This is an automated email from the ASF dual-hosted git repository.
monkeydluffy pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git
The following commit(s) were added to refs/heads/master by this push:
new 11ee894e4 fix: fix and optimize tls in upstream_schema (#10269)
11ee894e4 is described below
commit 11ee894e4b380feea953667bd8e6a2485aa6b38d
Author: wzy0618 <[email protected]>
AuthorDate: Thu Oct 12 17:27:09 2023 +0800
fix: fix and optimize tls in upstream_schema (#10269)
---
apisix/schema_def.lua | 12 ++-----
t/core/schema_def.t | 98 +++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 101 insertions(+), 9 deletions(-)
diff --git a/apisix/schema_def.lua b/apisix/schema_def.lua
index 8413beda7..0fd969409 100644
--- a/apisix/schema_def.lua
+++ b/apisix/schema_def.lua
@@ -402,16 +402,10 @@ local upstream_schema = {
},
},
dependencies = {
- client_cert = {
- required = {"client_key"},
- ["not"] = {required = {"client_cert_id"}}
- },
- client_key = {
- required = {"client_cert"},
- ["not"] = {required = {"client_cert_id"}}
- },
+ client_cert = {required = {"client_key"}},
+ client_key = {required = {"client_cert"}},
client_cert_id = {
- ["not"] = {required = {"client_client", "client_key"}}
+ ["not"] = {required = {"client_cert", "client_key"}}
}
}
},
diff --git a/t/core/schema_def.t b/t/core/schema_def.t
index b6a7bba05..da3bb51f8 100644
--- a/t/core/schema_def.t
+++ b/t/core/schema_def.t
@@ -139,3 +139,101 @@ qr/ok: false err: property "(id|plugins)" is required/
GET /t
--- response_body
passed
+
+
+
+=== TEST 4: sanity check upstream_schema
+--- config
+ location /t {
+ content_by_lua_block {
+ local schema_def = require("apisix.schema_def")
+ local core = require("apisix.core")
+ local t = require("lib.test_admin")
+ local ssl_cert = t.read_file("t/certs/apisix.crt")
+ local ssl_key = t.read_file("t/certs/apisix.key")
+ local upstream = {
+ nodes = {
+ ["127.0.0.1:8080"] = 1
+ },
+ type = "roundrobin",
+ tls = {
+ client_cert_id = 1,
+ client_cert = ssl_cert,
+ client_key = ssl_key
+ }
+ }
+ local ok, err = core.schema.check(schema_def.upstream, upstream)
+ assert(not ok)
+ assert(err ~= nil)
+
+ upstream = {
+ nodes = {
+ ["127.0.0.1:8080"] = 1
+ },
+ type = "roundrobin",
+ tls = {
+ client_cert_id = 1
+ }
+ }
+ local ok, err = core.schema.check(schema_def.upstream, upstream)
+ assert(ok)
+ assert(err == nil, err)
+
+ upstream = {
+ nodes = {
+ ["127.0.0.1:8080"] = 1
+ },
+ type = "roundrobin",
+ tls = {
+ client_cert = ssl_cert,
+ client_key = ssl_key
+ }
+ }
+ local ok, err = core.schema.check(schema_def.upstream, upstream)
+ assert(ok)
+ assert(err == nil, err)
+
+ upstream = {
+ nodes = {
+ ["127.0.0.1:8080"] = 1
+ },
+ type = "roundrobin",
+ tls = {
+ }
+ }
+ local ok, err = core.schema.check(schema_def.upstream, upstream)
+ assert(ok)
+ assert(err == nil, err)
+
+ upstream = {
+ nodes = {
+ ["127.0.0.1:8080"] = 1
+ },
+ type = "roundrobin",
+ tls = {
+ client_cert = ssl_cert
+ }
+ }
+ local ok, err = core.schema.check(schema_def.upstream, upstream)
+ assert(not ok)
+ assert(err ~= nil)
+
+ upstream = {
+ nodes = {
+ ["127.0.0.1:8080"] = 1
+ },
+ type = "roundrobin",
+ tls = {
+ client_cert_id = 1,
+ client_key = ssl_key
+ }
+ }
+ local ok, err = core.schema.check(schema_def.upstream, upstream)
+ assert(not ok)
+ assert(err ~= nil)
+
+ ngx.say("passed")
+ }
+ }
+--- response_body
+passed
