This is an automated email from the ASF dual-hosted git repository.
bzp2010 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git
The following commit(s) were added to refs/heads/master by this push:
new e1aabd38b feat: bump lua-resty-ldap version for ldap-auth (#9037)
e1aabd38b is described below
commit e1aabd38bdaae42accfbe7f5561371fe6fe62a33
Author: Zeping Bai <[email protected]>
AuthorDate: Wed Mar 15 18:10:01 2023 +0800
feat: bump lua-resty-ldap version for ldap-auth (#9037)
---
apisix/plugins/ldap-auth.lua | 32 +++++++++++++++++-------------
ci/centos7-ci.sh | 13 +++++++++---
ci/common.sh | 19 ++++++++++++++++++
ci/linux_apisix_current_luarocks_runner.sh | 7 +++++--
ci/linux_apisix_master_luarocks_runner.sh | 3 +++
ci/linux_openresty_common_runner.sh | 3 +++
rockspec/apisix-master-0.rockspec | 2 +-
t/chaos/utils/Dockerfile | 6 ++++++
8 files changed, 65 insertions(+), 20 deletions(-)
diff --git a/apisix/plugins/ldap-auth.lua b/apisix/plugins/ldap-auth.lua
index 6486f9a13..41156c1bf 100644
--- a/apisix/plugins/ldap-auth.lua
+++ b/apisix/plugins/ldap-auth.lua
@@ -18,7 +18,7 @@ local core = require("apisix.core")
local ngx = ngx
local ngx_re = require("ngx.re")
local consumer_mod = require("apisix.consumer")
-local ldap = require("resty.ldap")
+local ok, ldap_cli = pcall(require, "resty.ldap.client")
local schema = {
type = "object",
@@ -100,6 +100,11 @@ local function extract_auth_header(authorization)
end
function _M.rewrite(conf, ctx)
+ if not ok then -- ensure rasn library loaded
+ core.log.error("failed to load lua-resty-ldap lib: ", ldap_cli)
+ return 501
+ end
+
core.log.info("plugin rewrite phase, conf: ", core.json.delay_encode(conf))
-- 1. extract authorization from header
@@ -117,20 +122,19 @@ function _M.rewrite(conf, ctx)
-- 2. try authenticate the user against the ldap server
local ldap_host, ldap_port = core.utils.parse_addr(conf.ldap_uri)
-
- local userdn = conf.uid .. "=" .. user.username .. "," .. conf.base_dn
- local ldapconf = {
- timeout = 10000,
+ local ldap_client = ldap_cli:new(ldap_host, ldap_port, {
start_tls = false,
- ldap_host = ldap_host,
- ldap_port = ldap_port or 389,
ldaps = conf.use_tls,
- tls_verify = conf.tls_verify,
- base_dn = conf.base_dn,
- attribute = conf.uid,
- keepalive = 60000,
- }
- local res, err = ldap.ldap_authenticate(user.username, user.password,
ldapconf)
+ ssl_verify = conf.tls_verify,
+ socket_timeout = 10000,
+ keepalive_pool_name = ldap_host .. ":" .. ldap_port .. "_ldapauth"
+ .. (conf.use_tls and "_tls" or ""),
+ keepalive_pool_size = 5,
+ keepalive_timeout = 60000,
+ })
+
+ local user_dn = conf.uid .. "=" .. user.username .. "," .. conf.base_dn
+ local res, err = ldap_client:simple_bind(user_dn, user.password)
if not res then
core.log.warn("ldap-auth failed: ", err)
return 401, { message = "Invalid user authorization" }
@@ -143,7 +147,7 @@ function _M.rewrite(conf, ctx)
end
local consumers = consumer_mod.consumers_kv(plugin_name, consumer_conf,
"user_dn")
- local consumer = consumers[userdn]
+ local consumer = consumers[user_dn]
if not consumer then
return 401, {message = "Invalid user authorization"}
end
diff --git a/ci/centos7-ci.sh b/ci/centos7-ci.sh
index 5a0339064..251dd3363 100755
--- a/ci/centos7-ci.sh
+++ b/ci/centos7-ci.sh
@@ -23,10 +23,14 @@ install_dependencies() {
# install build & runtime deps
yum install -y wget tar gcc automake autoconf libtool make unzip \
- git sudo openldap-devel which
+ git sudo openldap-devel which ca-certificates openssl-devel \
+ epel-release
+
+ # install newer curl
+ yum makecache
+ yum install -y libnghttp2-devel
+ install_curl
- # curl with http2
- wget
https://github.com/moparisthebest/static-curl/releases/download/v7.79.1/curl-amd64
-qO /usr/bin/curl
# install openresty to make apisix's rpm test work
yum install -y yum-utils && yum-config-manager --add-repo
https://openresty.org/package/centos/openresty.repo
yum install -y openresty openresty-debug openresty-openssl111-debug-devel
pcre pcre-devel
@@ -69,6 +73,9 @@ install_dependencies() {
# install nodejs
install_nodejs
+ # install rust
+ install_rust
+
# grpc-web server && client
cd t/plugin/grpc-web
./setup.sh
diff --git a/ci/common.sh b/ci/common.sh
index 769cc1305..509647b00 100644
--- a/ci/common.sh
+++ b/ci/common.sh
@@ -56,6 +56,20 @@ rerun_flaky_tests() {
FLUSH_ETCD=1 prove --timer -I./test-nginx/lib -I./ $(echo "$tests" | xargs)
}
+install_curl () {
+ CURL_VERSION="7.88.0"
+ wget https://curl.se/download/curl-${CURL_VERSION}.tar.gz
+ tar -xzvf curl-${CURL_VERSION}.tar.gz
+ cd curl-${CURL_VERSION}
+ ./configure --prefix=/usr/local --with-openssl --with-nghttp2
+ make
+ sudo make install
+ sudo ldconfig
+ cd ..
+ rm -rf curl-${CURL_VERSION}
+ curl -V
+}
+
install_grpcurl () {
# For more versions, visit https://github.com/fullstorydev/grpcurl/releases
GRPCURL_VERSION="1.8.5"
@@ -85,6 +99,11 @@ install_nodejs () {
npm config set registry https://registry.npmjs.org/
}
+install_rust () {
+ curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sudo sh -s --
-y
+ source "$HOME/.cargo/env"
+}
+
set_coredns() {
# test a domain name is configured as upstream
echo "127.0.0.1 test.com" | sudo tee -a /etc/hosts
diff --git a/ci/linux_apisix_current_luarocks_runner.sh
b/ci/linux_apisix_current_luarocks_runner.sh
index cb974524b..a8836f43b 100755
--- a/ci/linux_apisix_current_luarocks_runner.sh
+++ b/ci/linux_apisix_current_luarocks_runner.sh
@@ -34,9 +34,12 @@ script() {
sudo rm -rf /usr/local/share/lua/5.1/apisix
+ # install rust
+ install_rust
+
# install APISIX with local version
- sudo luarocks install rockspec/apisix-master-0.rockspec --only-deps >
build.log 2>&1 || (cat build.log && exit 1)
- sudo luarocks make rockspec/apisix-master-0.rockspec > build.log 2>&1 ||
(cat build.log && exit 1)
+ luarocks install rockspec/apisix-master-0.rockspec --only-deps > build.log
2>&1 || (cat build.log && exit 1)
+ luarocks make rockspec/apisix-master-0.rockspec > build.log 2>&1 || (cat
build.log && exit 1)
# ensure all files under apisix is installed
diff -rq apisix /usr/local/share/lua/5.1/apisix
diff --git a/ci/linux_apisix_master_luarocks_runner.sh
b/ci/linux_apisix_master_luarocks_runner.sh
index d49f271f6..d40ce8a7f 100755
--- a/ci/linux_apisix_master_luarocks_runner.sh
+++ b/ci/linux_apisix_master_luarocks_runner.sh
@@ -38,6 +38,9 @@ script() {
mkdir tmp && cd tmp
cp -r ../utils ./
+ # install rust
+ install_rust
+
# install APISIX by luarocks
sudo luarocks install $APISIX_MAIN > build.log 2>&1 || (cat build.log &&
exit 1)
cp ../bin/apisix /usr/local/bin/apisix
diff --git a/ci/linux_openresty_common_runner.sh
b/ci/linux_openresty_common_runner.sh
index 4029d851b..c96f8f6c3 100755
--- a/ci/linux_openresty_common_runner.sh
+++ b/ci/linux_openresty_common_runner.sh
@@ -33,6 +33,9 @@ do_install() {
./ci/linux-install-etcd-client.sh
+ # install rust
+ install_rust
+
create_lua_deps
# sudo apt-get install tree -y
diff --git a/rockspec/apisix-master-0.rockspec
b/rockspec/apisix-master-0.rockspec
index a45cfbc77..8a73fd59c 100644
--- a/rockspec/apisix-master-0.rockspec
+++ b/rockspec/apisix-master-0.rockspec
@@ -78,7 +78,7 @@ dependencies = {
"xml2lua = 1.5-2",
"nanoid = 0.1-1",
"lua-resty-mediador = 0.1.2-1",
- "lua-resty-ldap = 0.1.0-0"
+ "lua-resty-ldap = 0.2.0-0"
}
build = {
diff --git a/t/chaos/utils/Dockerfile b/t/chaos/utils/Dockerfile
index 3eecfd580..36bf2212f 100644
--- a/t/chaos/utils/Dockerfile
+++ b/t/chaos/utils/Dockerfile
@@ -33,8 +33,14 @@ RUN set -x \
git \
openldap-dev \
pcre-dev \
+ sudo \
&& cd apisix \
&& git config --global url.https://github.com/.insteadOf git://github.com/
\
+ && curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sudo sh -s
-- -y \
+ && source "$HOME/.cargo/env" \
+ && export CARGO_REGISTRIES_CRATES_IO_PROTOCOL=sparse \
+ # next line is for rust cdylib compile on musl
+ && export RUSTFLAGS="-C target-feature=-crt-static" \
&& make deps \
&& cp -v bin/apisix /usr/bin/ \
&& mv ../apisix /usr/local/apisix \
