tzssangglass commented on code in PR #8487:
URL: https://github.com/apache/apisix/pull/8487#discussion_r1046722410
##########
apisix/plugin.lua:
##########
@@ -903,19 +926,57 @@ _M.decrypt_conf = decrypt_conf
local function encrypt_conf(name, conf, schema_type)
local schema = get_plugin_schema_for_gde(name, schema_type)
if not schema then
+ core.log.warn("failed to get schema for plugin: ", name)
return
end
- for key, props in pairs(schema.properties) do
- if props.type == "string" and props.encrypted and conf[key] then
- local encrypted = apisix_ssl.aes_encrypt_pkey(conf[key],
"data_encrypt")
- conf[key] = encrypted
+ if schema.encrypt_fields and not core.table.isempty(schema.encrypt_fields)
then
+ for _, key in ipairs(schema.encrypt_fields) do
+ if conf[key] then
+ local encrypted, err = apisix_ssl.aes_encrypt_pkey(conf[key],
"data_encrypt")
+ if not encrypted then
+ core.log.warn("failed to encrypt the conf of plugin [",
name,
+ "] key [", key, "], err: ", err)
+ else
+ conf[key] = encrypted
+ end
+ elseif core.string.find(key, ".") then
+ -- encrypt fields has indents
+ local res, err = re_split(key, "\\.", "jo")
+ if not res then
+ core.log.warn("failed to split key [", key, "], err: ",
err)
+ return
+ end
+
+ -- we only support two levels
Review Comment:
I'd like to optimize when the schema must be expressed in more than two
levels.
For now, I think two levels are enough(In fact, I hate nesting more than two
levels in a schema, it's unreadable.)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
