AlinsRan commented on code in PR #13062:
URL: https://github.com/apache/apisix/pull/13062#discussion_r3548070434
##########
apisix/init.lua:
##########
@@ -552,9 +552,22 @@ function _M.handle_upstream(api_ctx, route,
enable_websocket)
return ngx_exit(1)
end
+ local new_upstream_ssl = apisix_secret.fetch_secrets(upstream_ssl,
true)
+
+ if not new_upstream_ssl then
Review Comment:
Removed the nil check entirely — it was unreachable. The resolve is now
`fetch_secrets(...) or upstream_ssl`, gated on `secret.has_secret_ref()`.
##########
t/node/upstream-mtls.t:
##########
@@ -783,3 +809,125 @@ passed
GET /hello
--- response_body
hello world
+
+=== TEST 24: get cert by tls.client_cert_id with secrets using secrets
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin")
+ local json = require("toolkit.json")
+
+ local data = {
+ type = "client",
+ cert = "$secret://vault/test/ssl/mtls_client.crt",
+ key = "$secret://vault/test/ssl/mtls_client.key"
+ }
Review Comment:
Vault backend is configured now — TEST 1 writes the cert/key into Vault and
TEST 2 creates `/apisix/admin/secrets/vault/test`.
##########
t/node/upstream-mtls.t:
##########
@@ -783,3 +809,125 @@ passed
GET /hello
--- response_body
hello world
+
+=== TEST 24: get cert by tls.client_cert_id with secrets using secrets
Review Comment:
Renamed to `get cert by tls.client_cert_id with $secret:// refs`.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]