AlinsRan commented on code in PR #13062:
URL: https://github.com/apache/apisix/pull/13062#discussion_r3548070434


##########
apisix/init.lua:
##########
@@ -552,9 +552,22 @@ function _M.handle_upstream(api_ctx, route, 
enable_websocket)
             return ngx_exit(1)
         end
 
+        local new_upstream_ssl = apisix_secret.fetch_secrets(upstream_ssl, 
true)
+
+        if not new_upstream_ssl then

Review Comment:
   Removed the nil check entirely — it was unreachable. The resolve is now 
`fetch_secrets(...) or upstream_ssl`, gated on `secret.has_secret_ref()`.



##########
t/node/upstream-mtls.t:
##########
@@ -783,3 +809,125 @@ passed
 GET /hello
 --- response_body
 hello world
+
+=== TEST 24: get cert by tls.client_cert_id with secrets using secrets
+--- config
+    location /t {
+        content_by_lua_block {
+            local t = require("lib.test_admin")
+            local json = require("toolkit.json")
+
+            local data = {
+                type = "client",
+                cert = "$secret://vault/test/ssl/mtls_client.crt",
+                key = "$secret://vault/test/ssl/mtls_client.key"
+            }

Review Comment:
   Vault backend is configured now — TEST 1 writes the cert/key into Vault and 
TEST 2 creates `/apisix/admin/secrets/vault/test`.



##########
t/node/upstream-mtls.t:
##########
@@ -783,3 +809,125 @@ passed
 GET /hello
 --- response_body
 hello world
+
+=== TEST 24: get cert by tls.client_cert_id with secrets using secrets

Review Comment:
   Renamed to `get cert by tls.client_cert_id with $secret:// refs`.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to