Copilot commented on code in PR #12935:
URL: https://github.com/apache/apisix/pull/12935#discussion_r2802875534
##########
t/stream-node/tls.t:
##########
@@ -133,3 +150,161 @@ fetch table plugins
release table ctx_var
release table plugins
release table api_ctx
+
+=== TEST 6: stream tls supports $ENV certificate reference
+--- config
+ location /t-env {
+ content_by_lua_block {
+ local core = require("apisix.core")
+ local t = require("lib.test_admin")
+
+ local data = {
+ cert = "$ENV://APISIX_STREAM_ENV_CERT",
+ key = "$ENV://APISIX_STREAM_ENV_KEY",
+ sni = "env.test.com",
+ }
+
+ local code, body = t.test('/apisix/admin/ssls/2',
+ ngx.HTTP_PUT,
+ core.json.encode(data)
+ )
+
+ if code >= 300 then
+ ngx.status = code
+ ngx.say(body)
+ return
+ end
+
+ local code, body = t.test('/apisix/admin/stream_routes/2',
+ ngx.HTTP_PUT,
+ [[{
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1995": 1
+ },
+ "type": "roundrobin"
+ }
+ }]]
+ )
+
+ if code >= 300 then
+ ngx.status = code
+ end
+
+ ngx.say("passed")
+ }
Review Comment:
In this test block, if creating the stream_route fails (code >= 300) you
still respond with body "passed". Even though the status is set to the error
code, this hides the actual error response and makes failures harder to debug.
Consider returning early on error and outputting the admin API response body
instead of always printing "passed".
##########
t/stream-node/tls.t:
##########
@@ -133,3 +150,161 @@ fetch table plugins
release table ctx_var
release table plugins
release table api_ctx
+
+=== TEST 6: stream tls supports $ENV certificate reference
+--- config
+ location /t-env {
+ content_by_lua_block {
+ local core = require("apisix.core")
+ local t = require("lib.test_admin")
+
+ local data = {
+ cert = "$ENV://APISIX_STREAM_ENV_CERT",
+ key = "$ENV://APISIX_STREAM_ENV_KEY",
+ sni = "env.test.com",
+ }
+
+ local code, body = t.test('/apisix/admin/ssls/2',
+ ngx.HTTP_PUT,
+ core.json.encode(data)
+ )
+
+ if code >= 300 then
+ ngx.status = code
+ ngx.say(body)
+ return
+ end
+
+ local code, body = t.test('/apisix/admin/stream_routes/2',
+ ngx.HTTP_PUT,
+ [[{
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1995": 1
+ },
+ "type": "roundrobin"
+ }
+ }]]
+ )
+
+ if code >= 300 then
+ ngx.status = code
+ end
+
+ ngx.say("passed")
+ }
+ }
+--- request
+GET /t-env
+--- response_body
+passed
+
+
+
+=== TEST 7: hit stream route with env cert
+--- stream_tls_request
+hello
+--- stream_sni: env.test.com
+--- response_body
+hello world
+
+=== TEST 8: store cert and key in vault for stream tls
+--- exec
+VAULT_TOKEN='root' VAULT_ADDR='http://0.0.0.0:8200' vault kv put kv/apisix/ssl
\
+ test.com.crt=@t/certs/apisix.crt \
+ test.com.key=@t/certs/apisix.key
+--- response_body
+Success!
+
+
+=== TEST 9: set secret provider (vault) for stream tls
+--- config
+ location /t-secret {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+
+ local code, body = t('/apisix/admin/secrets/vault/stream-test',
+ ngx.HTTP_PUT,
+ [[{
+ "uri": "http://0.0.0.0:8200";,
+ "prefix": "kv/apisix",
+ "token": "root"
+ }]],
+ [[{
+ "key": "/apisix/secrets/vault/stream-test",
+ "value": {
+ "uri": "http://0.0.0.0:8200";,
+ "prefix": "kv/apisix",
+ "token": "root"
+ }
+ }]]
+ )
+
+ ngx.status = code
+ ngx.say(body)
+ }
+ }
+--- request
+GET /t-secret
+--- response_body
+passed
+
+
+
+=== TEST 10: stream tls supports $secret certificate reference
+--- config
+ location /t-secret {
+ content_by_lua_block {
+ local core = require("apisix.core")
+ local t = require("lib.test_admin")
+
+ local data = {
+ cert = "$secret://vault/stream-test/ssl/test.com.crt",
+ key = "$secret://vault/stream-test/ssl/test.com.key",
+ sni = "secret.test.com",
+ }
+
+ local code, body = t.test('/apisix/admin/ssls/3',
+ ngx.HTTP_PUT,
+ core.json.encode(data)
+ )
+
+ if code >= 300 then
+ ngx.status = code
+ ngx.say(body)
+ return
+ end
+
+ local code, body = t.test('/apisix/admin/stream_routes/3',
+ ngx.HTTP_PUT,
+ [[{
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1995": 1
+ },
+ "type": "roundrobin"
+ }
+ }]]
+ )
+
+ if code >= 300 then
+ ngx.status = code
+ end
+
+ ngx.say("passed")
+ }
Review Comment:
Same pattern here: when the stream_route creation fails (code >= 300), the
handler still prints "passed". This discards the actual error payload from the
admin API and makes the test output misleading. Return early and print the
error body when code indicates failure.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
