nic-6443 commented on code in PR #13514:
URL: https://github.com/apache/apisix/pull/13514#discussion_r3397091000
##########
apisix/plugin.lua:
##########
@@ -1183,8 +1188,13 @@ _M.encrypt_conf = encrypt_conf
check_plugin_metadata = function(item)
+ -- A plugin_metadata entry takes no effect until its plugin is enabled,
+ -- so entries of disabled or unknown plugins are ignored silently. This
+ -- also covers the entries of the other subsystem's plugins: the
+ -- plugin_metadata directory is watched by both the http and the stream
+ -- subsystems, while each of them only loads its own plugins.
local ok, err = check_single_plugin_schema(item.id, item,
- core.schema.TYPE_METADATA, true)
+ core.schema.TYPE_METADATA,
false, true)
if ok and enable_gde() then
decrypt_conf(item.id, item, core.schema.TYPE_METADATA)
end
Review Comment:
Right — with GDE on, the decrypt path would still warn for unloaded plugins.
Fixed in 974c12a8b: decrypt now only runs when the plugin is present in
`local_plugins_hash`, and TEST 4 enables data_encryption to pin this.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
