d7..f3e9f7d62 100644
--- a/t/control/schema.t
+++ b/t/control/schema.t
@@ -110,10 +110,7 @@ passed
=== TEST 2: confirm the scope of plugin
---- yaml_config
-apisix:
- node_listen: 1984
- admin_key: null
+--- extra_yaml_config
plugins:
- batch-requests
- error-log-logger
diff --git a/t/core/config-default.t b/t/core/config-default.t
index 17ccedd5c..a9546c97d 100644
--- a/t/core/config-default.t
+++ b/t/core/config-default.t
@@ -32,7 +32,7 @@ __DATA__
ngx.say("node_listen: ", config.apisix.node_listen)
ngx.say("stream_proxy: ", encode_json(config.apisix.stream_proxy))
- ngx.say("admin_key: ", encode_json(config.apisix.admin_key))
+ ngx.say("admin_key: ",
encode_json(config.deployment.admin.admin_key))
}
}
--- request
@@ -56,15 +56,16 @@ failed to parse yaml config: failed to merge,
path[apisix->node_listen] expect:
=== TEST 3: use `null` means delete
--- yaml_config
-apisix:
- admin_key: null
+deployment:
+ admin:
+ admin_key: null
--- config
location /t {
content_by_lua_block {
local encode_json = require("toolkit.json").encode
local config = require("apisix.core").config.local_conf()
- ngx.say("admin_key: ", encode_json(config.apisix.admin_key))
+ ngx.say("admin_key: ", encode_json(config.deployment.admin.admin_key))
}
}
--- request
@@ -76,15 +77,16 @@ admin_key: null
=== TEST 4: use `~` means delete
--- yaml_config
-apisix:
- admin_key: ~
+deployment:
+ admin:
+ admin_key: null
--- config
location /t {
content_by_lua_block {
local encode_json = require("toolkit.json").encode
local config = require("apisix.core").config.local_conf()
- ngx.say("admin_key: ", encode_json(config.apisix.admin_key))
+ ngx.say("admin_key: ", encode_json(config.deployment.admin.admin_key))
}
}
--- request
diff --git a/t/core/config_etcd.t b/t/core/config_etcd.t
index 5c1d590a1..a117689c3 100644
--- a/t/core/config_etcd.t
+++ b/t/core/config_etcd.t
@@ -157,11 +157,12 @@ qr/(10:certificate has expired){1,}/
--- yaml_config
apisix:
node_listen: 1984
- admin_key: null
deployment:
role: traditional
role_traditional:
config_provider: etcd
+ admin:
+ admin_key: null
etcd:
host:
- "https://127.0.0.1:12379";
@@ -207,6 +208,8 @@ deployment:
role: traditional
role_traditional:
config_provider: etcd
+ admin:
+ admin_key: ~
etcd:
host:
- "https://127.0.0.1:12379";
diff --git a/t/core/utils.t b/t/core/utils.t
index e6c4735d3..0d82c9315 100644
--- a/t/core/utils.t
+++ b/t/core/utils.t
@@ -128,8 +128,6 @@ qr/"address":.+,"name":"github.com"/
apisix:
node_listen: 1984
enable_server_tokens: false
- admin_key: null
-
--- config
location /t {
content_by_lua_block {
diff --git a/t/deployment/conf_server.t b/t/deployment/conf_server.t
index cd5353e37..b440591e9 100644
--- a/t/deployment/conf_server.t
+++ b/t/deployment/conf_server.t
@@ -71,11 +71,13 @@ __DATA__
}
--- response_body
prev_index updated
---- extra_yaml_config
+--- yaml_config
deployment:
role: traditional
role_traditional:
config_provider: etcd
+ admin:
+ admin_key: ~
etcd:
prefix: "/apisix"
host:
@@ -95,7 +97,7 @@ deployment:
ngx.say(res.body.node.value)
}
}
---- extra_yaml_config
+--- yaml_config
deployment:
role: traditional
role_traditional:
@@ -139,7 +141,7 @@ foo
ngx.say(res.body.node.value)
}
}
---- extra_yaml_config
+--- yaml_config
deployment:
role: traditional
role_traditional:
@@ -207,7 +209,7 @@ localhost is resolved to: 127.0.0.2
end
}
}
---- extra_yaml_config
+--- yaml_config
deployment:
role: traditional
role_traditional:
@@ -236,7 +238,7 @@ x.com is resolved to: 127.0.0.2
ngx.say(res.body.node.value)
}
}
---- extra_yaml_config
+--- yaml_config
deployment:
role: traditional
role_traditional:
@@ -281,7 +283,7 @@ server {
}
--- response_body
foo
---- extra_yaml_config
+--- yaml_config
deployment:
role: traditional
role_traditional:
@@ -325,7 +327,7 @@ server {
}
--- response_body
foo
---- extra_yaml_config
+--- yaml_config
deployment:
role: traditional
role_traditional:
@@ -365,7 +367,7 @@ server {
}
--- response_body
foo
---- extra_yaml_config
+--- yaml_config
deployment:
role: traditional
role_traditional:
@@ -403,7 +405,7 @@ server {
}
--- response_body
foo
---- extra_yaml_config
+--- yaml_config
deployment:
role: traditional
role_traditional:
@@ -434,7 +436,7 @@ Receive Host: localhost
ngx.say(timeout)
}
}
---- extra_yaml_config
+--- yaml_config
deployment:
role: traditional
role_traditional:
diff --git a/t/deployment/conf_server2.t b/t/deployment/conf_server2.t
index b8261c80c..02149053d 100644
--- a/t/deployment/conf_server2.t
+++ b/t/deployment/conf_server2.t
@@ -46,7 +46,7 @@ server {
proxy_pass http://127.0.0.1:2379;
}
}
---- extra_yaml_config
+--- yaml_config
deployment:
role: traditional
role_traditional:
@@ -89,7 +89,7 @@ server {
proxy_pass http://127.0.0.1:2379;
}
}
---- extra_yaml_config
+--- yaml_config
deployment:
role: traditional
role_traditional:
@@ -133,7 +133,7 @@ server {
proxy_pass http://127.0.0.1:2379;
}
}
---- extra_yaml_config
+--- yaml_config
deployment:
role: traditional
role_traditional:
diff --git a/t/deployment/mtls.t b/t/deployment/mtls.t
index 8826dd2dd..a0e6cecfa 100644
--- a/t/deployment/mtls.t
+++ b/t/deployment/mtls.t
@@ -47,7 +47,7 @@ __DATA__
curl --cert t/certs/mtls_client.crt --key t/certs/mtls_client.key -k
https://localhost:12345/version
--- response_body eval
qr/"etcdserver":/
---- extra_yaml_config
+--- yaml_config
deployment:
role: control_plane
role_control_plane:
@@ -73,7 +73,7 @@ deployment:
curl -k https://localhost:12345/version
--- response_body eval
qr/No required SSL certificate was sent/
---- extra_yaml_config
+--- yaml_config
deployment:
role: control_plane
role_control_plane:
@@ -99,7 +99,7 @@ deployment:
curl --cert t/certs/apisix.crt --key t/certs/apisix.key -k
https://localhost:12345/version
--- response_body eval
qr/The SSL certificate error/
---- extra_yaml_config
+--- yaml_config
deployment:
role: control_plane
role_control_plane:
diff --git a/t/discovery/nacos2.t b/t/discovery/nacos2.t
index 51365c793..755ce16e0 100644
--- a/t/discovery/nacos2.t
+++ b/t/discovery/nacos2.t
@@ -223,7 +223,6 @@ done
--- yaml_config
apisix:
node_listen: 1984
- admin_key: null
--- extra_yaml_config
discovery:
nacos:
diff --git a/t/node/route-status.t b/t/node/route-status.t
index 24ac4ca73..cad6a051a 100644
--- a/t/node/route-status.t
+++ b/t/node/route-status.t
@@ -27,7 +27,6 @@ apisix:
node_listen: 1984
router:
http: 'radixtree_host_uri'
- admin_key: null
_EOC_
run_tests();
diff --git a/t/node/upstream-mtls.t b/t/node/upstream-mtls.t
index eaf3fe2fd..3ee1c28cc 100644
--- a/t/node/upstream-mtls.t
+++ b/t/node/upstream-mtls.t
@@ -341,7 +341,6 @@ GET /t
--- yaml_config
apisix:
node_listen: 1984
- admin_key: null
ssl:
key_encrypt_salt: null
--- config
diff --git a/t/plugin/dubbo-proxy/route.t b/t/plugin/dubbo-proxy/route.t
index da8fd5383..46cf9e834 100644
--- a/t/plugin/dubbo-proxy/route.t
+++ b/t/plugin/dubbo-proxy/route.t
@@ -162,7 +162,6 @@ dubbo success
apisix:
node_listen: 1984
enable_admin: true
- admin_key: null
plugins:
- key-auth
- dubbo-proxy
@@ -230,7 +229,6 @@ passed
apisix:
node_listen: 1984
enable_admin: true
- admin_key: null
plugins:
- key-auth
- dubbo-proxy
@@ -243,7 +241,6 @@ plugins:
apisix:
node_listen: 1984
enable_admin: true
- admin_key: null
plugins:
- key-auth
- dubbo-proxy
diff --git a/t/plugin/error-log-logger-clickhouse.t
b/t/plugin/error-log-logger-clickhouse.t
index 2e7c14aa7..02ad604ba 100644
--- a/t/plugin/error-log-logger-clickhouse.t
+++ b/t/plugin/error-log-logger-clickhouse.t
@@ -32,6 +32,14 @@ add_block_preprocessor(sub {
$block->set_value("request", "GET /t");
}
+ if (!defined $block->extra_yaml_config) {
+ my $extra_yaml_config = <<_EOC_;
+plugins:
+ - error-log-logger
+_EOC_
+ $block->set_value("extra_yaml_config", $extra_yaml_config);
+ }
+
my $http_config = $block->http_config // <<_EOC_;
server {
listen 10420;
@@ -88,12 +96,6 @@ done
=== TEST 2: test unreachable server
---- yaml_config
-apisix:
- enable_admin: true
- admin_key: null
-plugins:
- - error-log-logger
--- config
location /t {
content_by_lua_block {
@@ -128,12 +130,6 @@ clickhouse headers: x-clickhouse-database:default
=== TEST 3: put plugin metadata and log an error level message
---- yaml_config
-apisix:
- enable_admin: true
- admin_key: null
-plugins:
- - error-log-logger
--- config
location /t {
content_by_lua_block {
@@ -169,12 +165,6 @@ clickhouse headers: x-clickhouse-database:default
=== TEST 4: log a warn level message
---- yaml_config
-apisix:
- enable_admin: true
- admin_key: null
-plugins:
- - error-log-logger
--- config
location /t {
content_by_lua_block {
@@ -194,12 +184,6 @@ clickhouse headers: x-clickhouse-database:default
=== TEST 5: log some messages
---- yaml_config
-apisix:
- enable_admin: true
- admin_key: null
-plugins:
- - error-log-logger
--- config
location /t {
content_by_lua_block {
@@ -219,12 +203,6 @@ clickhouse headers: x-clickhouse-database:default
=== TEST 6: log an info level message
---- yaml_config
-apisix:
- enable_admin: true
- admin_key: null
-plugins:
- - error-log-logger
--- config
location /t {
content_by_lua_block {
@@ -240,12 +218,6 @@ this is an info message for test6
=== TEST 7: delete metadata for the plugin, recover to the default
---- yaml_config
-apisix:
- enable_admin: true
- admin_key: null
-plugins:
- - error-log-logger
--- config
location /t {
content_by_lua_block {
diff --git a/t/plugin/error-log-logger-skywalking.t
b/t/plugin/error-log-logger-skywalking.t
index 289ac369e..54354f34e 100644
--- a/t/plugin/error-log-logger-skywalking.t
+++ b/t/plugin/error-log-logger-skywalking.t
@@ -21,6 +21,19 @@ repeat_each(1);
no_long_string();
no_root_location();
worker_connections(128);
+
+add_block_preprocessor(sub {
+ my ($block) = @_;
+
+ if (!defined $block->extra_yaml_config) {
+ my $extra_yaml_config = <<_EOC_;
+plugins:
+ - error-log-logger
+_EOC_
+ $block->set_value("extra_yaml_config", $extra_yaml_config);
+ }
+});
+
run_tests;
__DATA__
@@ -56,12 +69,6 @@ done
=== TEST 2: test unreachable server
---- yaml_config
-apisix:
- enable_admin: true
- admin_key: null
-plugins:
- - error-log-logger
--- config
location /tg {
content_by_lua_block {
@@ -90,12 +97,6 @@ qr/Batch Processor\[error-log-logger\] failed to process
entries: error while se
=== TEST 3: put plugin metadata and log an error level message
---- yaml_config
-apisix:
- enable_admin: true
- admin_key: null
-plugins:
- - error-log-logger
--- config
location /tg {
content_by_lua_block {
@@ -126,12 +127,6 @@ qr/.*\[\{\"body\":\{\"text\":\{\"text\":\".*this is an
error message for test.*\
=== TEST 4: log a warn level message
---- yaml_config
-apisix:
- enable_admin: true
- admin_key: null
-plugins:
- - error-log-logger
--- config
location /tg {
content_by_lua_block {
@@ -149,12 +144,6 @@ qr/.*\[\{\"body\":\{\"text\":\{\"text\":\".*this is a
warning message for test.*
=== TEST 5: log some messages
---- yaml_config
-apisix:
- enable_admin: true
- admin_key: null
-plugins:
- - error-log-logger
--- config
location /tg {
content_by_lua_block {
@@ -173,12 +162,6 @@ qr/.*\[\{\"body\":\{\"text\":\{\"text\":\".*this is an
error message for test.*\
=== TEST 6: log an info level message
---- yaml_config
-apisix:
- enable_admin: true
- admin_key: null
-plugins:
- - error-log-logger
--- config
location /tg {
content_by_lua_block {
@@ -196,12 +179,6 @@ qr/.*\[\{\"body\":\{\"text\":\{\"text\":\".*this is an
info message for test.*\"
=== TEST 7: delete metadata for the plugin, recover to the default
---- yaml_config
-apisix:
- enable_admin: true
- admin_key: null
-plugins:
- - error-log-logger
--- config
location /tg {
content_by_lua_block {
diff --git a/t/plugin/error-log-logger.t b/t/plugin/error-log-logger.t
index 7aa37a422..451f85299 100644
--- a/t/plugin/error-log-logger.t
+++ b/t/plugin/error-log-logger.t
@@ -63,6 +63,15 @@ _EOC_
_EOC_
$block->set_value("stream_server_config", $stream_default_server);
+
+ if (!defined $block->extra_yaml_config) {
+ my $extra_yaml_config = <<_EOC_;
+plugins:
+ - error-log-logger
+_EOC_
+ $block->set_value("extra_yaml_config", $extra_yaml_config);
+ }
+
});
run_tests;
@@ -70,6 +79,7 @@ run_tests;
__DATA__
=== TEST 1: not enable the plugin
+--- extra_yaml_config
--- config
location /tg {
content_by_lua_block {
@@ -87,9 +97,6 @@ error-log-logger
=== TEST 2: enable the plugin, but not init the metadata
---- yaml_config
-plugins:
- - error-log-logger
--- config
location /tg {
content_by_lua_block {
@@ -107,12 +114,6 @@ qr/please set the correct plugin_metadata for
error-log-logger/
=== TEST 3: set a wrong metadata
---- yaml_config
-apisix:
- enable_admin: true
- admin_key: null
-plugins:
- - error-log-logger
--- config
location /tg {
content_by_lua_block {
@@ -145,12 +146,6 @@ qr/please set the correct plugin_metadata for
error-log-logger/
=== TEST 4: test unreachable server
---- yaml_config
-apisix:
- enable_admin: true
- admin_key: null
-plugins:
- - error-log-logger
--- config
location /tg {
content_by_lua_block {
@@ -180,12 +175,6 @@ qr/\[Server\] receive data:.*this is a warning message for
test./
=== TEST 5: log a warn level message
---- yaml_config
-apisix:
- enable_admin: true
- admin_key: null
-plugins:
- - error-log-logger
--- config
location /tg {
content_by_lua_block {
@@ -215,9 +204,6 @@ qr/\[Server\] receive data:.*this is a warning message for
test./
=== TEST 6: log an error level message
---- yaml_config
-plugins:
- - error-log-logger
--- config
location /tg {
content_by_lua_block {
@@ -236,9 +222,6 @@ qr/\[Server\] receive data:.*this is an error message for
test./
=== TEST 7: log an info level message
---- yaml_config
-plugins:
- - error-log-logger
--- config
location /tg {
content_by_lua_block {
@@ -257,12 +240,6 @@ qr/\[Server\] receive data:.*this is an info message for
test./
=== TEST 8: delete metadata for the plugin, recover to the default
---- yaml_config
-apisix:
- enable_admin: true
- admin_key: null
-plugins:
- - error-log-logger
--- config
location /tg {
content_by_lua_block {
@@ -288,12 +265,6 @@ passed
=== TEST 9: want to reload the plugin by route
---- yaml_config
-apisix:
- enable_admin: true
- admin_key: null
-plugins:
- - error-log-logger
--- config
location /tg {
content_by_lua_block {
@@ -336,12 +307,6 @@ qr/please set the correct plugin_metadata for
error-log-logger/
=== TEST 10: avoid sending stale error log
---- yaml_config
-apisix:
- enable_admin: true
- admin_key: null
-plugins:
- - error-log-logger
--- config
location /tg {
content_by_lua_block {
@@ -375,12 +340,6 @@ qr/\[Server\] receive data:.*this is an error message for
test./
=== TEST 11: delete the route
---- yaml_config
-apisix:
- enable_admin: true
- admin_key: null
-plugins:
- - error-log-logger
--- config
location /tg {
content_by_lua_block {
@@ -406,12 +365,6 @@ passed
=== TEST 12: log a warn level message (schema compatibility testing)
---- yaml_config
-apisix:
- enable_admin: true
- admin_key: null
-plugins:
- - error-log-logger
--- config
location /tg {
content_by_lua_block {
@@ -441,9 +394,6 @@ qr/\[Server\] receive data:.*this is a warning message for
test./
=== TEST 13: log an error level message (schema compatibility testing)
---- yaml_config
-plugins:
- - error-log-logger
--- config
location /tg {
content_by_lua_block {
@@ -462,9 +412,6 @@ qr/\[Server\] receive data:.*this is an error message for
test./
=== TEST 14: log an info level message (schema compatibility testing)
---- yaml_config
-plugins:
- - error-log-logger
--- config
location /tg {
content_by_lua_block {
@@ -483,12 +430,6 @@ qr/\[Server\] receive data:.*this is an info message for
test./
=== TEST 15: delete metadata for the plugin, recover to the default (schema
compatibility testing)
---- yaml_config
-apisix:
- enable_admin: true
- admin_key: null
-plugins:
- - error-log-logger
--- config
location /tg {
content_by_lua_block {
diff --git a/t/plugin/log-rotate.t b/t/plugin/log-rotate.t
index 5e04be131..8ce51dd5d 100644
--- a/t/plugin/log-rotate.t
+++ b/t/plugin/log-rotate.t
@@ -25,11 +25,7 @@ no_root_location();
add_block_preprocessor(sub {
my ($block) = @_;
- my $user_yaml_config = <<_EOC_;
-apisix:
- node_listen: 1984
- admin_key: null
-
+ my $extra_yaml_config = <<_EOC_;
plugins: # plugin list
- log-rotate
@@ -39,7 +35,7 @@ plugin_attr:
max_kept: 3
_EOC_
- $block->set_value("yaml_config", $user_yaml_config);
+ $block->set_value("extra_yaml_config", $extra_yaml_config);
if ((!defined $block->error_log) && (!defined $block->no_error_log)) {
diff --git a/t/plugin/log-rotate2.t b/t/plugin/log-rotate2.t
index 617a29b5a..faebee804 100644
--- a/t/plugin/log-rotate2.t
+++ b/t/plugin/log-rotate2.t
@@ -25,11 +25,7 @@ no_root_location();
add_block_preprocessor(sub {
my ($block) = @_;
- if (!defined $block->yaml_config) {
- my $yaml_config = <<_EOC_;
-apisix:
- node_listen: 1984
- admin_key: ~
+ my $extra_yaml_config = <<_EOC_;
plugins:
- log-rotate
plugin_attr:
@@ -39,8 +35,7 @@ plugin_attr:
enable_compression: true
_EOC_
- $block->set_value("yaml_config", $yaml_config);
- }
+ $block->set_value("extra_yaml_config", $extra_yaml_config);
if ((!defined $block->error_log) && (!defined $block->no_error_log)) {
$block->set_value("no_error_log", "[error]");
diff --git a/t/plugin/log-rotate3.t b/t/plugin/log-rotate3.t
index bfab0f9b6..e6dbdd877 100644
--- a/t/plugin/log-rotate3.t
+++ b/t/plugin/log-rotate3.t
@@ -25,11 +25,8 @@ no_root_location();
add_block_preprocessor(sub {
my ($block) = @_;
- if (!defined $block->yaml_config) {
- my $yaml_config = <<_EOC_;
-apisix:
- node_listen: 1984
- admin_key: ~
+ if (!defined $block->extra_yaml_config) {
+ my $extra_yaml_config = <<_EOC_;
plugins:
- log-rotate
plugin_attr:
@@ -40,7 +37,7 @@ plugin_attr:
enable_compression: false
_EOC_
- $block->set_value("yaml_config", $yaml_config);
+ $block->set_value("extra_yaml_config", $extra_yaml_config);
}
if ((!defined $block->error_log) && (!defined $block->no_error_log)) {
diff --git a/t/router/radixtree-host-uri-priority.t
b/t/router/radixtree-host-uri-priority.t
index a05b619fa..4190bb338 100644
--- a/t/router/radixtree-host-uri-priority.t
+++ b/t/router/radixtree-host-uri-priority.t
@@ -29,7 +29,6 @@ apisix:
enable_admin: false
router:
http: 'radixtree_host_uri'
- admin_key: null
_EOC_
run_tests();
diff --git a/t/router/radixtree-host-uri.t b/t/router/radixtree-host-uri.t
index 63e07d4b1..098a6c23b 100644
--- a/t/router/radixtree-host-uri.t
+++ b/t/router/radixtree-host-uri.t
@@ -27,7 +27,6 @@ apisix:
node_listen: 1984
router:
http: 'radixtree_host_uri'
- admin_key: null
_EOC_
run_tests();
diff --git a/t/router/radixtree-host-uri2.t b/t/router/radixtree-host-uri2.t
index 313bc6a14..7573bf804 100644
--- a/t/router/radixtree-host-uri2.t
+++ b/t/router/radixtree-host-uri2.t
@@ -29,7 +29,6 @@ apisix:
enable_admin: false
router:
http: 'radixtree_host_uri'
- admin_key: null
_EOC_
run_tests();
diff --git a/t/router/radixtree-host-uri3.t b/t/router/radixtree-host-uri3.t
index 9fa14c22f..2db4bb437 100644
--- a/t/router/radixtree-host-uri3.t
+++ b/t/router/radixtree-host-uri3.t
@@ -21,7 +21,6 @@ apisix:
node_listen: 1984
router:
http: 'radixtree_host_uri'
- admin_key: null
_EOC_
add_block_preprocessor(sub {
diff --git a/t/router/radixtree-uri-keep-end-slash.t
b/t/router/radixtree-uri-keep-end-slash.t
index d51ac0755..01225e439 100644
--- a/t/router/radixtree-uri-keep-end-slash.t
+++ b/t/router/radixtree-uri-keep-end-slash.t
@@ -26,7 +26,6 @@ our $yaml_config = <<_EOC_;
apisix:
node_listen: 1984
delete_uri_tail_slash: true
- admin_key: null
_EOC_
run_tests();
diff --git a/t/router/radixtree-uri-sanity.t b/t/router/radixtree-uri-sanity.t
index d49285ff1..ac9ab5a1e 100644
--- a/t/router/radixtree-uri-sanity.t
+++ b/t/router/radixtree-uri-sanity.t
@@ -25,7 +25,6 @@ no_shuffle();
our $servlet_yaml_config = <<_EOC_;
apisix:
node_listen: 1984
- admin_key: null
normalize_uri_like_servlet: true
_EOC_
diff --git a/t/router/radixtree-uri-with-parameter.t
b/t/router/radixtree-uri-with-parameter.t
index f591fab30..00686e996 100644
--- a/t/router/radixtree-uri-with-parameter.t
+++ b/t/router/radixtree-uri-with-parameter.t
@@ -25,7 +25,6 @@ no_shuffle();
our $yaml_config = <<_EOC_;
apisix:
node_listen: 1984
- admin_key: null
router:
http: 'radixtree_uri_with_parameter'
_EOC_
