soulbird commented on code in PR #8866:
URL: https://github.com/apache/apisix/pull/8866#discussion_r1107941614
##########
t/config-center-yaml/secret.t:
##########
@@ -388,3 +392,131 @@ env secret=apisix;
GET /t
--- response_body
nil
+
+
+
+=== TEST 17: validate secret/vault with the token in an env var: wrong schema
+--- apisix_yaml
+secrets:
+ - id: vault/1
+ prefix: kv/apisix
+ token: "$ENV://VAULT_TOKEN"
+ uri: 127.0.0.1:8200
+#END
+--- config
+ location /t {
+ content_by_lua_block {
+ local secret = require("apisix.secret")
+ local values = secret.secrets()
+ ngx.say(#values)
+ }
+ }
+--- request
+GET /t
+--- response_body
+0
+--- error_log
+property "uri" validation failed: failed to match pattern
"^[^\\/]+:\\/\\/([\\da-zA-Z.-]+|\\[[\\da-fA-F:]+\\])(:\\d+)?"
+
+
+
+=== TEST 18: validate secrets with the token in an env var: manager not exits
+--- apisix_yaml
+secrets:
+ - id: hhh/1
+ prefix: kv/apisix
+ token: "$ENV://VAULT_TOKEN"
+ uri: 127.0.0.1:8200
+#END
+--- config
+ location /t {
+ content_by_lua_block {
+ local secret = require("apisix.secret")
+ local values = secret.secrets()
+ ngx.say(#values)
+ }
+ }
+--- request
+GET /t
+--- response_body
+0
+--- error_log
+secret manager not exits
+
+
+
+=== TEST 19: load config normal with the token in an env var
+--- apisix_yaml
+secrets:
+ - id: vault/1
+ prefix: kv/apisix
+ token: "$ENV://VAULT_TOKEN"
+ uri: http://127.0.0.1:8200
+#END
+--- config
+ location /t {
+ content_by_lua_block {
+ local secret = require("apisix.secret")
+ local values = secret.secrets()
+ ngx.say("len: ", #values)
+
+ ngx.say("id: ", values[1].value.id)
+ ngx.say("prefix: ", values[1].value.prefix)
+ ngx.say("token: ", values[1].value.token)
+ ngx.say("uri: ", values[1].value.uri)
+ }
+ }
+--- request
+GET /t
+--- response_body
+len: 1
+id: vault/1
+prefix: kv/apisix
+token: $ENV://VAULT_TOKEN
+uri: http://127.0.0.1:8200
+
Review Comment:
There is no need to add this test
##########
t/config-center-yaml/secret.t:
##########
@@ -388,3 +392,131 @@ env secret=apisix;
GET /t
--- response_body
nil
+
+
+
+=== TEST 17: validate secret/vault with the token in an env var: wrong schema
+--- apisix_yaml
+secrets:
+ - id: vault/1
+ prefix: kv/apisix
+ token: "$ENV://VAULT_TOKEN"
+ uri: 127.0.0.1:8200
+#END
+--- config
+ location /t {
+ content_by_lua_block {
+ local secret = require("apisix.secret")
+ local values = secret.secrets()
+ ngx.say(#values)
+ }
+ }
+--- request
+GET /t
+--- response_body
+0
+--- error_log
+property "uri" validation failed: failed to match pattern
"^[^\\/]+:\\/\\/([\\da-zA-Z.-]+|\\[[\\da-fA-F:]+\\])(:\\d+)?"
Review Comment:
Why add this test case? It doesn't look like it has anything to do with your
modification?
##########
t/config-center-yaml/secret.t:
##########
@@ -388,3 +392,131 @@ env secret=apisix;
GET /t
--- response_body
nil
+
+
+
+=== TEST 17: validate secret/vault with the token in an env var: wrong schema
+--- apisix_yaml
+secrets:
+ - id: vault/1
+ prefix: kv/apisix
+ token: "$ENV://VAULT_TOKEN"
+ uri: 127.0.0.1:8200
+#END
+--- config
+ location /t {
+ content_by_lua_block {
+ local secret = require("apisix.secret")
+ local values = secret.secrets()
+ ngx.say(#values)
+ }
+ }
+--- request
+GET /t
+--- response_body
+0
+--- error_log
+property "uri" validation failed: failed to match pattern
"^[^\\/]+:\\/\\/([\\da-zA-Z.-]+|\\[[\\da-fA-F:]+\\])(:\\d+)?"
+
+
+
+=== TEST 18: validate secrets with the token in an env var: manager not exits
+--- apisix_yaml
+secrets:
+ - id: hhh/1
+ prefix: kv/apisix
+ token: "$ENV://VAULT_TOKEN"
+ uri: 127.0.0.1:8200
+#END
+--- config
+ location /t {
+ content_by_lua_block {
+ local secret = require("apisix.secret")
+ local values = secret.secrets()
+ ngx.say(#values)
+ }
+ }
+--- request
+GET /t
+--- response_body
+0
+--- error_log
+secret manager not exits
Review Comment:
ditto
##########
t/config-center-yaml/secret.t:
##########
@@ -388,3 +392,131 @@ env secret=apisix;
GET /t
--- response_body
nil
+
+
+
+=== TEST 17: validate secret/vault with the token in an env var: wrong schema
+--- apisix_yaml
+secrets:
+ - id: vault/1
+ prefix: kv/apisix
+ token: "$ENV://VAULT_TOKEN"
+ uri: 127.0.0.1:8200
+#END
+--- config
+ location /t {
+ content_by_lua_block {
+ local secret = require("apisix.secret")
+ local values = secret.secrets()
+ ngx.say(#values)
+ }
+ }
+--- request
+GET /t
+--- response_body
+0
+--- error_log
+property "uri" validation failed: failed to match pattern
"^[^\\/]+:\\/\\/([\\da-zA-Z.-]+|\\[[\\da-fA-F:]+\\])(:\\d+)?"
+
+
+
+=== TEST 18: validate secrets with the token in an env var: manager not exits
+--- apisix_yaml
+secrets:
+ - id: hhh/1
+ prefix: kv/apisix
+ token: "$ENV://VAULT_TOKEN"
+ uri: 127.0.0.1:8200
+#END
+--- config
+ location /t {
+ content_by_lua_block {
+ local secret = require("apisix.secret")
+ local values = secret.secrets()
+ ngx.say(#values)
+ }
+ }
+--- request
+GET /t
+--- response_body
+0
+--- error_log
+secret manager not exits
+
+
+
+=== TEST 19: load config normal with the token in an env var
+--- apisix_yaml
+secrets:
+ - id: vault/1
+ prefix: kv/apisix
+ token: "$ENV://VAULT_TOKEN"
+ uri: http://127.0.0.1:8200
+#END
+--- config
+ location /t {
+ content_by_lua_block {
+ local secret = require("apisix.secret")
+ local values = secret.secrets()
+ ngx.say("len: ", #values)
+
+ ngx.say("id: ", values[1].value.id)
+ ngx.say("prefix: ", values[1].value.prefix)
+ ngx.say("token: ", values[1].value.token)
+ ngx.say("uri: ", values[1].value.uri)
+ }
+ }
+--- request
+GET /t
+--- response_body
+len: 1
+id: vault/1
+prefix: kv/apisix
+token: $ENV://VAULT_TOKEN
+uri: http://127.0.0.1:8200
+
+
+
+=== TEST 20: secret.fetch_by_uri with the token in an env var: start with
$secret://
+--- apisix_yaml
+secrets:
+ - id: vault/1
+ prefix: kv/apisix
+ token: "$ENV://VAULT_TOKEN"
+ uri: http://127.0.0.1:8200
+#END
+--- config
+ location /t {
+ content_by_lua_block {
+ local secret = require("apisix.secret")
+ local value =
secret.fetch_by_uri("$secret://vault/1/apisix-key/key")
+ ngx.say(value)
+ }
+ }
+--- request
+GET /t
+--- response_body
+value
+
+
+
+=== TEST 21: secret.fetch_by_uri, no sub key value with the token in an env var
Review Comment:
This test case already exists
##########
t/plugin/basic-auth.t:
##########
@@ -540,3 +544,73 @@ GET /echo
Authorization: Basic Zm9vOmJhcg==
--- response_headers
Authorization: Basic Zm9vOmJhcg==
+
+
+
+=== TEST 25: set basic-auth conf with the token in an env var: password uses
secret ref
+--- request
+GET /t
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ -- put secret vault config
+ local code, body = t('/apisix/admin/secrets/vault/test1',
+ ngx.HTTP_PUT,
+ [[{
+ "uri": "http://127.0.0.1:8200";,
+ "prefix" : "kv/apisix",
+ "token" : "$ENV://VAULT_TOKEN"
+ }]]
+ )
+
+ if code >= 300 then
+ ngx.status = code
+ return ngx.say(body)
+ end
+
+ -- change consumer with secrets ref: vault
+ code, body = t('/apisix/admin/consumers',
+ ngx.HTTP_PUT,
+ [[{
+ "username": "foo",
+ "plugins": {
+ "basic-auth": {
+ "username": "foo",
+ "password": "$secret://vault/test1/foo/passwd"
+ }
+ }
+ }]]
+ )
+ if code >= 300 then
+ ngx.status = code
+ return ngx.say(body)
+ end
+
+ -- set route
+ code, body = t('/apisix/admin/routes/1',
+ ngx.HTTP_PUT,
+ [[{
+ "plugins": {
+ "basic-auth": {
+ "hide_credentials": false
+ }
+ },
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "uri": "/echo"
+ }]]
+ )
+
+ if code >= 300 then
+ ngx.status = code
+ end
+ ngx.say(body)
+ }
+ }
+--- response_body
+passed
Review Comment:
You only configured the route, you also need to verify whether the route is
effective
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
