Re: [PR] fix(stream): initialize env and secret for TLS cert resolution [apisix]

Sun, 25 Jan 2026 17:59:36 -0800 


Baoyuantop commented on code in PR #12935:
URL: https://github.com/apache/apisix/pull/12935#discussion_r2726151006


##########
t/stream-node/tls.t:
##########
@@ -133,3 +141,65 @@ fetch table plugins
 release table ctx_var
 release table plugins
 release table api_ctx
+
+=== TEST 6: stream tls supports $ENV certificate reference
+--- config
+    location /t-env {
+        content_by_lua_block {
+            local core = require("apisix.core")
+            local t = require("lib.test_admin")
+
+            local data = {
+                cert = "$ENV://APISIX_STREAM_ENV_CERT",
+                key  = "$ENV://APISIX_STREAM_ENV_KEY",
+                sni  = "env.test.com",
+            }
+
+            local code, body = t.test('/apisix/admin/ssls/2',
+                ngx.HTTP_PUT,
+                core.json.encode(data)
+            )
+
+            if code >= 300 then
+                ngx.status = code
+                ngx.say(body)
+                return
+            end
+
+            local code, body = t.test('/apisix/admin/stream_routes/2',
+                ngx.HTTP_PUT,
+                [[{
+                    "upstream": {
+                        "nodes": {
+                            "127.0.0.1:1995": 1
+                        },
+                        "type": "roundrobin"
+                    }
+                }]]
+            )
+
+            if code >= 300 then
+                ngx.status = code
+            end
+
+            ngx.say("passed")
+        }
+    }
+--- request
+GET /t-env
+--- response_body
+passed
+
+
+
+=== TEST 7: hit stream route with env cert
+--- stream_tls_request
+hello
+--- stream_sni: env.test.com
+--- response_body
+hello world
+
+END {
+    delete $ENV{APISIX_STREAM_ENV_CERT};
+    delete $ENV{APISIX_STREAM_ENV_KEY};
+}

Review Comment:
   It is recommended to remove the END {} block; manual cleanup of these 
environment variables is not required.



##########
t/stream-node/tls.t:
##########
@@ -25,6 +25,14 @@ add_block_preprocessor(sub {
     my ($block) = @_;
 });
 
+BEGIN {
+    use t::APISIX;
+
+    $ENV{APISIX_STREAM_ENV_CERT} = t::APISIX::read_file("t/certs/apisix.crt");
+    $ENV{APISIX_STREAM_ENV_KEY}  = t::APISIX::read_file("t/certs/apisix.key");
+}

Review Comment:
   You can refer to 
https://github.com/apache/apisix/blob/master/t/node/ssl.t#L18-L33



##########
t/stream-node/tls.t:
##########
@@ -133,3 +141,65 @@ fetch table plugins
 release table ctx_var
 release table plugins
 release table api_ctx
+
+=== TEST 6: stream tls supports $ENV certificate reference

Review Comment:
   Test cases for $secret:// should also be added to ensure complete coverage.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to