[apisix] branch master updated (8197e0356 -> 777c0b713)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git from 8197e0356 fix: the problem of high cpu and memory usage (#9015) (#9016) add 777c0b713 feat: support variable when rewrite header in proxy rewrite plugin (#9112) No new revisions were added by this update. Summary of changes: apisix/core/utils.lua | 41 + apisix/plugins/proxy-rewrite.lua| 27 -- docs/en/latest/plugins/proxy-rewrite.md | 4 +- docs/zh/latest/plugins/proxy-rewrite.md | 4 +- t/plugin/proxy-rewrite3.t | 149 5 files changed, 216 insertions(+), 9 deletions(-)
[apisix] branch master updated (3b76c4554 -> 8197e0356)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git from 3b76c4554 fix: etcd data sync exception (#8493) add 8197e0356 fix: the problem of high cpu and memory usage (#9015) (#9016) No new revisions were added by this update. Summary of changes: apisix/core/config_util.lua| 8 ++- apisix/upstream.lua| 15 +- ...ealthcheck-multiple-worker.t => healthcheck3.t} | 59 -- 3 files changed, 42 insertions(+), 40 deletions(-) copy t/node/{healthcheck-multiple-worker.t => healthcheck3.t} (70%)
[apisix] branch master updated: fix: etcd data sync exception (#8493)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new 3b76c4554 fix: etcd data sync exception (#8493) 3b76c4554 is described below commit 3b76c45543861a0fb4a7924842d3a47c51ae83b2 Author: CuttleFish AuthorDate: Tue Mar 21 09:52:27 2023 +0800 fix: etcd data sync exception (#8493) Co-authored-by: 80317381 --- apisix/core/config_util.lua | 4 t/core/config_util.t| 8 2 files changed, 12 insertions(+) diff --git a/apisix/core/config_util.lua b/apisix/core/config_util.lua index b3fb13b7c..4cc0ed33d 100644 --- a/apisix/core/config_util.lua +++ b/apisix/core/config_util.lua @@ -96,6 +96,10 @@ end -- fire all clean handlers added by add_clean_handler. function _M.fire_all_clean_handlers(item) +-- When the key is deleted, the item will be set to false. +if not item then +return +end if not item.clean_handlers then return end diff --git a/t/core/config_util.t b/t/core/config_util.t index 2b012fc97..6d9e1e2f8 100644 --- a/t/core/config_util.t +++ b/t/core/config_util.t @@ -89,6 +89,11 @@ __DATA__ return item, idx1, idx2 end +local function setup_to_false() +local item = false +return item +end + local item, idx1, idx2 = setup() util.cancel_clean_handler(item, idx1, true) util.cancel_clean_handler(item, idx2, true) @@ -103,6 +108,9 @@ __DATA__ local item, idx1, idx2 = setup() util.cancel_clean_handler(item, idx1) util.fire_all_clean_handlers(item) + +local item = setup_to_false() +util.fire_all_clean_handlers(item) } } --- grep_error_log eval
[apisix] branch master updated: fix: checker leak for domain nodes (#9090)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new 8e9c051db fix: checker leak for domain nodes (#9090) 8e9c051db is described below commit 8e9c051db20353a09aa843124fae9569b2d4d9ff Author: jinhua luo AuthorDate: Tue Mar 21 09:21:13 2023 +0800 fix: checker leak for domain nodes (#9090) --- apisix/init.lua | 12 +++-- t/node/healthcheck-leak-bugfix.t | 112 +++ 2 files changed, 121 insertions(+), 3 deletions(-) diff --git a/apisix/init.lua b/apisix/init.lua index 388af426e..aef5b7ebe 100644 --- a/apisix/init.lua +++ b/apisix/init.lua @@ -223,9 +223,15 @@ local function parse_domain_in_route(route) -- don't modify the modifiedIndex to avoid plugin cache miss because of DNS resolve result -- has changed --- Here we copy the whole route instead of part of it, --- so that we can avoid going back from route.value to route during copying. -route.dns_value = core.table.deepcopy(route).value +local parent = route.value.upstream.parent +if parent then +route.value.upstream.parent = nil +end +route.dns_value = core.table.deepcopy(route.value) +if parent then +route.value.upstream.parent = parent +route.dns_value.upstream.parent = parent +end route.dns_value.upstream.nodes = new_nodes core.log.info("parse route which contain domain: ", core.json.delay_encode(route, true)) diff --git a/t/node/healthcheck-leak-bugfix.t b/t/node/healthcheck-leak-bugfix.t new file mode 100644 index 0..d3ada8c17 --- /dev/null +++ b/t/node/healthcheck-leak-bugfix.t @@ -0,0 +1,112 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +use t::APISIX 'no_plan'; + +repeat_each(1); +log_level('warn'); +no_root_location(); +no_shuffle(); + +run_tests(); + +__DATA__ + +=== TEST 1: ensure the old check is cleared after configuration updated +--- extra_init_worker_by_lua +local healthcheck = require("resty.healthcheck") +local new = healthcheck.new +healthcheck.new = function(...) +local obj = new(...) +local clear = obj.clear +obj.clear = function(...) +ngx.log(ngx.WARN, "clear checker") +return clear(...) +end +return obj +end + +--- extra_init_by_lua +local utils = require("apisix.core.utils") +local count = 0 +utils.dns_parse = function (domain) -- mock: DNS parser +count = count + 1 +if domain == "test1.com" then +return {address = "127.0.0." .. count} +end +if domain == "test2.com" then +return {address = "127.0.0." .. count+100} +end + +error("unknown domain: " .. domain) +end + +--- config +location /t { +content_by_lua_block { +local cfg = [[{ +"upstream": { +"nodes": { +"test1.com:1980": 1, +"test2.com:1980": 1 +}, +"type": "roundrobin", +"checks":{ +"active":{ +"healthy":{ +"http_statuses":[ +200, +302 +], +"interval":1, +"successes":2 +}, +"http_path":"/hello", +"timeout":1, +"type":"http", +"unhealthy":{ +"http_failures":5, +"http_statuses":[ +429, +
[apisix] branch master updated (e4e7c7327 -> 02421e2ad)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git from e4e7c7327 fix(consumer): work if the etcd connection failed during starting (#9077) add 02421e2ad chore(deps): bump actions/setup-go from 3 to 4 (#9082) No new revisions were added by this update. Summary of changes: .github/workflows/build.yml| 2 +- .github/workflows/chaos.yml| 2 +- .github/workflows/gm-cron.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-)
[apisix] branch master updated (513b3f6b1 -> e4e7c7327)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git from 513b3f6b1 ci: fix low disk space error when loading saved docker images (#9080) add e4e7c7327 fix(consumer): work if the etcd connection failed during starting (#9077) No new revisions were added by this update. Summary of changes: .github/workflows/centos7-ci.yml | 6 -- .github/workflows/fips.yml | 6 -- .github/workflows/gm-cron.yaml | 6 -- apisix/consumer.lua | 3 +-- t/node/consumer-plugin2.t| 31 +++ t/plugin/udp-logger.t| 4 ++-- 6 files changed, 46 insertions(+), 10 deletions(-)
[apisix] branch master updated: change: change the default router from radixtree uri to radixtree hos… (#9047)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new 1f27b7220 change: change the default router from radixtree uri to radixtree hos… (#9047) 1f27b7220 is described below commit 1f27b72206a3a33517110cc1b6070e1a138e2e46 Author: Liu Wei AuthorDate: Fri Mar 17 10:18:49 2023 +0800 change: change the default router from radixtree uri to radixtree hos… (#9047) --- apisix/http/router/radixtree_host_uri.lua | 7 - apisix/plugins/ai.lua | 1 + conf/config-default.yaml | 2 +- docs/en/latest/terminology/router.md | 10 +-- docs/zh/latest/terminology/router.md | 11 ++-- t/config-center-yaml/route.t | 12 t/node/route-status.t | 11 t/plugin/ai5.t| 16 +-- t/router/radixtree-host-uri-priority.t| 12 +--- t/router/radixtree-host-uri.t | 23 ++- t/router/radixtree-host-uri2.t| 16 +-- t/router/radixtree-host-uri3.t| 6 ++-- t/router/radixtree-method.t | 11 t/router/radixtree-sni.t | 47 ++- t/router/radixtree-sni2.t | 37 ++-- t/router/radixtree-uri-host.t | 15 ++ t/router/radixtree-uri-keep-end-slash.t | 13 +++-- t/router/radixtree-uri-multiple.t | 15 ++ t/router/radixtree-uri-priority.t | 14 + t/router/radixtree-uri-sanity.t | 17 +++ t/router/radixtree-uri-vars.t | 16 +++ 21 files changed, 177 insertions(+), 135 deletions(-) diff --git a/apisix/http/router/radixtree_host_uri.lua b/apisix/http/router/radixtree_host_uri.lua index 70919763c..532576e53 100644 --- a/apisix/http/router/radixtree_host_uri.lua +++ b/apisix/http/router/radixtree_host_uri.lua @@ -17,6 +17,7 @@ local require = require local router = require("apisix.utils.router") local core = require("apisix.core") +local event = require("apisix.core.event") local get_services = require("apisix.http.service").services local service_fetch = require("apisix.http.service").get local ipairs = ipairs @@ -104,8 +105,9 @@ local function create_radixtree_router(routes) local host_routes = {} local only_uri_routes = {} host_router = nil +routes = routes or {} -for _, route in ipairs(routes or {}) do +for _, route in ipairs(routes) do local status = core.table.try_read_attr(route, "value", "status") -- check the status if not status or status == 1 then @@ -128,6 +130,9 @@ local function create_radixtree_router(routes) end }) end + +event.push(event.CONST.BUILD_ROUTER, routes) + if #host_router_routes > 0 then host_router = router.new(host_router_routes) end diff --git a/apisix/plugins/ai.lua b/apisix/plugins/ai.lua index 3195b4bae..b46249a9a 100644 --- a/apisix/plugins/ai.lua +++ b/apisix/plugins/ai.lua @@ -163,6 +163,7 @@ local function routes_analyze(routes) local route_flags = core.table.new(0, 16) local route_up_flags = core.table.new(0, 12) + for _, route in ipairs(routes) do if type(route) == "table" then for key, value in pairs(route.value) do diff --git a/conf/config-default.yaml b/conf/config-default.yaml index c043ce2de..2765afe9c 100755 --- a/conf/config-default.yaml +++ b/conf/config-default.yaml @@ -75,7 +75,7 @@ apisix: # Turn this option on if you want to be compatible with servlet when matching URI path. normalize_uri_like_servlet: false router: -http: radixtree_uri # radixtree_uri: match route by uri(base on radixtree) +http: radixtree_host_uri # radixtree_uri: match route by uri(base on radixtree) # radixtree_host_uri: match route by host + uri(base on radixtree) # radixtree_uri_with_parameter: like radixtree_uri but match uri with parameters, # see https://github.com/api7/lua-resty-radixtree/#parameters-in-path for diff --git a/docs/en/latest/terminology/router.md b/docs/en/latest/terminology/router.md index 804514f12..0eb49f117 100644 --- a/docs/en/latest/terminology/router.md +++ b/docs/en/latest/terminology/router.md @@ -38,13 +38,19 @@ A Router can have the following configurations: - `apisix.router.http`: The HTTP request route. It can take the following values: - - `radixtree_uri`: (Default) Only use the `uri` as the primary index. To learn more about the support for full and deep prefix matching, check [How to use router-radixtree](../
[apisix] branch master updated (8a9d1b753 -> 6a57bf103)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git from 8a9d1b753 fix: cli test on master (#9075) add 6a57bf103 chore(deps): bump dubbo from 2.7.18 to 2.7.21 in /t/lib/dubbo-backend/dubbo-backend-provider (#9041) No new revisions were added by this update. Summary of changes: t/lib/dubbo-backend/dubbo-backend-provider/pom.xml | 2 +- t/lib/dubbo-backend/pom.xml| 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)
[apisix] branch master updated: fix: Non wildcard origin in CORS should sent Vary header (#9010)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new e41cf45de fix: Non wildcard origin in CORS should sent Vary header (#9010) e41cf45de is described below commit e41cf45debd885a739840a651b6b7c5c5b7d6258 Author: Warnar Boekkooi <88374436+boekkooi-len...@users.noreply.github.com> AuthorDate: Thu Mar 16 02:17:36 2023 +0100 fix: Non wildcard origin in CORS should sent Vary header (#9010) --- apisix/plugins/cors.lua | 7 +++ t/plugin/cors3.t| 4 ++-- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/apisix/plugins/cors.lua b/apisix/plugins/cors.lua index f0d911f5d..8e2a468aa 100644 --- a/apisix/plugins/cors.lua +++ b/apisix/plugins/cors.lua @@ -190,10 +190,6 @@ local function set_cors_headers(conf, ctx) end core.response.set_header("Access-Control-Allow-Origin", ctx.cors_allow_origins) -if ctx.cors_allow_origins ~= "*" then -core.response.add_header("Vary", "Origin") -end - core.response.set_header("Access-Control-Allow-Methods", allow_methods) core.response.set_header("Access-Control-Max-Age", conf.max_age) core.response.set_header("Access-Control-Expose-Headers", conf.expose_headers) @@ -308,6 +304,9 @@ function _M.header_filter(conf, ctx) conf.allow_origins_by_metadata, ctx, req_origin ) end +if conf.allow_origins ~= "*" then +core.response.add_header("Vary", "Origin") +end if allow_origins then ctx.cors_allow_origins = allow_origins set_cors_headers(conf, ctx) diff --git a/t/plugin/cors3.t b/t/plugin/cors3.t index 92210a1a3..ae68dec3f 100644 --- a/t/plugin/cors3.t +++ b/t/plugin/cors3.t @@ -163,7 +163,7 @@ Origin: http://foo.example.org hello world --- response_headers Access-Control-Allow-Origin: -Vary: +Vary: Origin Access-Control-Allow-Methods: Access-Control-Allow-Headers: Access-Control-Expose-Headers: @@ -254,7 +254,7 @@ Origin: http://foo.example.org hello world --- response_headers Access-Control-Allow-Origin: -Vary: +Vary: Origin Access-Control-Allow-Methods: Access-Control-Allow-Headers: Access-Control-Expose-Headers:
[apisix] branch master updated: fix: invalidate cache in core.request.add_haeder and fix some calls (#8824)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new 7e292eadd fix: invalidate cache in core.request.add_haeder and fix some calls (#8824) 7e292eadd is described below commit 7e292eadd36e738f84647634b0c351bc268ea529 Author: Tristan <33349046+jiangfuch...@users.noreply.github.com> AuthorDate: Mon Mar 13 11:07:22 2023 +0800 fix: invalidate cache in core.request.add_haeder and fix some calls (#8824) --- apisix/core/request.lua | 40 --- apisix/plugins/proxy-rewrite.lua | 6 +++--- t/core/request.t | 45 t/plugin/proxy-rewrite3.t| 5 - 4 files changed, 80 insertions(+), 16 deletions(-) diff --git a/apisix/core/request.lua b/apisix/core/request.lua index 173fafc56..aa9dd03bf 100644 --- a/apisix/core/request.lua +++ b/apisix/core/request.lua @@ -42,6 +42,8 @@ local req_get_body_file = ngx.req.get_body_file local req_get_post_args = ngx.req.get_post_args local req_get_uri_args = ngx.req.get_uri_args local req_set_uri_args = ngx.req.set_uri_args +local table_insert = table.insert +local req_set_header = ngx.req.set_header local _M = {} @@ -108,8 +110,7 @@ function _M.header(ctx, name) return _headers(ctx)[name] end - -function _M.set_header(ctx, header_name, header_value) +local function modify_header(ctx, header_name, header_value, override) if type(ctx) == "string" then -- It would be simpler to keep compatibility if we put 'ctx' -- after 'header_value', but the style is too ugly! @@ -117,7 +118,11 @@ function _M.set_header(ctx, header_name, header_value) header_name = ctx ctx = nil -log.warn("DEPRECATED: use set_header(ctx, header_name, header_value) instead") +if override then +log.warn("DEPRECATED: use set_header(ctx, header_name, header_value) instead") +else +log.warn("DEPRECATED: use add_header(ctx, header_name, header_value) instead") +end end local err @@ -131,26 +136,37 @@ function _M.set_header(ctx, header_name, header_value) changed = a6_request.is_request_header_set() end -ngx.req.set_header(header_name, header_value) +if override then +req_set_header(header_name, header_value) +else +req_add_header(header_name, header_value) +end if is_apisix_or and not changed then -- if the headers are not changed before, -- we can only update part of the cache instead of invalidating the whole a6_request.clear_request_header() if ctx and ctx.headers then -ctx.headers[header_name] = header_value +if override or not ctx.headers[header_name] then +ctx.headers[header_name] = header_value +else +local values = ctx.headers[header_name] +if type(values) == "table" then +table_insert(values, header_value) +else +ctx.headers[header_name] = {values, header_value} +end +end end end end -function _M.add_header(header_name, header_value) -local err -header_name, err = _validate_header_name(header_name) -if err then -error(err) -end +function _M.set_header(ctx, header_name, header_value) +modify_header(ctx, header_name, header_value, true) +end -req_add_header(header_name, header_value) +function _M.add_header(ctx, header_name, header_value) +modify_header(ctx, header_name, header_value, false) end -- return the remote address of client which directly connecting to APISIX. diff --git a/apisix/plugins/proxy-rewrite.lua b/apisix/plugins/proxy-rewrite.lua index 65ffdf3ab..0308557ee 100644 --- a/apisix/plugins/proxy-rewrite.lua +++ b/apisix/plugins/proxy-rewrite.lua @@ -327,18 +327,18 @@ function _M.rewrite(conf, ctx) for i = 1, field_cnt, 2 do local val = core.utils.resolve_var(hdr_op.add[i + 1], ctx.var) local header = hdr_op.add[i] -core.request.add_header(header, val) +core.request.add_header(ctx, header, val) end local field_cnt = #hdr_op.set for i = 1, field_cnt, 2 do local val = core.utils.resolve_var(hdr_op.set[i + 1], ctx.var) -core.request.set_header(hdr_op.set[i], val) +core.request.set_header(ctx, hdr_op.set[i], val) end local field_cnt = #hdr_op.remove for i = 1, field_cnt do -core.request.set_header(hdr_op.remove[i], nil) +core.request.set_header(ctx, hdr_op.remove[i], nil) end end diff --git a/t/core/reques
[apisix-docker] 01/01: chore: release APISIX 2.15.3
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch release/apisix-2.15.3 in repository https://gitbox.apache.org/repos/asf/apisix-docker.git commit 4153a4c477f28d6eea0cd4b2e0f4c3e4019bbeb2 Author: spacewander AuthorDate: Wed Mar 8 11:32:59 2023 +0800 chore: release APISIX 2.15.3 Signed-off-by: spacewander --- .github/workflows/apisix_push_docker_hub.yaml | 2 +- Makefile | 2 +- all-in-one/apisix/Dockerfile | 2 +- alpine/Dockerfile | 2 +- centos/Dockerfile | 2 +- debian/Dockerfile | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/apisix_push_docker_hub.yaml b/.github/workflows/apisix_push_docker_hub.yaml index fb00774..53121cb 100644 --- a/.github/workflows/apisix_push_docker_hub.yaml +++ b/.github/workflows/apisix_push_docker_hub.yaml @@ -13,7 +13,7 @@ jobs: - centos - debian env: - APISIX_DOCKER_TAG: 2.15.2-${{ matrix.platform }} + APISIX_DOCKER_TAG: 2.15.3-${{ matrix.platform }} steps: - name: Check out the repo diff --git a/Makefile b/Makefile index 784cfa9..b43b488 100644 --- a/Makefile +++ b/Makefile @@ -21,7 +21,7 @@ SHELL := bash # APISIX ARGS -APISIX_VERSION ?= 2.15.2 +APISIX_VERSION ?= 2.15.3 MAX_APISIX_VERSION ?= 3.0.0 IMAGE_NAME = apache/apisix IMAGE_TAR_NAME = apache_apisix diff --git a/all-in-one/apisix/Dockerfile b/all-in-one/apisix/Dockerfile index 6ab9838..2b998eb 100644 --- a/all-in-one/apisix/Dockerfile +++ b/all-in-one/apisix/Dockerfile @@ -16,7 +16,7 @@ # ARG ENABLE_PROXY=false -ARG APISIX_VERSION=2.15.2 +ARG APISIX_VERSION=2.15.3 ARG ETCD_VERSION=v3.5.4 # Build Apache APISIX diff --git a/alpine/Dockerfile b/alpine/Dockerfile index 9d3491e..4b99a0d 100644 --- a/alpine/Dockerfile +++ b/alpine/Dockerfile @@ -20,7 +20,7 @@ ARG ENABLE_PROXY=false # Build Apache APISIX FROM api7/apisix-base:1.21.4.1.2 -ARG APISIX_VERSION=2.15.2 +ARG APISIX_VERSION=2.15.3 LABEL apisix_version="${APISIX_VERSION}" ARG ENABLE_PROXY diff --git a/centos/Dockerfile b/centos/Dockerfile index b027147..70f8181 100644 --- a/centos/Dockerfile +++ b/centos/Dockerfile @@ -17,7 +17,7 @@ FROM centos:7 -ARG APISIX_VERSION=2.15.2 +ARG APISIX_VERSION=2.15.3 LABEL apisix_version="${APISIX_VERSION}" RUN yum install -y https://repos.apiseven.com/packages/centos/apache-apisix-repo-1.0-1.noarch.rpm \ diff --git a/debian/Dockerfile b/debian/Dockerfile index 53fe4ef..9cd1482 100644 --- a/debian/Dockerfile +++ b/debian/Dockerfile @@ -17,7 +17,7 @@ FROM debian:bullseye-slim -ARG APISIX_VERSION=2.15.2 +ARG APISIX_VERSION=2.15.3 RUN set -ex; \ arch=$(dpkg --print-architecture); \
[apisix-docker] branch release/apisix-2.15.3 created (now 4153a4c)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a change to branch release/apisix-2.15.3 in repository https://gitbox.apache.org/repos/asf/apisix-docker.git at 4153a4c chore: release APISIX 2.15.3 This branch includes the following new commits: new 4153a4c chore: release APISIX 2.15.3 The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
[apisix] branch master updated: feat: ready to release 2.15.3 (#9021)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new c159f04d8 feat: ready to release 2.15.3 (#9021) c159f04d8 is described below commit c159f04d845c6cdf2dbb32931da7af127bdb60a6 Author: 罗泽轩 AuthorDate: Wed Mar 8 11:16:25 2023 +0800 feat: ready to release 2.15.3 (#9021) --- CHANGELOG.md | 7 +++ docs/zh/latest/CHANGELOG.md | 5 ++ rockspec/apisix-2.15.3-0.rockspec | 102 ++ 3 files changed, 114 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index c4fd36644..0097b2ef9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -27,6 +27,7 @@ title: Changelog - [3.1.0](#310) - [3.0.0](#300) - [3.0.0-beta](#300-beta) +- [2.15.3](#2153) - [2.15.2](#2152) - [2.15.1](#2151) - [2.15.0](#2150) @@ -339,6 +340,12 @@ Returns multiple configurations: - avoid error when multiple plugins associated with consumer and have rewrite phase: [#7531](https://github.com/apache/apisix/pull/7531) - upgrade lua-resty-etcd to 1.8.3 which fixes various issues: [#7565](https://github.com/apache/apisix/pull/7565) +## 2.15.3 + +**This is an LTS maintenance release and you can see the CHANGELOG in `release/2.15` branch.** + +[https://github.com/apache/apisix/blob/release/2.15/CHANGELOG.md#2153](https://github.com/apache/apisix/blob/release/2.15/CHANGELOG.md#2153) + ## 2.15.2 **This is an LTS maintenance release and you can see the CHANGELOG in `release/2.15` branch.** diff --git a/docs/zh/latest/CHANGELOG.md b/docs/zh/latest/CHANGELOG.md index 3801d681e..f8f8cad63 100644 --- a/docs/zh/latest/CHANGELOG.md +++ b/docs/zh/latest/CHANGELOG.md @@ -27,6 +27,7 @@ title: CHANGELOG - [3.1.0](#310) - [3.0.0](#300) - [3.0.0-beta](#300-beta) +- [2.15.3](#2153) - [2.15.2](#2152) - [2.15.1](#2151) - [2.15.0](#2150) @@ -337,6 +338,10 @@ title: CHANGELOG - 当 consumer 上绑定了多个插件且该插件定义了 rewrite 方法时,避免抛出异常 [#7531](https://github.com/apache/apisix/pull/7531) - 升级 lua-resty-etcd 到 1.8.3。该版本修复了若干问题。 [#7565](https://github.com/apache/apisix/pull/7565) +## 2.15.3 + +**这是一个 LTS 维护版本,您可以在 `release/2.15` 分支中看到 CHANGELOG。** + ## 2.15.2 **这是一个 LTS 维护版本,您可以在 `release/2.15` 分支中看到 CHANGELOG。** diff --git a/rockspec/apisix-2.15.3-0.rockspec b/rockspec/apisix-2.15.3-0.rockspec new file mode 100644 index 0..18ae0acbc --- /dev/null +++ b/rockspec/apisix-2.15.3-0.rockspec @@ -0,0 +1,102 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one or more +-- contributor license agreements. See the NOTICE file distributed with +-- this work for additional information regarding copyright ownership. +-- The ASF licenses this file to You under the Apache License, Version 2.0 +-- (the "License"); you may not use this file except in compliance with +-- the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. +-- + +package = "apisix" +version = "2.15.3-0" +supported_platforms = {"linux", "macosx"} + +source = { +url = "git://github.com/apache/apisix", +branch = "2.15.3", +} + +description = { +summary = "Apache APISIX is a cloud-native microservices API gateway, delivering the ultimate performance, security, open source and scalable platform for all your APIs and microservices.", +homepage = "https://github.com/apache/apisix;, +license = "Apache License 2.0", +} + +dependencies = { +"lua-resty-ctxdump = 0.1-0", +"lua-resty-dns-client = 6.0.2", +"lua-resty-template = 2.0", +"lua-resty-etcd = 1.8.3", +"api7-lua-resty-http = 0.2.0", +"lua-resty-balancer = 0.04", +"lua-resty-ngxvar = 0.5.2", +"lua-resty-jit-uuid = 0.0.7", +"lua-resty-healthcheck-api7 = 2.2.1", +"api7-lua-resty-jwt = 0.2.4", +"lua-resty-hmac-ffi = 0.05", +"lua-resty-cookie = 0.1.0", +"lua-resty-session = 3.10", +"opentracing-openresty = 0.1", +"lua-resty-radixtree = 2.8.2", +"lua-protobuf = 0.3.4", +"lua-resty-openidc = 1.7.5", +"luafilesystem = 1.7.0-2", +"api7-lua-tinyyaml = 0.4.2", +"nginx-lua-prometheus = 0.20220527", +"jsonschema = 0.9.8", +"lua-resty-ipmatcher = 0.6.1", +&qu
[apisix-docker] branch release/apisix-3.2.0 created (now d9a5a0a)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a change to branch release/apisix-3.2.0 in repository https://gitbox.apache.org/repos/asf/apisix-docker.git at d9a5a0a chore: release APISIX 3.2.0 (#437) No new revisions were added by this update.
[apisix-docker] branch master updated: chore: release APISIX 3.2.0 (#437)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix-docker.git The following commit(s) were added to refs/heads/master by this push: new d9a5a0a chore: release APISIX 3.2.0 (#437) d9a5a0a is described below commit d9a5a0ae935bee50debd08eb5a2a0ade820995fc Author: 罗泽轩 AuthorDate: Wed Mar 8 09:51:44 2023 +0800 chore: release APISIX 3.2.0 (#437) --- .github/workflows/apisix-docker-example-test.yaml | 2 +- .github/workflows/apisix_push_docker_hub.yaml | 2 +- Makefile | 4 ++-- centos/Dockerfile | 2 +- debian/Dockerfile | 2 +- example/docker-compose-arm64.yml | 2 +- example/docker-compose.yml| 2 +- 7 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/apisix-docker-example-test.yaml b/.github/workflows/apisix-docker-example-test.yaml index a47669a..5733c02 100644 --- a/.github/workflows/apisix-docker-example-test.yaml +++ b/.github/workflows/apisix-docker-example-test.yaml @@ -14,7 +14,7 @@ on: - 'release/apisix-2.15.**' env: - APISIX_VERSION: "3.1.0" + APISIX_VERSION: "3.2.0" jobs: prepare: diff --git a/.github/workflows/apisix_push_docker_hub.yaml b/.github/workflows/apisix_push_docker_hub.yaml index 803fe92..99989b0 100644 --- a/.github/workflows/apisix_push_docker_hub.yaml +++ b/.github/workflows/apisix_push_docker_hub.yaml @@ -13,7 +13,7 @@ jobs: - centos - debian env: - APISIX_DOCKER_TAG: 3.1.0-${{ matrix.platform }} + APISIX_DOCKER_TAG: 3.2.0-${{ matrix.platform }} steps: - name: Check out the repo diff --git a/Makefile b/Makefile index c9d8373..c2fd8d0 100644 --- a/Makefile +++ b/Makefile @@ -21,8 +21,8 @@ SHELL := bash # APISIX ARGS -APISIX_VERSION ?= 3.1.0 -MAX_APISIX_VERSION ?= 3.1.0 +APISIX_VERSION ?= 3.2.0 +MAX_APISIX_VERSION ?= 3.2.0 IMAGE_NAME = apache/apisix IMAGE_TAR_NAME = apache_apisix diff --git a/centos/Dockerfile b/centos/Dockerfile index bafcf07..d494f80 100644 --- a/centos/Dockerfile +++ b/centos/Dockerfile @@ -17,7 +17,7 @@ FROM centos:7 -ARG APISIX_VERSION=3.1.0 +ARG APISIX_VERSION=3.2.0 LABEL apisix_version="${APISIX_VERSION}" RUN yum install -y https://repos.apiseven.com/packages/centos/apache-apisix-repo-1.0-1.noarch.rpm \ diff --git a/debian/Dockerfile b/debian/Dockerfile index c0c1f72..3957781 100644 --- a/debian/Dockerfile +++ b/debian/Dockerfile @@ -17,7 +17,7 @@ FROM debian:bullseye-slim -ARG APISIX_VERSION=3.1.0 +ARG APISIX_VERSION=3.2.0 RUN set -ex; \ arch=$(dpkg --print-architecture); \ diff --git a/example/docker-compose-arm64.yml b/example/docker-compose-arm64.yml index 81f13ed..7689c40 100644 --- a/example/docker-compose-arm64.yml +++ b/example/docker-compose-arm64.yml @@ -29,7 +29,7 @@ services: apisix: apisix: -image: apache/apisix:3.1.0-debian +image: apache/apisix:3.2.0-debian restart: always volumes: - ./apisix_conf/config.yaml:/usr/local/apisix/conf/config.yaml:ro diff --git a/example/docker-compose.yml b/example/docker-compose.yml index cb5c060..af61add 100644 --- a/example/docker-compose.yml +++ b/example/docker-compose.yml @@ -29,7 +29,7 @@ services: apisix: apisix: -image: apache/apisix:${APISIX_IMAGE_TAG:-3.1.0-debian} +image: apache/apisix:${APISIX_IMAGE_TAG:-3.2.0-debian} restart: always volumes: - ./apisix_conf/config.yaml:/usr/local/apisix/conf/config.yaml:ro
[apisix] branch master updated: ci: ensure the test can run with different repo name (#8832)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new dc4272a3b ci: ensure the test can run with different repo name (#8832) dc4272a3b is described below commit dc4272a3bf7fd16ab533bea3e4243a9daadb39e3 Author: 罗泽轩 AuthorDate: Wed Mar 8 08:49:22 2023 +0800 ci: ensure the test can run with different repo name (#8832)
[apisix] tag 2.15.3 created (now f832ea250)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a change to tag 2.15.3 in repository https://gitbox.apache.org/repos/asf/apisix.git at f832ea250 (commit) No new revisions were added by this update.
[apisix] branch master updated (1acee1b68 -> d8fd3676e)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git from 1acee1b68 docs: improved SEO & fixed typo and localization issues (#8993) add d8fd3676e chore(deps): bump golang.org/x/net from 0.0.0-20220722155237-a158d28d115b to 0.7.0 in /ci/pod/openfunction/function-example/test-uri (#9018) No new revisions were added by this update. Summary of changes: ci/pod/openfunction/function-example/test-uri/go.mod | 6 +++--- ci/pod/openfunction/function-example/test-uri/go.sum | 11 +++ 2 files changed, 10 insertions(+), 7 deletions(-)
[apisix] branch release/3.2 created (now 80dc845ce)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a change to branch release/3.2 in repository https://gitbox.apache.org/repos/asf/apisix.git at 80dc845ce feat: release APISIX 3.2.0 No new revisions were added by this update.
[apisix] tag 3.2.0 created (now 69df73490)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a change to tag 3.2.0 in repository https://gitbox.apache.org/repos/asf/apisix.git at 69df73490 (commit) No new revisions were added by this update.
[apisix] branch master updated (4eafebcc1 -> 69df73490)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git from 4eafebcc1 docs: fix grammar (#8935) add 69df73490 feat: release APISIX 3.2.0 (#8988) No new revisions were added by this update. Summary of changes: .asf.yaml | 4 ++ CHANGELOG.md | 43 ++ apisix/core/version.lua| 2 +- docs/en/latest/building-apisix.md | 2 +- docs/en/latest/config.json | 2 +- docs/zh/latest/CHANGELOG.md| 43 ++ docs/zh/latest/building-apisix.md | 2 +- docs/zh/latest/config.json | 2 +- ...x-master-0.rockspec => apisix-3.2.0-0.rockspec} | 4 +- 9 files changed, 97 insertions(+), 7 deletions(-) copy rockspec/{apisix-master-0.rockspec => apisix-3.2.0-0.rockspec} (98%)
[apisix] branch release/2.15 updated: feat: release APISIX 2.15.3 (#8999)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch release/2.15 in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/release/2.15 by this push: new f832ea250 feat: release APISIX 2.15.3 (#8999) f832ea250 is described below commit f832ea2502ce2696b0e7390a1572ab7000fef344 Author: 罗泽轩 AuthorDate: Fri Mar 3 16:13:39 2023 +0800 feat: release APISIX 2.15.3 (#8999) --- CHANGELOG.md | 8 +++ apisix/core/version.lua | 2 +- docs/en/latest/building-apisix.md | 2 +- docs/en/latest/config.json| 2 +- docs/zh/latest/CHANGELOG.md | 8 +++ docs/zh/latest/building-apisix.md | 2 +- docs/zh/latest/config.json| 2 +- rockspec/apisix-2.15.3-0.rockspec | 102 ++ 8 files changed, 123 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c2ec28273..81dcae979 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -23,6 +23,7 @@ title: Changelog ## Table of Contents +- [2.15.3](#2153) - [2.15.2](#2152) - [2.15.1](#2151) - [2.15.0](#2150) @@ -62,6 +63,13 @@ title: Changelog - [0.7.0](#070) - [0.6.0](#060) +## 2.15.3 + +### Bugfix + +- Fix mTLS protection when the host and SNI mismatch: [#8967](https://github.com/apache/apisix/pull/8967) +- The proxy-rewrite plugin should escape URI parameter parts if they do not come from user config: [#](https://github.com/apache/apisix/pull/) + ## 2.15.2 ### Bugfix diff --git a/apisix/core/version.lua b/apisix/core/version.lua index 241eb5e7b..fd849428d 100644 --- a/apisix/core/version.lua +++ b/apisix/core/version.lua @@ -20,5 +20,5 @@ -- @module core.version return { -VERSION = "2.15.2" +VERSION = "2.15.3" } diff --git a/docs/en/latest/building-apisix.md b/docs/en/latest/building-apisix.md index d33cece2e..40b652a5e 100644 --- a/docs/en/latest/building-apisix.md +++ b/docs/en/latest/building-apisix.md @@ -52,7 +52,7 @@ curl https://raw.githubusercontent.com/apache/apisix/master/utils/install-depend Then, create a directory and set the environment variable `APISIX_VERSION`: ```shell -APISIX_VERSION='2.15.2' +APISIX_VERSION='2.15.3' mkdir apisix-${APISIX_VERSION} ``` diff --git a/docs/en/latest/config.json b/docs/en/latest/config.json index 609e2c496..dd58b31eb 100644 --- a/docs/en/latest/config.json +++ b/docs/en/latest/config.json @@ -1,5 +1,5 @@ { - "version": "2.15.2", + "version": "2.15.3", "sidebar": [ { "type": "category", diff --git a/docs/zh/latest/CHANGELOG.md b/docs/zh/latest/CHANGELOG.md index 5dfd33e25..5a35b03c8 100644 --- a/docs/zh/latest/CHANGELOG.md +++ b/docs/zh/latest/CHANGELOG.md @@ -23,6 +23,7 @@ title: CHANGELOG ## Table of Contents +- [2.15.3](#2153) - [2.15.2](#2152) - [2.15.1](#2151) - [2.15.0](#2150) @@ -62,6 +63,13 @@ title: CHANGELOG - [0.7.0](#070) - [0.6.0](#060) +## 2.15.3 + +### Bugfix + +- 修复 Host 和 SNI 不匹配时,mTLS 失效的问题:[#8967](https://github.com/apache/apisix/pull/8967) +- 如果 URI 参数部分不来自于用户配置,proxy-rewrite 插件应当对其转义:[#](https://github.com/apache/apisix/pull/) + ## 2.15.2 ### Bugfix diff --git a/docs/zh/latest/building-apisix.md b/docs/zh/latest/building-apisix.md index b07933b0d..b9816cf59 100644 --- a/docs/zh/latest/building-apisix.md +++ b/docs/zh/latest/building-apisix.md @@ -53,7 +53,7 @@ curl https://raw.githubusercontent.com/apache/apisix/master/utils/install-depend 然后,创建一个目录并设置环境变量 `APISIX_VERSION`: ```shell -APISIX_VERSION='2.15.2' +APISIX_VERSION='2.15.3' mkdir apisix-${APISIX_VERSION} ``` diff --git a/docs/zh/latest/config.json b/docs/zh/latest/config.json index a1b3dc41e..8c9219b4f 100644 --- a/docs/zh/latest/config.json +++ b/docs/zh/latest/config.json @@ -1,5 +1,5 @@ { - "version": "2.15.2", + "version": "2.15.3", "sidebar": [ { "type": "category", diff --git a/rockspec/apisix-2.15.3-0.rockspec b/rockspec/apisix-2.15.3-0.rockspec new file mode 100644 index 0..18ae0acbc --- /dev/null +++ b/rockspec/apisix-2.15.3-0.rockspec @@ -0,0 +1,102 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one or more +-- contributor license agreements. See the NOTICE file distributed with +-- this work for additional information regarding copyright ownership. +-- The ASF licenses this file to You under the Apache License, Version 2.0 +-- (the "License"); you may not use this file except in compliance with +-- the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS O
[apisix] 02/02: fix: handle host & SNI mismatch in mTLS (#8967)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch release/2.15 in repository https://gitbox.apache.org/repos/asf/apisix.git commit 518410e9bbb9c6a2ea861104ec116c396103c3dc Author: 罗泽轩 AuthorDate: Wed Mar 1 17:49:21 2023 +0800 fix: handle host & SNI mismatch in mTLS (#8967) --- .github/workflows/centos7-ci.yml| 2 +- .github/workflows/fuzzing-ci.yaml | 1 + apisix/init.lua | 51 - apisix/ssl/router/radixtree_sni.lua | 24 +++-- docs/en/latest/mtls.md | 2 + docs/zh/latest/mtls.md | 2 + t/node/client-mtls-openresty.t | 161 +++- t/node/client-mtls.t| 203 8 files changed, 432 insertions(+), 14 deletions(-) diff --git a/.github/workflows/centos7-ci.yml b/.github/workflows/centos7-ci.yml index 920e17522..b7ba38caf 100644 --- a/.github/workflows/centos7-ci.yml +++ b/.github/workflows/centos7-ci.yml @@ -90,7 +90,7 @@ jobs: env: TEST_FILE_SUB_DIR: ${{ matrix.test_dir }} run: | -docker run -itd -v /home/runner/work/apisix/apisix:/apisix --env TEST_FILE_SUB_DIR="$TEST_FILE_SUB_DIR" --name centos7Instance --net="host" --dns 8.8.8.8 --dns-search apache.org docker.io/centos:7 /bin/bash +docker run -itd -v ${{ github.workspace }}:/apisix --env TEST_FILE_SUB_DIR="$TEST_FILE_SUB_DIR" --name centos7Instance --net="host" --dns 8.8.8.8 --dns-search apache.org docker.io/centos:7 /bin/bash # docker exec centos7Instance bash -c "cp -r /tmp/apisix ./" - name: Start CI env (FIRST_TEST) diff --git a/.github/workflows/fuzzing-ci.yaml b/.github/workflows/fuzzing-ci.yaml index 757bb93b7..f08b42cc1 100644 --- a/.github/workflows/fuzzing-ci.yaml +++ b/.github/workflows/fuzzing-ci.yaml @@ -69,6 +69,7 @@ jobs: - name: run simpleroute test run: | +export APISIX_FUZZING_PWD=$PWD python $PWD/t/fuzzing/simpleroute_test.py - name: run serverless route test diff --git a/apisix/init.lua b/apisix/init.lua index 96068894f..0d69f91d4 100644 --- a/apisix/init.lua +++ b/apisix/init.lua @@ -267,6 +267,51 @@ local function verify_tls_client(ctx) end +local function verify_https_client(ctx) +local scheme = ctx.var.scheme +if scheme ~= "https" then +return true +end + +local host = ctx.var.host +local matched = router.router_ssl.match_and_set(ctx, true, host) +if not matched then +return true +end + +local matched_ssl = ctx.matched_ssl +if matched_ssl.value.client and apisix_ssl.support_client_verification() then +local verified = apisix_base_flags.client_cert_verified_in_handshake +if not verified then +-- vanilla OpenResty requires to check the verification result +local res = ctx.var.ssl_client_verify +if res ~= "SUCCESS" then +if res == "NONE" then +core.log.error("client certificate was not present") +else +core.log.error("client certificate verification is not passed: ", res) +end + +return false +end +end + +local sni = apisix_ssl.server_name() +if sni ~= host then +-- There is a case that the user configures a SSL object with `*.domain`, +-- and the client accesses with SNI `a.domain` but uses Host `b.domain`. +-- This case is complex and we choose to restrict the access until there +-- is a stronge demand in real world. +core.log.error("client certificate verified with SNI ", sni, + ", but the host is ", host) +return false +end +end + +return true +end + + local function normalize_uri_like_servlet(uri) local found = core.string.find(uri, ';') if not found then @@ -329,12 +374,12 @@ function _M.http_access_phase() local api_ctx = core.tablepool.fetch("api_ctx", 0, 32) ngx_ctx.api_ctx = api_ctx -if not verify_tls_client(api_ctx) then +core.ctx.set_vars_meta(api_ctx) + +if not verify_https_client(api_ctx) then return core.response.exit(400) end -core.ctx.set_vars_meta(api_ctx) - debug.dynamic_debug(api_ctx) local uri = api_ctx.var.uri diff --git a/apisix/ssl/router/radixtree_sni.lua b/apisix/ssl/router/radixtree_sni.lua index 891d8d21d..2b4ec81e4 100644 --- a/apisix/ssl/router/radixtree_sni.lua +++ b/apisix/ssl/router/radixtree_sni.lua @@ -118,7 +118,7 @@ local function set_pem_ssl_key(sni, cert, pkey) end -function _M.match_and_set(api_ctx, match_only) +function _M.match_and_set(api_ctx, match_only, alt_sni) local err if not radixtree_router or
[apisix] branch release/2.15 updated (a9ac45e34 -> 518410e9b)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a change to branch release/2.15 in repository https://gitbox.apache.org/repos/asf/apisix.git from a9ac45e34 feat: release 2.15.2 (#8754) new ca0c7d9da fix(proxy-rewrite): escape args part if it's not from user conf (#) new 518410e9b fix: handle host & SNI mismatch in mTLS (#8967) The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .github/workflows/centos7-ci.yml| 2 +- .github/workflows/fuzzing-ci.yaml | 1 + apisix/core/utils.lua | 8 +- apisix/init.lua | 51 - apisix/plugins/proxy-rewrite.lua| 27 - apisix/ssl/router/radixtree_sni.lua | 24 +++-- docs/en/latest/mtls.md | 2 + docs/zh/latest/mtls.md | 2 + t/node/client-mtls-openresty.t | 161 +++- t/node/client-mtls.t| 203 t/plugin/proxy-rewrite3.t | 168 - 11 files changed, 625 insertions(+), 24 deletions(-)
[apisix] 01/02: fix(proxy-rewrite): escape args part if it's not from user conf (#8888)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch release/2.15 in repository https://gitbox.apache.org/repos/asf/apisix.git commit ca0c7d9da8e4b0241720a5fc46baa5baad826f74 Author: 罗泽轩 AuthorDate: Fri Feb 24 09:31:08 2023 +0800 fix(proxy-rewrite): escape args part if it's not from user conf (#) --- apisix/core/utils.lua| 8 +- apisix/plugins/proxy-rewrite.lua | 27 +-- t/plugin/proxy-rewrite3.t| 168 ++- 3 files changed, 193 insertions(+), 10 deletions(-) diff --git a/apisix/core/utils.lua b/apisix/core/utils.lua index f72996b78..01c8b34c8 100644 --- a/apisix/core/utils.lua +++ b/apisix/core/utils.lua @@ -293,6 +293,7 @@ do local _ctx local n_resolved local pat = [[(?= 300 then +ngx.status = code +end +ngx.say(body) +} +} +--- request +GET /t +--- response_body +passed + + + +=== TEST 15: hit with CRLF +--- request +GET /hello%3f0z=700%26a=c%20HTTP/1.1%0D%0AHost:google.com%0d%0a%0d%0a +--- http_config +server { +listen 8125; +location / { +content_by_lua_block { +ngx.say(ngx.var.host) +ngx.say(ngx.var.request_uri) +} +} +} +--- response_body +test..com +/hello%3F0z=700=c%20HTTP/1.1%0D%0AHost:google.com%0D%0A%0D%0A + + + +=== TEST 16: set route with uri +--- config +location /t { +content_by_lua_block { +local t = require("lib.test_admin").test +local code, body = t('/apisix/admin/routes/1', +ngx.HTTP_PUT, +[[{ + "plugins": { + "proxy-rewrite": { + "uri": "/$uri/remain", + "host": "test..com" + } + }, + "upstream": { + "nodes": { + "127.0.0.1:8125": 1 + }, + "type": "roundrobin" + }, + "uri": "/hello*" + }]] + ) + +if code >= 300 then +ngx.status = code +end +ngx.say(body) +} +} +--- request +GET /t +--- response_body +passed + + + +=== TEST 17: hit with CRLF +--- request +GET /hello%3f0z=700%26a=c%20HTTP/1.1%0D%0AHost:google.com%0d%0a%0d%0a +--- http_config +server { +listen 8125; +location / { +content_by_lua_block { +ngx.say(ngx.var.host) +ngx.say(ngx.var.request_uri) +} +} +} +--- response_body +test..com +//hello%253F0z=700=c%20HTTP/1.1%0D%0AHost:google.com%0D%0A%0D%0A/remain + + + +=== TEST 18: regex_uri with args +--- config +location /t { +content_by_lua_block { +local t = require("lib.test_admin").test +local code, body = t('/apisix/admin/routes/1', +ngx.HTTP_PUT, +[[{ + "plugins": { + "proxy-rewrite": { + "regex_uri": ["^/test/(.*)/(.*)/(.*)", "/$1_$2_$3?a=c"] + } + }, + "upstream": { + "nodes": { + "127.0.0.1:8125": 1 + }, + "type": "roundrobin" + }, + "uri": "/test/*" + }]] + ) + +if code >= 300 then +ngx.status = code +end +ngx.say(body) +} +} +--- request +GET /t +--- response_body +passed + + + +=== TEST 19: hit +--- request +GET /test/plugin/proxy/rewrite HTTP/1.1 +--- http_config +server { +listen 8125; +location / { +content_by_lua_block { +ngx.say(ngx.var.request_uri) +} +} +} +--- response_body +/plugin_proxy_rewrite?a=c
[apisix] branch release/3.2 created (now 80dc845ce)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a change to branch release/3.2 in repository https://gitbox.apache.org/repos/asf/apisix.git at 80dc845ce feat: release APISIX 3.2.0 No new revisions were added by this update.
[apisix] branch master updated: fix: handle host & SNI mismatch in mTLS (#8967)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new 01e9c1ae8 fix: handle host & SNI mismatch in mTLS (#8967) 01e9c1ae8 is described below commit 01e9c1ae8671367d5ff22523b2706546bee6292f Author: 罗泽轩 AuthorDate: Wed Mar 1 17:49:21 2023 +0800 fix: handle host & SNI mismatch in mTLS (#8967) --- .github/workflows/centos7-ci.yml| 2 +- .github/workflows/fuzzing-ci.yaml | 1 + apisix/init.lua | 51 - apisix/ssl/router/radixtree_sni.lua | 24 +++-- docs/en/latest/mtls.md | 2 + docs/zh/latest/mtls.md | 2 + t/node/client-mtls-openresty.t | 159 t/node/client-mtls.t| 203 8 files changed, 431 insertions(+), 13 deletions(-) diff --git a/.github/workflows/centos7-ci.yml b/.github/workflows/centos7-ci.yml index b395bd724..60ea0a15d 100644 --- a/.github/workflows/centos7-ci.yml +++ b/.github/workflows/centos7-ci.yml @@ -100,7 +100,7 @@ jobs: env: TEST_FILE_SUB_DIR: ${{ matrix.test_dir }} run: | -docker run -itd -v /home/runner/work/apisix/apisix:/apisix --env TEST_FILE_SUB_DIR="$TEST_FILE_SUB_DIR" --name centos7Instance --net="host" --dns 8.8.8.8 --dns-search apache.org docker.io/centos:7 /bin/bash +docker run -itd -v ${{ github.workspace }}:/apisix --env TEST_FILE_SUB_DIR="$TEST_FILE_SUB_DIR" --name centos7Instance --net="host" --dns 8.8.8.8 --dns-search apache.org docker.io/centos:7 /bin/bash # docker exec centos7Instance bash -c "cp -r /tmp/apisix ./" - name: Cache images diff --git a/.github/workflows/fuzzing-ci.yaml b/.github/workflows/fuzzing-ci.yaml index 028befccc..ec3701532 100644 --- a/.github/workflows/fuzzing-ci.yaml +++ b/.github/workflows/fuzzing-ci.yaml @@ -69,6 +69,7 @@ jobs: - name: run tests run: | +export APISIX_FUZZING_PWD=$PWD python $PWD/t/fuzzing/simpleroute_test.py python $PWD/t/fuzzing/serverless_route_test.py python $PWD/t/fuzzing/vars_route_test.py diff --git a/apisix/init.lua b/apisix/init.lua index b518f0e30..388af426e 100644 --- a/apisix/init.lua +++ b/apisix/init.lua @@ -304,6 +304,51 @@ local function verify_tls_client(ctx) end +local function verify_https_client(ctx) +local scheme = ctx.var.scheme +if scheme ~= "https" then +return true +end + +local host = ctx.var.host +local matched = router.router_ssl.match_and_set(ctx, true, host) +if not matched then +return true +end + +local matched_ssl = ctx.matched_ssl +if matched_ssl.value.client and apisix_ssl.support_client_verification() then +local verified = apisix_base_flags.client_cert_verified_in_handshake +if not verified then +-- vanilla OpenResty requires to check the verification result +local res = ctx.var.ssl_client_verify +if res ~= "SUCCESS" then +if res == "NONE" then +core.log.error("client certificate was not present") +else +core.log.error("client certificate verification is not passed: ", res) +end + +return false +end +end + +local sni = apisix_ssl.server_name() +if sni ~= host then +-- There is a case that the user configures a SSL object with `*.domain`, +-- and the client accesses with SNI `a.domain` but uses Host `b.domain`. +-- This case is complex and we choose to restrict the access until there +-- is a stronge demand in real world. +core.log.error("client certificate verified with SNI ", sni, + ", but the host is ", host) +return false +end +end + +return true +end + + local function normalize_uri_like_servlet(uri) local found = core.string.find(uri, ';') if not found then @@ -475,12 +520,12 @@ function _M.http_access_phase() local api_ctx = core.tablepool.fetch("api_ctx", 0, 32) ngx_ctx.api_ctx = api_ctx -if not verify_tls_client(api_ctx) then +core.ctx.set_vars_meta(api_ctx) + +if not verify_https_client(api_ctx) then return core.response.exit(400) end -core.ctx.set_vars_meta(api_ctx) - debug.dynamic_debug(api_ctx) local uri = api_ctx.var.uri diff --git a/apisix/ssl/router/radixtree_sni.lua b/apisix/ssl/router/radixtree_sni.lua index 32a326e42..fd1f55c39 100644 --- a/apisix/ssl/router/radixtree_sni.lua +++ b/apisix/ssl/router/radixtree_sni.lua @@ -142,7 +142,7 @@ functi
[apisix] branch master updated: refactor(admin): secrets and ssls (#8911)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new 7d676f3bd refactor(admin): secrets and ssls (#8911) 7d676f3bd is described below commit 7d676f3bdf256c883c74b30bcdebb48bfbd97a28 Author: dongjunduo AuthorDate: Wed Mar 1 17:49:08 2023 +0800 refactor(admin): secrets and ssls (#8911) --- apisix/admin/init.lua | 18 +--- apisix/admin/resource.lua | 147 +++ apisix/admin/secrets.lua | 183 ++ apisix/admin/ssl.lua | 219 ++ 4 files changed, 149 insertions(+), 418 deletions(-) diff --git a/apisix/admin/init.lua b/apisix/admin/init.lua index 5afbff096..072a58435 100644 --- a/apisix/admin/init.lua +++ b/apisix/admin/init.lua @@ -204,22 +204,10 @@ local function run() end local code, data -local refactored_resources = { -"routes", -"stream_routes", -"upstreams", -"protos", -"global_rules", -"services", -"consumer_groups", -"plugin_configs", -"consumers", -"plugin_metadata", -} -if core.table.array_find(refactored_resources, seg_res) then -code, data = resource[method](resource, seg_id, req_body, seg_sub_path, uri_args) -else +if seg_res == "schema" or seg_res == "plugins" then code, data = resource[method](seg_id, req_body, seg_sub_path, uri_args) +else +code, data = resource[method](resource, seg_id, req_body, seg_sub_path, uri_args) end if code then diff --git a/apisix/admin/resource.lua b/apisix/admin/resource.lua index 59689a2af..ac204dcf5 100644 --- a/apisix/admin/resource.lua +++ b/apisix/admin/resource.lua @@ -16,6 +16,7 @@ -- local core = require("apisix.core") local utils = require("apisix.admin.utils") +local apisix_ssl = require("apisix.ssl") local setmetatable = setmetatable local tostring = tostring local type = type @@ -37,7 +38,21 @@ local no_id_res = { } -function _M:check_conf(id, conf, need_id) +local function split_typ_and_id(id, sub_path) +local uri_segs = core.utils.split_uri(sub_path) +local typ = id +local id = nil +if #uri_segs > 0 then +id = uri_segs[1] +end +return typ, id +end + + +function _M:check_conf(id, conf, need_id, typ) +if self.name == "secrets" then +id = typ .. "/" .. id +end -- check if missing configurations if not conf then return nil, {error_msg = "missing configurations"} @@ -61,11 +76,14 @@ function _M:check_conf(id, conf, need_id) conf.id = id end -core.log.info("schema: ", core.json.delay_encode(self.schema)) core.log.info("conf : ", core.json.delay_encode(conf)) -- check the resource own rules -local ok, err = self.checker(id, conf, need_id, self.schema) +if self.name ~= "secrets" then +core.log.info("schema: ", core.json.delay_encode(self.schema)) +end + +local ok, err = self.checker(id, conf, need_id, self.schema, typ) if not ok then return ok, err @@ -79,13 +97,22 @@ function _M:check_conf(id, conf, need_id) end -function _M:get(id) +function _M:get(id, conf, sub_path) if core.table.array_find(self.unsupported_methods, "get") then return 405, {error_msg = "not supported `GET` method for " .. self.kind} end local key = "/" .. self.name +local typ = nil +if self.name == "secrets" then +key = key .. "/" +typ, id = split_typ_and_id(id, sub_path) +end + if id then +if self.name == "secrets" then +key = key .. typ +end key = key .. "/" .. id end @@ -95,6 +122,13 @@ function _M:get(id) return 503, {error_msg = err} end +if self.name == "ssls" then +-- not return private key for security +if res.body and res.body.node and res.body.node.value then +res.body.node.value.key = nil +end +end + utils.fix_count(res.body, id) return res.status, res.body end @@ -110,6 +144,17 @@ function _M:post(id, conf, sub_path, args) return 400, err end +if self.name == "ssls" then +-- encrypt private key +conf.key = apisix_ssl.aes_encrypt_pkey(conf.key) + +if conf.keys then +for i = 1, #conf.keys do +conf.keys[i] = apisix_ssl.aes_encrypt_pkey(conf.keys[i]) +end +end +end +
[apisix] branch master updated (789e1222f -> ab64aeda0)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git from 789e1222f feat(cli): support reserved environment variable "APISIX_DEPLOYMENT_E… (#8898) add ab64aeda0 feat: add degraphql plugin (#8959) No new revisions were added by this update. Summary of changes: apisix/plugins/degraphql.lua | 160 ci/pod/docker-compose.plugin.yml | 6 + .../openfunction/function-example/test-uri/go.mod | 2 +- .../openfunction/function-example/test-uri/go.sum | 1 - conf/config-default.yaml | 1 + docs/en/latest/config.json | 1 + docs/en/latest/plugins/degraphql.md| 328 t/admin/plugins.t | 1 + t/plugin/degraphql.t | 422 + 9 files changed, 920 insertions(+), 2 deletions(-) create mode 100644 apisix/plugins/degraphql.lua create mode 100644 docs/en/latest/plugins/degraphql.md create mode 100644 t/plugin/degraphql.t
[apisix] branch master updated (376ea7f63 -> 789e1222f)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git from 376ea7f63 feat: Support clickhouse-logger plugin log option of request/response body (#8722) add 789e1222f feat(cli): support reserved environment variable "APISIX_DEPLOYMENT_E… (#8898) No new revisions were added by this update. Summary of changes: apisix/cli/file.lua| 19 +++ apisix/cli/ngx_tpl.lua | 3 +++ t/cli/test_main.sh | 36 3 files changed, 58 insertions(+)
[apisix] branch master updated: feat: Support clickhouse-logger plugin log option of request/response body (#8722)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new 376ea7f63 feat: Support clickhouse-logger plugin log option of request/response body (#8722) 376ea7f63 is described below commit 376ea7f635d6cdea73d2e540620845178f9a4f4c Author: pixelpig <626995...@qq.com> AuthorDate: Wed Mar 1 09:46:46 2023 +0800 feat: Support clickhouse-logger plugin log option of request/response body (#8722) --- apisix/plugins/clickhouse-logger.lua| 21 +++ docs/en/latest/plugins/clickhouse-logger.md | 4 + docs/zh/latest/plugins/clickhouse-logger.md | 4 + t/plugin/clickhouse-logger2.t | 244 4 files changed, 273 insertions(+) diff --git a/apisix/plugins/clickhouse-logger.lua b/apisix/plugins/clickhouse-logger.lua index 2c1208f92..4e6a4c849 100644 --- a/apisix/plugins/clickhouse-logger.lua +++ b/apisix/plugins/clickhouse-logger.lua @@ -41,6 +41,22 @@ local schema = { name = {type = "string", default = "clickhouse logger"}, ssl_verify = {type = "boolean", default = true}, log_format = {type = "object"}, +include_req_body = {type = "boolean", default = false}, +include_req_body_expr = { +type = "array", +minItems = 1, +items = { +type = "array" +} +}, +include_resp_body = {type = "boolean", default = false}, +include_resp_body_expr = { +type = "array", +minItems = 1, +items = { +type = "array" +} +} }, oneOf = { {required = {"endpoint_addr", "user", "password", "database", "logtable"}}, @@ -146,6 +162,11 @@ local function send_http_data(conf, log_message) end +function _M.body_filter(conf, ctx) +log_util.collect_body(conf, ctx) +end + + function _M.log(conf, ctx) local entry = log_util.get_log_entry(plugin_name, conf, ctx) diff --git a/docs/en/latest/plugins/clickhouse-logger.md b/docs/en/latest/plugins/clickhouse-logger.md index 96cb50a7e..b7dccd0f3 100644 --- a/docs/en/latest/plugins/clickhouse-logger.md +++ b/docs/en/latest/plugins/clickhouse-logger.md @@ -45,6 +45,10 @@ The `clickhouse-logger` Plugin is used to push logs to [ClickHouse](https://clic | name | string | False| "clickhouse logger" | | Unique identifier for the logger. | | ssl_verify| boolean | False| true| [true,false] | When set to `true`, verifies SSL. | | log_format | object | False| | | Log format declared as key value pairs in JSON format. Values only support strings. [APISIX](../apisix-variable.md) or [Nginx](http://nginx.org/en/docs/varindex.html) variables can be used by prefixing the string with `$`. | +| include_req_body | boolean | False| false | [false, true] | When set to `true` includes the request body in the log. If the request body is too big to be kept in the memory, it can't be logged due to Nginx's limitations. | +| include_req_body_expr | array | False|| | Filter for when the `include_req_body` attribute is set to `true`. Request body is only logged when the expression set here evaluates to `true`. See [lua-resty-expr](https://github.com/api7/lua-resty-expr) for more. | +| include_resp_body | boolean | False| false | [false, true] | When set to `true` includes the response body in the log. | +| include_resp_body_expr | array | False|| | Filter for when the `include_resp_body` attribute is set to `true`. Response body is only logged when the expression set here evaluates to `true`. See [lua-resty-expr](https://github.com/api7/lua-resty-expr) for more. | NOTE: `encrypt_fields = {&q
[apisix] branch master updated: refactor(admin): refactor admin consumers/plugin_metadata (#8820)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new 7a6dde704 refactor(admin): refactor admin consumers/plugin_metadata (#8820) 7a6dde704 is described below commit 7a6dde704e3815cf311733e982821f62a2b04c00 Author: dongjunduo AuthorDate: Tue Feb 28 09:23:10 2023 +0800 refactor(admin): refactor admin consumers/plugin_metadata (#8820) --- apisix/admin/consumers.lua | 88 +--- apisix/admin/init.lua| 2 + apisix/admin/plugin_metadata.lua | 76 -- apisix/admin/resource.lua| 47 + 4 files changed, 51 insertions(+), 162 deletions(-) diff --git a/apisix/admin/consumers.lua b/apisix/admin/consumers.lua index 7ab0ec1e2..84485231f 100644 --- a/apisix/admin/consumers.lua +++ b/apisix/admin/consumers.lua @@ -16,25 +16,13 @@ -- local core= require("apisix.core") local plugins = require("apisix.admin.plugins") -local utils = require("apisix.admin.utils") +local resource = require("apisix.admin.resource") local plugin = require("apisix.plugin") local pairs = pairs -local _M = { -version = 0.1, -need_v3_filter = true, -} - -local function check_conf(username, conf) --- core.log.error(core.json.encode(conf)) -if not conf then -return nil, {error_msg = "missing configurations"} -end - -core.log.info("schema: ", core.json.delay_encode(core.schema.consumer)) -core.log.info("conf : ", core.json.delay_encode(conf)) -local ok, err = core.schema.check(core.schema.consumer, conf) +local function check_conf(username, conf, need_username, schema) +local ok, err = core.schema.check(schema, conf) if not ok then return nil, {error_msg = "invalid configuration: " .. err} end @@ -82,66 +70,10 @@ local function check_conf(username, conf) end -function _M.put(username, conf) -local consumer_name, err = check_conf(username, conf) -if not consumer_name then -return 400, err -end - -local key = "/consumers/" .. consumer_name -core.log.info("key: ", key) - -local ok, err = utils.inject_conf_with_prev_conf("consumer", key, conf) -if not ok then -return 503, {error_msg = err} -end - -local res, err = core.etcd.set(key, conf) -if not res then -core.log.error("failed to put consumer[", key, "]: ", err) -return 503, {error_msg = err} -end - -return res.status, res.body -end - - -function _M.get(consumer_name) -local key = "/consumers" -if consumer_name then -key = key .. "/" .. consumer_name -end - -local res, err = core.etcd.get(key, not consumer_name) -if not res then -core.log.error("failed to get consumer[", key, "]: ", err) -return 503, {error_msg = err} -end - -utils.fix_count(res.body, consumer_name) -return res.status, res.body -end - - -function _M.post(consumer_name, conf) -return 405, {error_msg = "not supported `POST` method for consumer"} -end - - -function _M.delete(consumer_name) -if not consumer_name then -return 400, {error_msg = "missing consumer name"} -end - -local key = "/consumers/" .. consumer_name -local res, err = core.etcd.delete(key) -if not res then -core.log.error("failed to delete consumer[", key, "]: ", err) -return 503, {error_msg = err} -end - -return res.status, res.body -end - - -return _M +return resource.new({ +name = "consumers", +kind = "consumer", +schema = core.schema.consumer, +checker = check_conf, +unsupported_methods = {"post", "patch"} +}) diff --git a/apisix/admin/init.lua b/apisix/admin/init.lua index 1c139ef7f..5afbff096 100644 --- a/apisix/admin/init.lua +++ b/apisix/admin/init.lua @@ -213,6 +213,8 @@ local function run() "services", "consumer_groups", "plugin_configs", +"consumers", +"plugin_metadata", } if core.table.array_find(refactored_resources, seg_res) then code, data = resource[method](resource, seg_id, req_body, seg_sub_path, uri_args) diff --git a/apisix/admin/plugin_metadata.lua b/apisix/admin/plugin_metadata.lua index 065b60c47..1387ca0ee 100644 --- a/apisix/admin/plugin_metadata.lua +++ b/apisix/admin/plugin_metadata.lua @@ -17,13 +17,10 @@ local pcall = pcall local require = require local core= require("apisix.core") -local utils = require("apisix.admin.utils&
[apisix] branch master updated (0866480e7 -> 466fed28c)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git from 0866480e7 chore(ci): quietify the output of wget commands (#8737) add 466fed28c chore(deps): bump golang.org/x/text from 0.3.7 to 0.3.8 in /ci/pod/openfunction/function-example/test-uri (#8925) No new revisions were added by this update. Summary of changes: ci/pod/openfunction/function-example/test-uri/go.mod | 4 ++-- ci/pod/openfunction/function-example/test-uri/go.sum | 12 ++-- 2 files changed, 12 insertions(+), 4 deletions(-)
[apisix] branch master updated: chore(ci): quietify the output of wget commands (#8737)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new 0866480e7 chore(ci): quietify the output of wget commands (#8737) 0866480e7 is described below commit 0866480e751139ad4937349c1c5217f24308ea2a Author: Abhishek Choudhary AuthorDate: Tue Feb 28 06:27:12 2023 +0530 chore(ci): quietify the output of wget commands (#8737) --- .github/workflows/code-lint.yml | 2 +- Makefile| 4 ++-- ci/centos7-ci.sh| 4 ++-- ci/common.sh| 8 ci/init-plugin-test-service.sh | 2 +- ci/linux-install-etcd-client.sh | 2 +- ci/linux-install-openresty.sh | 2 +- ci/performance_test.sh | 2 +- ci/pod/openfunction/build-function-image.sh | 2 +- utils/linux-install-luarocks.sh | 2 +- 10 files changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/workflows/code-lint.yml b/.github/workflows/code-lint.yml index c8303191b..07a1807f8 100644 --- a/.github/workflows/code-lint.yml +++ b/.github/workflows/code-lint.yml @@ -42,7 +42,7 @@ jobs: - name: Shellcheck code run: | scversion="latest" - wget -O- "https://github.com/koalaman/shellcheck/releases/download/${scversion?}/shellcheck-${scversion?}.linux.x86_64.tar.xz; | tar -xJv + wget -qO- "https://github.com/koalaman/shellcheck/releases/download/${scversion?}/shellcheck-${scversion?}.linux.x86_64.tar.xz; | tar -xJv cp -av "shellcheck-${scversion}/shellcheck" /usr/local/bin/ shellcheck --version git ls-files -- "*.sh" | xargs -t shellcheck diff --git a/Makefile b/Makefile index 385e8ed46..abe654407 100644 --- a/Makefile +++ b/Makefile @@ -172,11 +172,11 @@ undeps: .PHONY: utils utils: ifeq ("$(wildcard utils/lj-releng)", "") - wget -P utils https://raw.githubusercontent.com/iresty/openresty-devel-utils/master/lj-releng + wget -qP utils https://raw.githubusercontent.com/iresty/openresty-devel-utils/master/lj-releng chmod a+x utils/lj-releng endif ifeq ("$(wildcard utils/reindex)", "") - wget -P utils https://raw.githubusercontent.com/iresty/openresty-devel-utils/master/reindex + wget -qP utils https://raw.githubusercontent.com/iresty/openresty-devel-utils/master/reindex chmod a+x utils/reindex endif diff --git a/ci/centos7-ci.sh b/ci/centos7-ci.sh index 8103503d3..5a0339064 100755 --- a/ci/centos7-ci.sh +++ b/ci/centos7-ci.sh @@ -26,7 +26,7 @@ install_dependencies() { git sudo openldap-devel which # curl with http2 -wget https://github.com/moparisthebest/static-curl/releases/download/v7.79.1/curl-amd64 -O /usr/bin/curl +wget https://github.com/moparisthebest/static-curl/releases/download/v7.79.1/curl-amd64 -qO /usr/bin/curl # install openresty to make apisix's rpm test work yum install -y yum-utils && yum-config-manager --add-repo https://openresty.org/package/centos/openresty.repo yum install -y openresty openresty-debug openresty-openssl111-debug-devel pcre pcre-devel @@ -47,7 +47,7 @@ install_dependencies() { # add go1.15 binary to the path mkdir build-cache # centos-7 ci runs on a docker container with the centos image on top of ubuntu host. Go is required inside the container. -cd build-cache/ && wget https://golang.org/dl/go1.17.linux-amd64.tar.gz && tar -xf go1.17.linux-amd64.tar.gz +cd build-cache/ && wget -q https://golang.org/dl/go1.17.linux-amd64.tar.gz && tar -xf go1.17.linux-amd64.tar.gz export PATH=$PATH:$(pwd)/go/bin cd .. # install and start grpc_server_example diff --git a/ci/common.sh b/ci/common.sh index 23602de64..769cc1305 100644 --- a/ci/common.sh +++ b/ci/common.sh @@ -59,7 +59,7 @@ rerun_flaky_tests() { install_grpcurl () { # For more versions, visit https://github.com/fullstorydev/grpcurl/releases GRPCURL_VERSION="1.8.5" -wget https://github.com/fullstorydev/grpcurl/releases/download/v${GRPCURL_VERSION}/grpcurl_${GRPCURL_VERSION}_linux_x86_64.tar.gz +wget -q https://github.com/fullstorydev/grpcurl/releases/download/v${GRPCURL_VERSION}/grpcurl_${GRPCURL_VERSION}_linux_x86_64.tar.gz tar -xvf grpcurl_${GRPCURL_VERSION}_linux_x86_64.tar.gz -C /usr/local/bin } @@ -67,14 +67,14 @@ install_vault_cli () { VAULT_VERSION="1.9.0" # the certificate can't be verified in CentOS7, see # https://blog.devgenius.io/lets-encrypt-change-affects-openssl-1-0-x-and-centos-7-49bd66016af3 -wget --no-check-certificate https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAU
[apisix] branch master updated: chore(deps): bump golang.org/x/sys from 0.0.0-20211019181941-9d821ace8654 to 0.1.0 in /ci/pod/openfunction/function-example/test-body (#8943)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new 8d38884a7 chore(deps): bump golang.org/x/sys from 0.0.0-20211019181941-9d821ace8654 to 0.1.0 in /ci/pod/openfunction/function-example/test-body (#8943) 8d38884a7 is described below commit 8d38884a7ac1d08c529e7f8494fa8ea0d01c1872 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> AuthorDate: Mon Feb 27 09:33:18 2023 +0800 chore(deps): bump golang.org/x/sys from 0.0.0-20211019181941-9d821ace8654 to 0.1.0 in /ci/pod/openfunction/function-example/test-body (#8943) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- ci/pod/openfunction/function-example/test-body/go.mod | 2 +- ci/pod/openfunction/function-example/test-body/go.sum | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/ci/pod/openfunction/function-example/test-body/go.mod b/ci/pod/openfunction/function-example/test-body/go.mod index b9e817019..9b9c54475 100644 --- a/ci/pod/openfunction/function-example/test-body/go.mod +++ b/ci/pod/openfunction/function-example/test-body/go.mod @@ -20,7 +20,7 @@ require ( go.uber.org/multierr v1.7.0 // indirect go.uber.org/zap v1.19.1 // indirect golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f // indirect - golang.org/x/sys v0.0.0-20211019181941-9d821ace8654 // indirect + golang.org/x/sys v0.1.0 // indirect golang.org/x/text v0.3.7 // indirect google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2 // indirect google.golang.org/grpc v1.40.0 // indirect diff --git a/ci/pod/openfunction/function-example/test-body/go.sum b/ci/pod/openfunction/function-example/test-body/go.sum index 1fb1db392..149c3a446 100644 --- a/ci/pod/openfunction/function-example/test-body/go.sum +++ b/ci/pod/openfunction/function-example/test-body/go.sum @@ -1398,8 +1398,9 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211019181941-9d821ace8654 h1:id054HUawV2/6IGm2IV8KZQjqtwAOo2CYlOToYqa0d0= golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U= +golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
[apisix] branch master updated (d3ac217cb -> 451bf1caa)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git from d3ac217cb docs: fix elasticsearch-logger (#8863) add 451bf1caa chore(deps): bump huacnlee/autocorrect-action from 2.6.1 to 2.6.2 (#8930) No new revisions were added by this update. Summary of changes: .github/workflows/doc-lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
[apisix] branch master updated (1606374bf -> e112070b0)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git from 1606374bf ci: Improve autocorrect lint check. (#8707) add e112070b0 fix(ci): remove matrix.os_name from image cache key (#8922) No new revisions were added by this update. Summary of changes: .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
[apisix] branch master updated (94576ef3f -> 1606374bf)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git from 94576ef3f perf: optimized gzip code logic (#8897) add 1606374bf ci: Improve autocorrect lint check. (#8707) No new revisions were added by this update. Summary of changes: .github/workflows/doc-lint.yml | 25 +++-- docs/zh/latest/CHANGELOG.md| 10 +- docs/zh/latest/FAQ.md | 4 ++-- docs/zh/latest/README.md | 4 ++-- docs/zh/latest/control-api.md | 10 +- docs/zh/latest/debug-mode.md | 2 +- docs/zh/latest/discovery.md| 6 +++--- docs/zh/latest/external-plugin.md | 28 ++-- docs/zh/latest/grpc-proxy.md | 4 ++-- docs/zh/latest/install-dependencies.md | 4 ++-- docs/zh/latest/plugin-develop.md | 20 ++-- docs/zh/latest/router-radixtree.md | 6 +++--- docs/zh/latest/stream-proxy.md | 6 +++--- 13 files changed, 63 insertions(+), 66 deletions(-)
[apisix] branch master updated: perf: optimized gzip code logic (#8897)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new 94576ef3f perf: optimized gzip code logic (#8897) 94576ef3f is described below commit 94576ef3f3a69aa5a181e8a972f44ab4d8959915 Author: jackfu AuthorDate: Fri Feb 24 09:37:53 2023 +0800 perf: optimized gzip code logic (#8897) --- apisix/plugins/gzip.lua | 20 ++-- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/apisix/plugins/gzip.lua b/apisix/plugins/gzip.lua index d9f319d01..8720cfe9f 100644 --- a/apisix/plugins/gzip.lua +++ b/apisix/plugins/gzip.lua @@ -112,24 +112,24 @@ function _M.header_filter(conf, ctx) -- Like Nginx, don't gzip if Content-Type is missing return end -local from = core.string.find(content_type, ";") -if from then -content_type = str_sub(content_type, 1, from - 1) -end -local matched = false if type(types) == "table" then +local matched = false +local from = core.string.find(content_type, ";") +if from then +content_type = str_sub(content_type, 1, from - 1) +end + for _, ty in ipairs(types) do if content_type == ty then matched = true break end end -else -matched = true -end -if not matched then -return + +if not matched then +return +end end local content_length = tonumber(ngx_header["Content-Length"])
[apisix] branch master updated: feat: use env var instead of plain text for vault token (#8866)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new 14727fc00 feat: use env var instead of plain text for vault token (#8866) 14727fc00 is described below commit 14727fc00948b5cc6acf58539cee1080303b9659 Author: Abhishek Choudhary AuthorDate: Fri Feb 24 07:05:13 2023 +0530 feat: use env var instead of plain text for vault token (#8866) --- apisix/secret/vault.lua | 9 +++- t/plugin/basic-auth.t | 80 +++ t/plugin/hmac-auth4.t | 122 t/plugin/jwt-auth3.t| 83 t/plugin/key-auth.t | 56 ++ t/plugin/ldap-auth.t| 83 t/plugin/wolf-rbac.t| 66 ++ t/secret/vault.t| 80 +++ 8 files changed, 577 insertions(+), 2 deletions(-) diff --git a/apisix/secret/vault.lua b/apisix/secret/vault.lua index eb2e6564c..f5dcb7a24 100644 --- a/apisix/secret/vault.lua +++ b/apisix/secret/vault.lua @@ -25,7 +25,7 @@ local norm_path = require("pl.path").normpath local sub= core.string.sub local rfind_char = core.string.rfind_char - +local env= core.env local schema = { type = "object", @@ -53,10 +53,15 @@ local function make_request_to_vault(conf, method, key, data) local req_addr = conf.uri .. norm_path("/v1/" .. conf.prefix .. "/" .. key) +local token, _ = env.fetch_by_uri(conf.token) +if not token then +token = conf.token +end + local res, err = httpc:request_uri(req_addr, { method = method, headers = { -["X-Vault-Token"] = conf.token +["X-Vault-Token"] = token }, body = core.json.encode(data or {}, true) }) diff --git a/t/plugin/basic-auth.t b/t/plugin/basic-auth.t index 533dda626..4a19cf138 100644 --- a/t/plugin/basic-auth.t +++ b/t/plugin/basic-auth.t @@ -14,6 +14,10 @@ # See the License for the specific language governing permissions and # limitations under the License. # +BEGIN { +$ENV{VAULT_TOKEN} = "root"; +} + use t::APISIX 'no_plan'; repeat_each(2); @@ -540,3 +544,79 @@ GET /echo Authorization: Basic Zm9vOmJhcg== --- response_headers Authorization: Basic Zm9vOmJhcg== + + + +=== TEST 25: set basic-auth conf with the token in an env var: password uses secret ref +--- request +GET /t +--- config +location /t { +content_by_lua_block { +local t = require("lib.test_admin").test +-- put secret vault config +local code, body = t('/apisix/admin/secrets/vault/test1', +ngx.HTTP_PUT, +[[{ +"uri": "http://127.0.0.1:8200;, +"prefix" : "kv/apisix", +"token" : "$ENV://VAULT_TOKEN" +}]] +) +if code >= 300 then +ngx.status = code +return ngx.say(body) +end +-- change consumer with secrets ref: vault +code, body = t('/apisix/admin/consumers', +ngx.HTTP_PUT, +[[{ +"username": "foo", +"plugins": { +"basic-auth": { +"username": "foo", +"password": "$secret://vault/test1/foo/passwd" +} +} +}]] +) +if code >= 300 then +ngx.status = code +return ngx.say(body) +end +-- set route +code, body = t('/apisix/admin/routes/1', +ngx.HTTP_PUT, +[[{ +"plugins": { +"basic-auth": { +"hide_credentials": false +} +}, +"upstream": { +"nodes": { +"127.0.0.1:1980": 1 +}, +"type": "roundrobin" +}, +"uri": "/echo" +}]] +) +if code >= 300 then +ngx.status = code +end +ngx.say(body) +} +} +--- response_body +passed + + + +=== TEST 26: verify Authorization with foo/bar, request header sh
[apisix] branch master updated (2f516967a -> a1e2de250)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git from 2f516967a chore(deps): bump golang.org/x/text from 0.3.6 to 0.3.8 in /t/plugin/grpc-web (#8920) add a1e2de250 feat(ci): implement image caching in remaining ci pipelines (#8927) No new revisions were added by this update. Summary of changes: .github/workflows/centos7-ci.yml | 36 ++-- .github/workflows/fips.yml | 34 +- .github/workflows/gm-cron.yaml | 34 +- 3 files changed, 100 insertions(+), 4 deletions(-)
[apisix] branch master updated (a1e2de250 -> c70c33e18)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git from a1e2de250 feat(ci): implement image caching in remaining ci pipelines (#8927) add c70c33e18 fix(proxy-rewrite): escape args part if it's not from user conf (#) No new revisions were added by this update. Summary of changes: apisix/core/utils.lua| 8 +- apisix/plugins/proxy-rewrite.lua | 36 ++--- t/plugin/proxy-rewrite3.t| 164 +++ 3 files changed, 197 insertions(+), 11 deletions(-)
[apisix] branch master updated (4ab50da56 -> 2f516967a)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git from 4ab50da56 fix: limit count plugin conf parameter undefined error (#8902) add 2f516967a chore(deps): bump golang.org/x/text from 0.3.6 to 0.3.8 in /t/plugin/grpc-web (#8920) No new revisions were added by this update. Summary of changes: t/plugin/grpc-web/go.mod | 5 + t/plugin/grpc-web/go.sum | 30 ++ 2 files changed, 23 insertions(+), 12 deletions(-)
[apisix] branch master updated (bc37568b0 -> 4ab50da56)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git from bc37568b0 chore: remove duplicate kubernetes test case (#8882) add 4ab50da56 fix: limit count plugin conf parameter undefined error (#8902) No new revisions were added by this update. Summary of changes: apisix/plugins/limit-count/limit-count-local.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
[apisix] branch master updated: chore: remove duplicate kubernetes test case (#8882)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new bc37568b0 chore: remove duplicate kubernetes test case (#8882) bc37568b0 is described below commit bc37568b0975edb7f111038610b66f5a4d908230 Author: Ashing Zheng AuthorDate: Thu Feb 23 09:03:49 2023 +0800 chore: remove duplicate kubernetes test case (#8882) --- t/kubernetes/discovery/kubernetes3.t | 751 --- 1 file changed, 751 deletions(-) diff --git a/t/kubernetes/discovery/kubernetes3.t b/t/kubernetes/discovery/kubernetes3.t deleted file mode 100644 index 816c797fa..0 --- a/t/kubernetes/discovery/kubernetes3.t +++ /dev/null @@ -1,751 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -BEGIN { -our $token_file = "/tmp/var/run/secrets/kubernetes.io/serviceaccount/token"; -our $token_value = eval {`cat $token_file 2>/dev/null`}; - -our $yaml_config = <<_EOC_; -apisix: - node_listen: 1984 -deployment: - role: data_plane - role_data_plane: -config_provider: yaml -discovery: - kubernetes: -- id: first - service: -host: "127.0.0.1" -port: "6443" - client: -token_file: "/tmp/var/run/secrets/kubernetes.io/serviceaccount/token" -- id: second - service: -schema: "http", -host: "127.0.0.1", -port: "6445" - client: -token_file: "/tmp/var/run/secrets/kubernetes.io/serviceaccount/token" - -_EOC_ - -our $scale_ns_c = <<_EOC_; -[ - { -"op": "replace_subsets", -"name": "ep", -"namespace": "ns-c", -"subsets": [ - { -"addresses": [ - { -"ip": "10.0.0.1" - } -], -"ports": [ - { -"name": "p1", -"port": 5001 - } -] - } -] - } -] -_EOC_ - -} - -use t::APISIX 'no_plan'; - -repeat_each(1); -log_level('warn'); -no_root_location(); -no_shuffle(); -workers(4); - -add_block_preprocessor(sub { -my ($block) = @_; - -my $apisix_yaml = $block->apisix_yaml // <<_EOC_; -routes: [] -#END -_EOC_ - -$block->set_value("apisix_yaml", $apisix_yaml); - -my $main_config = $block->main_config // <<_EOC_; -env KUBERNETES_SERVICE_HOST=127.0.0.1; -env KUBERNETES_SERVICE_PORT=6443; -env KUBERNETES_CLIENT_TOKEN=$::token_value; -env KUBERNETES_CLIENT_TOKEN_FILE=$::token_file; -_EOC_ - -$block->set_value("main_config", $main_config); - -my $config = $block->config // <<_EOC_; -location /queries { -content_by_lua_block { - local core = require("apisix.core") - local d = require("apisix.discovery.kubernetes") - - ngx.sleep(1) - - ngx.req.read_body() - local request_body = ngx.req.get_body_data() - local queries = core.json.decode(request_body) - local response_body = "{" - for _,query in ipairs(queries) do -local nodes = d.nodes(query) -if nodes==nil or #nodes==0 then -response_body=response_body.." "..0 -else -response_body=response_body.." "..#nodes -end - end - ngx.say(response_body.." }") -} -} - -location /operators { -content_by_lua_block { -local http = require("resty.http") -local core = require("apisix.core") -local ipairs = ipairs - -ngx.req.read_body() -local request_body = ngx.req.get_body_data() -local operators = core.json.decode(request_bo
[apisix] branch master updated: feat: add 'range_id' algorithm for 'request-id' plugin (#8790)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new 1a20e5378 feat: add 'range_id' algorithm for 'request-id' plugin (#8790) 1a20e5378 is described below commit 1a20e5378fc344c66ee61ce50ce5d118c8773fad Author: Tristan <33349046+jiangfuch...@users.noreply.github.com> AuthorDate: Wed Feb 22 10:40:12 2023 +0800 feat: add 'range_id' algorithm for 'request-id' plugin (#8790) --- apisix/plugins/request-id.lua| 46 - docs/en/latest/plugins/request-id.md | 4 +- docs/zh/latest/plugins/request-id.md | 4 +- t/plugin/request-id2.t | 182 +++ 4 files changed, 229 insertions(+), 7 deletions(-) diff --git a/apisix/plugins/request-id.lua b/apisix/plugins/request-id.lua index ceddcdf94..3a7e6bc39 100644 --- a/apisix/plugins/request-id.lua +++ b/apisix/plugins/request-id.lua @@ -27,6 +27,9 @@ local tostring = tostring local math_pow = math.pow local math_ceil = math.ceil local math_floor = math.floor +local math_random = math.random +local str_byte = string.byte +local ffi = require "ffi" local plugin_name = "request-id" @@ -40,7 +43,27 @@ local schema = { properties = { header_name = {type = "string", default = "X-Request-Id"}, include_in_response = {type = "boolean", default = true}, -algorithm = {type = "string", enum = {"uuid", "snowflake", "nanoid"}, default = "uuid"} +algorithm = { +type = "string", +enum = {"uuid", "snowflake", "nanoid", "range_id"}, +default = "uuid" +}, +range_id = { +type = "object", +properties = { +length = { +type = "integer", +minimum = 6, +default = 16 +}, +char_set = { +type = "string", +-- The Length is set to 6 just avoid too short length, it may repeat +minLength = 6, +default = "abcdefghijklmnopqrstuvwxyzABCDEFGHIGKLMNOPQRSTUVWXYZ0123456789" +} +} +} } } @@ -202,14 +225,27 @@ local function next_id() return snowflake:next_id() end +-- generate range_id +local function get_range_id(range_id) +local res = ffi.new("unsigned char[?]", range_id.length) +for i = 0, range_id.length - 1 do +res[i] = str_byte(range_id.char_set, math_random(#range_id.char_set)) +end +return ffi.string(res, range_id.length) +end -local function get_request_id(algorithm) -if algorithm == "uuid" then +local function get_request_id(conf) +if conf.algorithm == "uuid" then return uuid() end -if algorithm == "nanoid" then +if conf.algorithm == "nanoid" then return nanoid.safe_simple() end + +if conf.algorithm == "range_id" then +return get_range_id(conf.range_id) +end + return next_id() end @@ -218,7 +254,7 @@ function _M.rewrite(conf, ctx) local headers = ngx.req.get_headers() local uuid_val if not headers[conf.header_name] then -uuid_val = get_request_id(conf.algorithm) +uuid_val = get_request_id(conf) core.request.set_header(ctx, conf.header_name, uuid_val) else uuid_val = headers[conf.header_name] diff --git a/docs/en/latest/plugins/request-id.md b/docs/en/latest/plugins/request-id.md index 31469dee3..20f534d80 100644 --- a/docs/en/latest/plugins/request-id.md +++ b/docs/en/latest/plugins/request-id.md @@ -44,7 +44,9 @@ The Plugin will not add a unique ID if the request already has a header with the | --- | --- | | -- | --- | -- | | header_name | string | False| "X-Request-Id" | | Header name for the unique request ID. | | include_in_response | boolean | False| true | | When set to `true`, adds the unique request ID in the response header. | -| algorithm | string | False| "uuid" | ["uuid", "snowflake", "nanoid"] | Algorithm to use for generating the unique request ID. | +| algorithm | string | False| "uuid" | ["uuid", "snowflake", "nanoid", "rang
[apisix] branch master updated: chore(error-log-logger): add kafka meta_refresh_interval (#8821)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new 0ebc9cb85 chore(error-log-logger): add kafka meta_refresh_interval (#8821) 0ebc9cb85 is described below commit 0ebc9cb85114ed5a389b335e9b8ead7d3fdc17a0 Author: Ashing Zheng AuthorDate: Mon Feb 20 08:54:37 2023 +0800 chore(error-log-logger): add kafka meta_refresh_interval (#8821) --- apisix/plugins/error-log-logger.lua| 2 ++ docs/en/latest/plugins/error-log-logger.md | 1 + docs/zh/latest/plugins/error-log-logger.md | 1 + t/plugin/error-log-logger-kafka.t | 15 +-- 4 files changed, 17 insertions(+), 2 deletions(-) diff --git a/apisix/plugins/error-log-logger.lua b/apisix/plugins/error-log-logger.lua index f2028d4f5..a0a364564 100644 --- a/apisix/plugins/error-log-logger.lua +++ b/apisix/plugins/error-log-logger.lua @@ -123,6 +123,7 @@ local metadata_schema = { -- in lua-resty-kafka, cluster_name is defined as number -- see https://github.com/doujiang24/lua-resty-kafka#new-1 cluster_name = {type = "integer", minimum = 1, default = 1}, +meta_refresh_interval = {type = "integer", minimum = 1, default = 30}, }, required = {"brokers", "kafka_topic"}, }, @@ -370,6 +371,7 @@ local function send_to_kafka(log_message) broker_config["request_timeout"] = config.timeout * 1000 broker_config["producer_type"] = config.kafka.producer_type broker_config["required_acks"] = config.kafka.required_acks +broker_config["refresh_interval"] = config.kafka.meta_refresh_interval * 1000 -- reuse producer via kafka_prod_lrucache to avoid unbalanced partitions of messages in kafka local prod, err = kafka_prod_lrucache(plugin_name, metadata.modifiedIndex, diff --git a/docs/en/latest/plugins/error-log-logger.md b/docs/en/latest/plugins/error-log-logger.md index 6e4db9093..a774a74c6 100644 --- a/docs/en/latest/plugins/error-log-logger.md +++ b/docs/en/latest/plugins/error-log-logger.md @@ -60,6 +60,7 @@ It might take some time to receive the log data. It will be automatically sent a | kafka.required_acks| integer | False| 1 | [0, 1, -1]| Number of acknowledgements the leader needs to receive for the producer to consider the request complete. This controls the durability of the sent records. The attribute follows the same configuration as the Kafka `acks` attribute. See [Apache Kafka documentation](https://kafka.apache.org/documentation/#producerconfigs_acks) for more. | | kafka.key | string | False| | | Key used for allocating partitions for messages. | | kafka.cluster_name | integer | False| 1 | [0,...] | Name of the cluster. Used when there are two or more Kafka clusters. Only works if the `producer_type` attribute is set to `async`. | +| kafka.meta_refresh_interval | integer | False| 30 | [1,...] | `refresh_interval` parameter in [lua-resty-kafka](https://github.com/doujiang24/lua-resty-kafka) specifies the time to auto refresh the metadata, in seconds.| | timeout | integer | False| 3 | [1,...] | Timeout (in seconds) for the upstream to connect and send data. | | keepalive| integer | False| 30 | [1,...] | Time in seconds to keep the connection alive after sending data. | | level| string | False| WARN | ["STDERR", "EMERG", "ALERT", "CRIT", "ERR", "ERROR", "WARN", "NOTICE", "INFO", "DEBUG"] | Log level to filter the error logs. `ERR` is same as `ERROR`.| diff
[apisix] branch master updated: chore(deps): bump golang.org/x/net from 0.2.0 to 0.7.0 in /t/grpc_server_example (#8881)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new cbad8af91 chore(deps): bump golang.org/x/net from 0.2.0 to 0.7.0 in /t/grpc_server_example (#8881) cbad8af91 is described below commit cbad8af91f61dcafff37ee3c88a86063dcb09606 Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> AuthorDate: Mon Feb 20 08:52:31 2023 +0800 chore(deps): bump golang.org/x/net from 0.2.0 to 0.7.0 in /t/grpc_server_example (#8881) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- t/grpc_server_example/go.mod | 2 +- t/grpc_server_example/go.sum | 14 +++--- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/t/grpc_server_example/go.mod b/t/grpc_server_example/go.mod index 9b95e63fd..6e7a0fb6d 100644 --- a/t/grpc_server_example/go.mod +++ b/t/grpc_server_example/go.mod @@ -4,7 +4,7 @@ go 1.11 require ( github.com/golang/protobuf v1.5.0 - golang.org/x/net v0.2.0 + golang.org/x/net v0.7.0 google.golang.org/grpc v1.32.0 google.golang.org/protobuf v1.27.1 ) diff --git a/t/grpc_server_example/go.sum b/t/grpc_server_example/go.sum index d9ceb02e6..3a6620532 100644 --- a/t/grpc_server_example/go.sum +++ b/t/grpc_server_example/go.sum @@ -33,8 +33,8 @@ golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.2.0 h1:sZfSu1wtKLGlWI4ZZayP0ck9Y73K1ynO6gqzTdBVdPU= -golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= +golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= +golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -46,16 +46,16 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.2.0 h1:ljd4t30dBnAvMZaQCevtY0xLLD0A+bRZXbgLMLU1F/A= -golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg= -golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
[apisix] branch master updated: fix(admin): fix wrong http code for patch method (#8855)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new 6160667df fix(admin): fix wrong http code for patch method (#8855) 6160667df is described below commit 6160667df1aa6d122bf107302b8494ddbcb73233 Author: dongjunduo AuthorDate: Fri Feb 17 11:35:48 2023 +0800 fix(admin): fix wrong http code for patch method (#8855) --- apisix/core/etcd.lua | 1 - t/admin/ssl.t| 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/apisix/core/etcd.lua b/apisix/core/etcd.lua index d48eb9aa1..99e4bbb6b 100644 --- a/apisix/core/etcd.lua +++ b/apisix/core/etcd.lua @@ -507,7 +507,6 @@ function _M.atomic_set(key, value, ttl, mod_revision) key = key, value = value, } -res.status = 201 return res, nil end diff --git a/t/admin/ssl.t b/t/admin/ssl.t index 1a3dba80b..2e69e0b46 100644 --- a/t/admin/ssl.t +++ b/t/admin/ssl.t @@ -643,7 +643,7 @@ GET /t core.json.encode({create_time = 0, update_time = 1}) ) -if code ~= 201 then +if code ~= 200 then ngx.status = code ngx.say(body) return
[apisix] branch master updated: feat: stream subsystem support tars service discovery (#8826)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new 641481dde feat: stream subsystem support tars service discovery (#8826) 641481dde is described below commit 641481dde6c1039209abf430784ee5774d503439 Author: Ashing Zheng AuthorDate: Fri Feb 17 10:05:02 2023 +0800 feat: stream subsystem support tars service discovery (#8826) --- apisix/cli/ngx_tpl.lua | 4 + apisix/discovery/tars/init.lua | 20 +++- conf/config-default.yaml | 1 + t/APISIX.pm| 5 + t/tars/discovery/stream/tars.t | 216 + 5 files changed, 244 insertions(+), 2 deletions(-) diff --git a/apisix/cli/ngx_tpl.lua b/apisix/cli/ngx_tpl.lua index 7083d4201..bc6af4bf2 100644 --- a/apisix/cli/ngx_tpl.lua +++ b/apisix/cli/ngx_tpl.lua @@ -141,6 +141,10 @@ stream { lua_shared_dict etcd-cluster-health-check-stream {* stream.lua_shared_dict["etcd-cluster-health-check-stream"] *}; lua_shared_dict worker-events-stream {* stream.lua_shared_dict["worker-events-stream"] *}; +{% if enabled_discoveries["tars"] then %} +lua_shared_dict tars-stream {* stream.lua_shared_dict["tars-stream"] *}; +{% end %} + {% if enabled_stream_plugins["limit-conn"] then %} lua_shared_dict plugin-limit-conn-stream {* stream.lua_shared_dict["plugin-limit-conn-stream"] *}; {% end %} diff --git a/apisix/discovery/tars/init.lua b/apisix/discovery/tars/init.lua index f621791dd..14f658dce 100644 --- a/apisix/discovery/tars/init.lua +++ b/apisix/discovery/tars/init.lua @@ -22,7 +22,8 @@ local tonumber = tonumber local local_conf = require("apisix.core.config_local").local_conf() local core = require("apisix.core") local mysql = require("resty.mysql") -local process = require("ngx.process") +local is_http = ngx.config.subsystem == "http" +local support_process, process = pcall(require, "ngx.process") local endpoint_dict @@ -331,9 +332,24 @@ function _M.nodes(servant) return get_endpoint(servant) end +local function get_endpoint_dict() +local shm = "tars" + +if not is_http then +shm = shm .. "-stream" +end + +return ngx.shared[shm] +end function _M.init_worker() -endpoint_dict = ngx.shared.tars +if not support_process then +core.log.error("tars discovery not support in subsystem: ", ngx.config.subsystem, + ", please check if your openresty version >= 1.19.9.1 or not") +return +end + +endpoint_dict = get_endpoint_dict() if not endpoint_dict then error("failed to get lua_shared_dict: tars, please check your APISIX version") end diff --git a/conf/config-default.yaml b/conf/config-default.yaml index db5cb2211..4d8d0c208 100755 --- a/conf/config-default.yaml +++ b/conf/config-default.yaml @@ -165,6 +165,7 @@ nginx_config: # config for render the template to generate n lrucache-lock-stream: 10m plugin-limit-conn-stream: 10m worker-events-stream: 10m + tars-stream: 1m # As user can add arbitrary configurations in the snippet, # it is user's responsibility to check the configurations diff --git a/t/APISIX.pm b/t/APISIX.pm index 8e9e72d11..e0ad70427 100644 --- a/t/APISIX.pm +++ b/t/APISIX.pm @@ -396,6 +396,7 @@ _EOC_ lua_shared_dict kubernetes-stream 1m; lua_shared_dict kubernetes-first-stream 1m; lua_shared_dict kubernetes-second-stream 1m; +lua_shared_dict tars-stream 1m; upstream apisix_backend { server 127.0.0.1:1900; @@ -405,6 +406,8 @@ _EOC_ } _EOC_ +my $stream_extra_init_by_lua_start = $block->stream_extra_init_by_lua_start // ""; + my $stream_init_by_lua_block = $block->stream_init_by_lua_block // <<_EOC_; if os.getenv("APISIX_ENABLE_LUACOV") == "1" then require("luacov.runner")("t/apisix.luacov") @@ -413,6 +416,8 @@ _EOC_ require "resty.core" +$stream_extra_init_by_lua_start + apisix = require("apisix") local args = { dns_resolver = $dns_addrs_tbl_str, diff --git a/t/tars/discovery/stream/tars.t b/t/tars/discovery/stream/tars.t new file mode 100644 index 0..b7c55a0f4 --- /dev/null +++ b/t/tars/discovery/stream/tars.t @@ -0,0 +1,216 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apac
[apisix] branch master updated: feat(ci): implement image caching to reduce ci build time. (#8735)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new e619a feat(ci): implement image caching to reduce ci build time. (#8735) e619a is described below commit e619a27c488b0dba6121e5b62bdc92a20a78 Author: Abhishek Choudhary AuthorDate: Thu Feb 16 07:58:29 2023 +0530 feat(ci): implement image caching to reduce ci build time. (#8735) --- .github/workflows/build.yml | 55 ++- .github/workflows/centos7-ci.yml | 25 .github/workflows/fips.yml | 27 - .github/workflows/gm-cron.yaml | 26 - ci/backup-docker-images.sh | 50 ci/free_disk_space.sh| 31 ci/init-last-test-service.sh | 37 +--- ci/init-plugin-test-service.sh | 62 +--- 8 files changed, 197 insertions(+), 116 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c28469183..94a4b8d5e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -99,30 +99,36 @@ jobs: rm -rf $(ls -1 --ignore=*.tgz --ignore=ci --ignore=t --ignore=utils --ignore=.github) tar zxvf ${{ steps.branch_env.outputs.fullname }} - - name: Start CI env (FIRST_TEST) -if: steps.test_env.outputs.type == 'first' -run: | - # launch deps env - make ci-env-up project_compose_ci=ci/pod/docker-compose.${{ steps.test_env.outputs.type }}.yml + - name: Cache images +id: cache-images +uses: actions/cache@v3 +env: + cache-name: cache-apisix-docker-images +with: + path: docker-images-backup + key: ${{ runner.os }}-${{ env.cache-name }}-${{ steps.test_env.outputs.type }}-${{ matrix.os_name }}-${{ hashFiles(format('./ci/pod/docker-compose.{0}.yml', steps.test_env.outputs.type )) }} - - name: Start CI env (PLUGIN_TEST) -if: steps.test_env.outputs.type == 'plugin' + - if: ${{ steps.cache-images.outputs.cache-hit == 'true' }} +name: Load saved docker images run: | - # download keycloak cas provider - sudo wget https://github.com/jacekkow/keycloak-protocol-cas/releases/download/18.0.2/keycloak-protocol-cas-18.0.2.jar -O /opt/keycloak-protocol-cas-18.0.2.jar - - ./ci/pod/openfunction/build-function-image.sh - make ci-env-up project_compose_ci=ci/pod/docker-compose.${{ steps.test_env.outputs.type }}.yml - sudo ./ci/init-${{ steps.test_env.outputs.type }}-test-service.sh - - - name: Start CI env (LAST_TEST) -if: steps.test_env.outputs.type == 'last' + if [[ -f docker-images-backup/apisix-images.tar ]]; then +[[ ${{ steps.test_env.outputs.type }} != first ]] && sudo ./ci/init-${{ steps.test_env.outputs.type }}-test-service.sh before +docker load --input docker-images-backup/apisix-images.tar +rm docker-images-backup/apisix-images.tar +make ci-env-up project_compose_ci=ci/pod/docker-compose.${{ steps.test_env.outputs.type }}.yml +echo "loaded docker images" +if [[ ${{ steps.test_env.outputs.type }} != first ]]; then + sudo ./ci/init-${{ steps.test_env.outputs.type }}-test-service.sh after +fi + fi + - if: ${{ steps.cache-images.outputs.cache-hit != 'true' }} +name: Linux launch services run: | - # generating SSL certificates for Kafka - sudo keytool -genkeypair -keyalg RSA -dname "CN=127.0.0.1" -alias 127.0.0.1 -keystore ./ci/pod/kafka/kafka-server/selfsigned.jks -validity 365 -keysize 2048 -storepass changeit + [[ ${{ steps.test_env.outputs.type }} != first ]] && sudo ./ci/init-${{ steps.test_env.outputs.type }}-test-service.sh before + [[ ${{ steps.test_env.outputs.type }} == plugin ]] && ./ci/pod/openfunction/build-function-image.sh make ci-env-up project_compose_ci=ci/pod/docker-compose.${{ steps.test_env.outputs.type }}.yml - sudo ./ci/init-${{ steps.test_env.outputs.type }}-test-service.sh - + [[ ${{ steps.test_env.outputs.type }} != first ]] && sudo ./ci/init-${{ steps.test_env.outputs.type }}-test-service.sh after + echo "Linux launch services, done." - name: Start Dubbo Backend if: matrix.os_name == 'linux_openresty' && steps.test_env.outputs.type == 'plugin' run: | @@ -158,3 +164,12 @@ jobs: env: TEST_FILE_SUB_DIR: ${{ matrix.test_dir }} run: sudo -E ./ci/${{ matrix.os_name }}_runner.sh script + + - if: ${{ steps.cache-images.outputs
[apisix] branch master updated: feat(admin): add head method support to /apisix/admin (#8752)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new bf603ac51 feat(admin): add head method support to /apisix/admin (#8752) bf603ac51 is described below commit bf603ac517e890f2b67c726cc40a66edc58fd8f2 Author: dongjunduo AuthorDate: Wed Feb 15 09:54:46 2023 +0800 feat(admin): add head method support to /apisix/admin (#8752) --- apisix/admin/init.lua | 10 ++ t/admin/api.t | 18 ++ 2 files changed, 28 insertions(+) diff --git a/apisix/admin/init.lua b/apisix/admin/init.lua index e96b05c33..1c139ef7f 100644 --- a/apisix/admin/init.lua +++ b/apisix/admin/init.lua @@ -130,6 +130,11 @@ local function strip_etcd_resp(data) end +local function head() +core.response.exit(200) +end + + local function run() local api_ctx = {} core.ctx.set_vars_meta(api_ctx) @@ -365,6 +370,11 @@ end local uri_route = { +{ +paths = [[/apisix/admin]], +methods = {"HEAD"}, +handler = head, +}, { paths = [[/apisix/admin/*]], methods = {"GET", "PUT", "POST", "DELETE", "PATCH"}, diff --git a/t/admin/api.t b/t/admin/api.t index d7fff64df..67d7344b6 100644 --- a/t/admin/api.t +++ b/t/admin/api.t @@ -138,3 +138,21 @@ X-API-KEY: edd1c9f034335f136f87ad84b625c8f1 --- response_headers X-API-VERSION: v2 --- response_body_like: "/apisix/routes" + + + +=== TEST 9: Head method support for admin API +--- config +location /t { +content_by_lua_block { +local t = require("lib.test_admin").test +local code, body = t('/apisix/admin', +ngx.HTTP_HEAD) +ngx.status = code +ngx.say(body) +} +} +--- request +GET /t +--- response_body +passed
[apisix] branch master updated: feat: opentelemetry plugin config collector.address support specify https scheme (#8823)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new 894aeac7b feat: opentelemetry plugin config collector.address support specify https scheme (#8823) 894aeac7b is described below commit 894aeac7b651e90c4a8b321e83aa9805ce963c21 Author: roketyyang AuthorDate: Wed Feb 15 09:51:01 2023 +0800 feat: opentelemetry plugin config collector.address support specify https scheme (#8823) Co-authored-by: 罗泽轩 Co-authored-by: roketyyang --- apisix/plugins/opentelemetry.lua| 33 ++--- docs/en/latest/plugins/opentelemetry.md | 2 +- docs/zh/latest/plugins/opentelemetry.md | 2 +- rockspec/apisix-master-0.rockspec | 2 +- t/plugin/opentelemetry.t| 1 + t/plugin/opentelemetry2.t | 2 +- 6 files changed, 19 insertions(+), 23 deletions(-) diff --git a/apisix/plugins/opentelemetry.lua b/apisix/plugins/opentelemetry.lua index c0e3a74e4..f8013e6f7 100644 --- a/apisix/plugins/opentelemetry.lua +++ b/apisix/plugins/opentelemetry.lua @@ -36,10 +36,9 @@ local span_status = require("opentelemetry.trace.span_status") local resource_new = require("opentelemetry.resource").new local attr = require("opentelemetry.attribute") -local context_storage = require("opentelemetry.context_storage") -local context = require("opentelemetry.context").new(context_storage) -local carrier_new = require("opentelemetry.trace.propagation.carrier").new -local trace_context = require("opentelemetry.trace.propagation.trace_context") +local context = require("opentelemetry.context").new() +local trace_context_propagator = + require("opentelemetry.trace.propagation.text_map.trace_context_propagator").new() local ngx = ngx local ngx_var = ngx.var @@ -310,7 +309,7 @@ function _M.rewrite(conf, api_ctx) end -- extract trace context from the headers of downstream HTTP request -local upstream_context = trace_context.extract(context, carrier_new()) +local upstream_context = trace_context_propagator:extract(context, ngx.req) local attributes = { attr.string("service", api_ctx.service_name), attr.string("route", api_ctx.route_name), @@ -333,27 +332,24 @@ function _M.rewrite(conf, api_ctx) kind = span_kind.server, attributes = attributes, }) -ctx:attach() +api_ctx.otel_context_token = ctx:attach() -- inject trace context into the headers of upstream HTTP request -trace_context.inject(ctx, carrier_new()) +trace_context_propagator:inject(ctx, ngx.req) end function _M.delayed_body_filter(conf, api_ctx) -if ngx.arg[2] then +if api_ctx.otel_context_token and ngx.arg[2] then local ctx = context:current() -if not ctx then -return -end - -local upstream_status = core.response.get_upstream_status(api_ctx) -ctx:detach() +ctx:detach(api_ctx.otel_context_token) +api_ctx.otel_context_token = nil -- get span from current context local span = ctx:span() +local upstream_status = core.response.get_upstream_status(api_ctx) if upstream_status and upstream_status >= 500 then -span:set_status(span_status.error, +span:set_status(span_status.ERROR, "upstream response status: " .. upstream_status) end @@ -365,15 +361,14 @@ end -- body_filter maybe not called because of empty http body response -- so we need to check if the span has finished in log phase function _M.log(conf, api_ctx) -local ctx = context:current() -if ctx then +if api_ctx.otel_context_token then -- ctx:detach() is not necessary, because of ctx is stored in ngx.ctx local upstream_status = core.response.get_upstream_status(api_ctx) -- get span from current context -local span = ctx:span() +local span = context:current():span() if upstream_status and upstream_status >= 500 then -span:set_status(span_status.error, +span:set_status(span_status.ERROR, "upstream response status: " .. upstream_status) end diff --git a/docs/en/latest/plugins/opentelemetry.md b/docs/en/latest/plugins/opentelemetry.md index 10d6826b2..d8ba30234 100644 --- a/docs/en/latest/plugins/opentelemetry.md +++ b/docs/en/latest/plugins/opentelemetry.md @@ -58,7 +58,7 @@ You can set up the collector by configuring it in you configuration file (`conf/ | trace_id_source| enum| random | Source of the trace ID. Valid values
[apisix] branch master updated: fix: add admin schema to control_plane config (#8809)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new 00e9a56f7 fix: add admin schema to control_plane config (#8809) 00e9a56f7 is described below commit 00e9a56f739e6a56b8d90fd821e2233003c69544 Author: Tristan <33349046+jiangfuch...@users.noreply.github.com> AuthorDate: Wed Feb 15 09:46:40 2023 +0800 fix: add admin schema to control_plane config (#8809) --- apisix/cli/schema.lua | 1 + t/cli/test_deployment_control_plane.sh | 30 ++ 2 files changed, 31 insertions(+) diff --git a/apisix/cli/schema.lua b/apisix/cli/schema.lua index 5f1f789ad..477e2ce7e 100644 --- a/apisix/cli/schema.lua +++ b/apisix/cli/schema.lua @@ -375,6 +375,7 @@ local deployment_schema = { control_plane = { properties = { etcd = etcd_schema, +admin = admin_schema, role_control_plane = { properties = { config_provider = { diff --git a/t/cli/test_deployment_control_plane.sh b/t/cli/test_deployment_control_plane.sh index fa7210378..58858f41f 100755 --- a/t/cli/test_deployment_control_plane.sh +++ b/t/cli/test_deployment_control_plane.sh @@ -40,6 +40,36 @@ fi echo "passed: should check deployment schema during init" +# The 'admin.apisix.dev' is injected by ci/common.sh@set_coredns +echo ' +apisix: +enable_admin: false +deployment: +role: control_plane +role_control_plane: +config_provider: etcd +conf_server: +listen: admin.apisix.dev:12345 +cert: t/certs/mtls_server.crt +cert_key: t/certs/mtls_server.key +admin: +https_admin: "abc" +etcd: +prefix: "/apisix" +host: +- http://127.0.0.1:2379 +certs: +trusted_ca_cert: t/certs/mtls_ca.crt +' > conf/config.yaml + +out=$(make init 2>&1 || true) +if ! echo "$out" | grep 'property "https_admin" validation failed: wrong type: expected boolean, got string'; then +echo "failed: should check deployment schema during init" +exit 1 +fi + +echo "passed: should check deployment schema during init" + # The 'admin.apisix.dev' is injected by ci/common.sh@set_coredns echo ' apisix:
[apisix] branch master updated: docs: change the file name to 'create-ssl.py'.If 'ssl.py' is used as … (#8623)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new 0bc65ea9a docs: change the file name to 'create-ssl.py'.If 'ssl.py' is used as … (#8623) 0bc65ea9a is described below commit 0bc65ea9acd726f79f80ae0abd8f50b7eb172e3d Author: 十斤降世 AuthorDate: Sun Feb 12 20:13:47 2023 +0800 docs: change the file name to 'create-ssl.py'.If 'ssl.py' is used as … (#8623) --- docs/en/latest/certificate.md | 11 +-- docs/en/latest/mtls.md| 14 ++ docs/zh/latest/certificate.md | 11 +-- docs/zh/latest/mtls.md| 14 ++ 4 files changed, 22 insertions(+), 28 deletions(-) diff --git a/docs/en/latest/certificate.md b/docs/en/latest/certificate.md index f5f9c8cce..4faf62ceb 100644 --- a/docs/en/latest/certificate.md +++ b/docs/en/latest/certificate.md @@ -33,10 +33,9 @@ It is most common for an SSL certificate to contain only one domain. We can crea We will use the Python script below to simplify the example: -```python +```python title="create-ssl.py" #!/usr/bin/env python # coding: utf-8 -# save this file as ssl.py import sys # sudo pip install requests import requests @@ -63,7 +62,7 @@ print(resp.text) ```shell # create SSL object -./ssl.py t.crt t.key test.com +./create-ssl.py t.crt t.key test.com # create Router object curl http://127.0.0.1:9180/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -i -d ' @@ -109,7 +108,7 @@ that means it can accept more than one domain, eg: `www.test.com` or `mail.test. Here is an example, note that the value we pass as `sni` is `*.test.com`. ```shell -./ssl.py t.crt t.key '*.test.com' +./create-ssl.py t.crt t.key '*.test.com' curl http://127.0.0.1:9180/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -i -d ' { @@ -204,7 +203,7 @@ The following table details the configurations involved in this example and what 1. Create CA bundle files -``` +```shell cat /path/to/foo_ca.crt /path/to/bar_ca.crt > apisix.ca-bundle ``` @@ -227,7 +226,7 @@ goreman -f Procfile-single-enable-mtls start > goreman.log 2>&1 & 3. Update `config.yaml` -```yaml +```yaml title="conf/config.yaml" deployment: admin: admin_key diff --git a/docs/en/latest/mtls.md b/docs/en/latest/mtls.md index 5f5a627bf..c1d6664f1 100644 --- a/docs/en/latest/mtls.md +++ b/docs/en/latest/mtls.md @@ -35,7 +35,7 @@ The clients will provide their certificates to the server and the server will ch 2. Modify configuration items in `conf/config.yaml`: -```yaml +```yaml title="conf/config.yaml" admin_listen: ip: 127.0.0.1 port: 9180 @@ -70,7 +70,7 @@ curl --cacert /data/certs/mtls_ca.crt --key /data/certs/mtls_client.key --cert / You need to build [APISIX-Base](./FAQ.md#how-do-i-build-the-apisix-base-environment) and configure `etcd.tls` section if you want APISIX to work on an etcd cluster with mTLS enabled. -```yaml +```yaml title="conf/config.yaml" deployment: role: traditional role_traditional: @@ -83,7 +83,7 @@ deployment: If APISIX does not trust the CA certificate that used by etcd server, we need to set up the CA certificate. -```yaml +```yaml title="conf/config.yaml" apisix: ssl: ssl_trusted_certificate: /path/to/certs/ca-certificates.crt # path of CA certificate used by the etcd server @@ -103,10 +103,9 @@ When configuring `ssl`, use parameter `client.ca` and `client.depth` to configur Here is an example Python script to create SSL with mTLS (id is `1`, changes admin API url if needed): -```py +```python title="create-ssl.py" #!/usr/bin/env python # coding: utf-8 -# save this file as ssl.py import sys # sudo pip install requests import requests @@ -144,7 +143,7 @@ print(resp.text) Create SSL: ```bash -./ssl.py ./server.pem ./server.key 'mtls.test.com' ./client_ca.pem 10 +./create-ssl.py ./server.pem ./server.key 'mtls.test.com' ./client_ca.pem 10 # test it curl --resolve 'mtls.test.com::' "https://:/hello" -k --cert ./client.pem --key ./client.key @@ -166,10 +165,9 @@ This feature requires APISIX to run on [APISIX-Base](./FAQ/#how-do-i-build-the-a Here is a similar Python script to patch a existed upstream with mTLS (changes admin API url if needed): -```python +```python title="patch_upstream_mtls.py" #!/usr/bin/env python # coding: utf-8 -# save this file as patch_upstream_mtls.py import sys # sudo pip install requests import requests diff --git a/docs/zh/latest/certificate.md b/docs/zh/latest/certificate.md index d1322bb65..7c2648458 100644 --- a/docs/zh/latest/certificate.md +++ b/docs/zh/latest/certificate.md @@ -35,10 +35,9 @@ SNI(Server Name Indication)是用来改善 SSL 和 TLS 的一项特性,它
[apisix] branch master updated: feat: Body transformer plugin (#8766)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new cfeadfbed feat: Body transformer plugin (#8766) cfeadfbed is described below commit cfeadfbedae1e23f0beef2a6e417446e9689c57e Author: jinhua luo AuthorDate: Fri Feb 10 10:18:21 2023 +0800 feat: Body transformer plugin (#8766) --- apisix/plugins/body-transformer.lua| 211 ++ conf/config-default.yaml | 1 + docs/en/latest/config.json | 3 +- docs/en/latest/plugins/body-transformer.md | 277 t/admin/plugins.t | 1 + t/plugin/body-transformer.t| 654 + 6 files changed, 1146 insertions(+), 1 deletion(-) diff --git a/apisix/plugins/body-transformer.lua b/apisix/plugins/body-transformer.lua new file mode 100644 index 0..9ca6b86ba --- /dev/null +++ b/apisix/plugins/body-transformer.lua @@ -0,0 +1,211 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one or more +-- contributor license agreements. See the NOTICE file distributed with +-- this work for additional information regarding copyright ownership. +-- The ASF licenses this file to You under the Apache License, Version 2.0 +-- (the "License"); you may not use this file except in compliance with +-- the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. +-- +local core = require("apisix.core") +local xml2lua = require("xml2lua") +local xmlhandler= require("xmlhandler.tree") +local template = require("resty.template") +local ngx = ngx +local decode_base64 = ngx.decode_base64 +local req_set_body_data = ngx.req.set_body_data +local str_format= string.format +local type = type +local pcall = pcall +local pairs = pairs + + +local transform_schema = { +type = "object", +properties = { +input_format = { type = "string", enum = {"xml", "json"} }, +template = { type = "string" }, +}, +required = {"template"}, +} + +local schema = { +type = "object", +properties = { +request = transform_schema, +response = transform_schema, +}, +anyOf = { +{required = {"request"}}, +{required = {"response"}}, +{required = {"request", "response"}}, +}, +} + + +local _M = { +version = 0.1, +priority = 1080, +name = "body-transformer", +schema = schema, +} + + +local function escape_xml(s) +return s:gsub("&", "") +:gsub("<", "") +:gsub(">", "") +:gsub("'", "") +:gsub('"', "") +end + + +local function escape_json(s) +return core.json.encode(s) +end + + +local function remove_namespace(tbl) +for k, v in pairs(tbl) do +if type(k) == "string" then +local newk = k:match(".*:(.*)") +if newk then +tbl[newk] = v +tbl[k] = nil +end +if type(v) == "table" then +remove_namespace(v) +end +end +end +return tbl +end + + +local decoders = { +xml = function(data) +local handler = xmlhandler:new() +local parser = xml2lua.parser(handler) +local ok, err = pcall(parser.parse, parser, data) +if ok then +return remove_namespace(handler.root) +else +return nil, err +end +end, +json = function(data) +return core.json.decode(data) +end, +} + + +function _M.check_schema(conf) +return core.schema.check(schema, conf) +end + + +local function transform(conf, body, typ, ctx) +local out = {_body = body} +if body then +local err +local format = conf[typ].input_format +if format then +out, err = decoders[format](body) +if not out then +err = str_format("%s body decode: %s", typ, err) +core.log.error(err, ", body=", body) +return nil, 400, err +end +end +end + +local text =
[apisix] branch master updated: fix: mocking plugin panic when response_example contain $ (#8810) (#8816)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new 240e730a2 fix: mocking plugin panic when response_example contain $ (#8810) (#8816) 240e730a2 is described below commit 240e730a293287ec456c90d1c4fb99c3f54e8bda Author: roketyyang AuthorDate: Fri Feb 10 09:43:40 2023 +0800 fix: mocking plugin panic when response_example contain $ (#8810) (#8816) Co-authored-by: roketyyang --- apisix/plugins/mocking.lua| 4 +- docs/en/latest/plugins/mocking.md | 2 +- docs/zh/latest/plugins/mocking.md | 2 +- t/plugin/mocking.t| 78 +++ 4 files changed, 82 insertions(+), 4 deletions(-) diff --git a/apisix/plugins/mocking.lua b/apisix/plugins/mocking.lua index 305ae522f..134647f71 100644 --- a/apisix/plugins/mocking.lua +++ b/apisix/plugins/mocking.lua @@ -191,7 +191,7 @@ function gen_by_property(property) end -function _M.access(conf) +function _M.access(conf, ctx) local response_content = "" if conf.response_example then @@ -218,7 +218,7 @@ function _M.access(conf) if conf.delay > 0 then ngx.sleep(conf.delay) end -return conf.response_status, core.utils.resolve_var(response_content) +return conf.response_status, core.utils.resolve_var(response_content, ctx.var) end return _M diff --git a/docs/en/latest/plugins/mocking.md b/docs/en/latest/plugins/mocking.md index 080f1727f..517f81fb9 100644 --- a/docs/en/latest/plugins/mocking.md +++ b/docs/en/latest/plugins/mocking.md @@ -38,7 +38,7 @@ The `mocking` Plugin is used for mocking an API. When executed, it returns rando | delay| integer | False| | Response delay in seconds. | | response_status | integer | False| 200 | HTTP status code of the response. | | content_type | string | False| application/json | Header `Content-Type` of the response. | -| response_example | string | False| | Body of the response. | +| response_example | string | False| | Body of the response, support use variables, like `$remote_addr $consumer_name`. | | response_schema | object | False| | The JSON schema object for the response. Works when `response_example` is unspecified. | | with_mock_header | boolean | False| true | When set to `true`, adds a response header `x-mock-by: APISIX/{version}`. | diff --git a/docs/zh/latest/plugins/mocking.md b/docs/zh/latest/plugins/mocking.md index ec4568837..43880b62f 100644 --- a/docs/zh/latest/plugins/mocking.md +++ b/docs/zh/latest/plugins/mocking.md @@ -38,7 +38,7 @@ description: 本文介绍了关于 Apache APISIX `mocking` 插件的基本信息 | delay | integer| 否| | 延时返回的时间,单位为秒。 | | response_status | integer| 否| 200 | 返回响应的 HTTP 状态码。 | | content_type| string | 否| application/json | 返回响应的 Header `Content-Type`。| -| response_example| string | 否| | 返回响应的 Body,与 `response_schema` 字段二选一。| +| response_example| string | 否| | 返回响应的 Body,支持使用变量,例如 `$remote_addr $consumer_name`,与 `response_schema` 字段二选一。 | | response_schema | object | 否| | 指定响应的 `jsonschema` 对象,未指定 `response_example` 字段时生效。| | with_mock_header| boolean| 否| true | 当设置为 `true` 时,将添加响应头 `x-mock-by: APISIX/{version}`。设置为 `false` 时则不添加该响应头。 | diff --git a/t/plugin/mocking.t b/t/plugin/mocking.t index 89b50025f..644ee2cf3 100644 --- a/t/plugin/mocking.t +++ b/t/plugin/mocking.t @@ -346,3 +346,81 @@ passed GET /hello --- response_headers Content-Type: application/json + + + +=== TEST 15: set route(return response example:"remote_addr:127.0.0.1") +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/routes/1', +ngx.HTTP_PUT, +[[{ + "plugins": { + "mocking": { + "delay": 1, + "content_type": "text/plain", + "response_status&q
[apisix] branch master updated: feat: file logger plugin support response body in variable (#8711)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new 0d41d3a31 feat: file logger plugin support response body in variable (#8711) 0d41d3a31 is described below commit 0d41d3a3153ef9e7b693ca1383d7449487f7c848 Author: Joanthan Chen AuthorDate: Fri Feb 10 09:39:52 2023 +0800 feat: file logger plugin support response body in variable (#8711) Co-authored-by: 罗泽轩 Fixes https://github.com/apache/apisix/issues/8705 --- apisix/core/ctx.lua | 4 ++ docs/en/latest/apisix-variable.md | 1 + docs/zh/latest/apisix-variable.md | 1 + t/plugin/file-logger2.t | 93 +++ 4 files changed, 99 insertions(+) diff --git a/apisix/core/ctx.lua b/apisix/core/ctx.lua index b0210259f..47b6bef85 100644 --- a/apisix/core/ctx.lua +++ b/apisix/core/ctx.lua @@ -209,6 +209,10 @@ do balancer_port = true, consumer_group_id = true, consumer_name = true, +resp_body = function(ctx) +-- only for logger and requires the logger to have a special configuration +return ctx.resp_body or '' +end, route_id = true, route_name = true, service_id = true, diff --git a/docs/en/latest/apisix-variable.md b/docs/en/latest/apisix-variable.md index 939545f04..314d22dbf 100644 --- a/docs/en/latest/apisix-variable.md +++ b/docs/en/latest/apisix-variable.md @@ -48,6 +48,7 @@ additional variables. | service_id | core | Id of Service. || | service_name| core | Name of Service. || | redis_cmd_line | Redis | The content of Redis command. || +| resp_body | core | In the logger plugin, if some of the plugins support logging of response body, for example by configuring `include_resp_body: true`, then this variable can be used in the log format. | | | rpc_time| xRPC | Time spent at the rpc request level. || You can also register your own [variable](./plugin-develop.md#register-custom-variable). diff --git a/docs/zh/latest/apisix-variable.md b/docs/zh/latest/apisix-variable.md index 358b327d9..d122c70d7 100644 --- a/docs/zh/latest/apisix-variable.md +++ b/docs/zh/latest/apisix-variable.md @@ -47,6 +47,7 @@ APISIX 除了支持 [NGINX 变量](http://nginx.org/en/docs/varindex.html)外, | service_id | core | APISIX 服务的 ID。 | | | service_name| core | APISIX 服务的名称。 | | | redis_cmd_line | Redis | Redis 命令的内容。 | | +| resp_body | core | 在 logger 插件中,如果部分插件支持记录响应的 body 信息,比如配置 `include_resp_body: true`,那可以在 log format 中使用该变量。| | | rpc_time| xRPC | 在 RPC 请求级别所花费的时间。 | | 当然,除上述变量外,你也可以创建自定义[变量](./plugin-develop.md#register-custom-variable)。 diff --git a/t/plugin/file-logger2.t b/t/plugin/file-logger2.t index 11d585163..90ce001c6 100644 --- a/t/plugin/file-logger2.t +++ b/t/plugin/file-logger2.t @@ -181,3 +181,96 @@ contain with target --- response_body contain target body hits with expr skip unconcern body + + + +=== TEST 5: add plugin metadata +--- config +location /t { +content_by_lua_block { +local t = require("lib.test_admin").test +local code, body = t('/apisix/admin/plugin_metadata/file-logger', +ngx.HTTP_PUT, +[[{ +"log_format": { +"host": "$host", +"client_ip": "$remote_addr", +"resp_body": "$resp_body" +} +}]] +) + +if code >= 300 then +ngx.status = code +end +ngx.say(body) +} +} +--- response_body +passed + + + +=== TEST 6: add plugin +--- config +location /t { +content_by_lua_block { +local t = require("lib.test_admin").test +local code, body = t('/apisix/admin/routes/1', + ngx.HTTP_PUT, + [[{ +"plugins": { +
[apisix] branch master updated: feat: allow each logger to define custom log format in its conf (#8806)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new e587bc4ab feat: allow each logger to define custom log format in its conf (#8806) e587bc4ab is described below commit e587bc4abb881306080b44e66b7705fa7f16be08 Author: 罗泽轩 AuthorDate: Wed Feb 8 11:37:55 2023 +0800 feat: allow each logger to define custom log format in its conf (#8806) --- apisix/plugins/clickhouse-logger.lua | 1 + apisix/plugins/elasticsearch-logger.lua| 1 + apisix/plugins/file-logger.lua | 1 + apisix/plugins/google-cloud-logging.lua| 1 + apisix/plugins/http-logger.lua | 1 + apisix/plugins/kafka-logger.lua| 1 + apisix/plugins/loggly.lua | 1 + apisix/plugins/rocketmq-logger.lua | 1 + apisix/plugins/skywalking-logger.lua | 1 + apisix/plugins/sls-logger.lua | 1 + apisix/plugins/splunk-hec-logging.lua | 1 + apisix/plugins/syslog.lua | 1 + apisix/plugins/tcp-logger.lua | 1 + apisix/plugins/tencent-cloud-cls.lua | 1 + apisix/plugins/udp-logger.lua | 1 + apisix/stream/plugins/syslog.lua | 1 + apisix/utils/log-util.lua | 7 +- docs/en/latest/plugins/clickhouse-logger.md| 1 + docs/en/latest/plugins/elasticsearch-logger.md | 1 + docs/en/latest/plugins/file-logger.md | 1 + docs/en/latest/plugins/google-cloud-logging.md | 1 + docs/en/latest/plugins/http-logger.md | 1 + docs/en/latest/plugins/kafka-logger.md | 1 + docs/en/latest/plugins/loggly.md | 1 + docs/en/latest/plugins/rocketmq-logger.md | 1 + docs/en/latest/plugins/skywalking-logger.md| 1 + docs/en/latest/plugins/sls-logger.md | 1 + docs/en/latest/plugins/splunk-hec-logging.md | 1 + docs/en/latest/plugins/syslog.md | 1 + docs/en/latest/plugins/tcp-logger.md | 1 + docs/en/latest/plugins/tencent-cloud-cls.md| 3 +- docs/en/latest/plugins/udp-logger.md | 1 + docs/zh/latest/plugins/clickhouse-logger.md| 1 + docs/zh/latest/plugins/elasticsearch-logger.md | 1 + docs/zh/latest/plugins/file-logger.md | 1 + docs/zh/latest/plugins/google-cloud-logging.md | 3 +- docs/zh/latest/plugins/http-logger.md | 1 + docs/zh/latest/plugins/kafka-logger.md | 1 + docs/zh/latest/plugins/loggly.md | 1 + docs/zh/latest/plugins/rocketmq-logger.md | 1 + docs/zh/latest/plugins/skywalking-logger.md| 1 + docs/zh/latest/plugins/sls-logger.md | 1 + docs/zh/latest/plugins/splunk-hec-logging.md | 1 + docs/zh/latest/plugins/syslog.md | 1 + docs/zh/latest/plugins/tcp-logger.md | 1 + docs/zh/latest/plugins/tencent-cloud-cls.md| 1 + docs/zh/latest/plugins/udp-logger.md | 1 + t/plugin/clickhouse-logger.t | 56 +++ t/plugin/elasticsearch-logger.t| 86 t/plugin/file-logger.t | 131 + t/plugin/google-cloud-logging2.t | 104 t/plugin/http-logger-log-format.t | 56 +++ t/plugin/kafka-logger-log-format.t | 56 +++ t/plugin/loggly.t | 70 + t/plugin/rocketmq-logger-log-format.t | 55 +++ t/plugin/skywalking-logger.t | 53 ++ t/plugin/sls-logger.t | 62 t/plugin/splunk-hec-logging.t | 74 ++ t/plugin/syslog.t | 68 + t/plugin/tcp-logger.t | 86 t/plugin/tencent-cloud-cls.t | 91 + t/plugin/udp-logger.t | 86 t/stream-plugin/syslog.t | 68 + 63 files changed, 1254 insertions(+), 5 deletions(-) diff --git a/apisix/plugins/clickhouse-logger.lua b/apisix/plugins/clickhouse-logger.lua index d56289835..2c1208f92 100644 --- a/apisix/plugins/clickhouse-logger.lua +++ b/apisix/plugins/clickhouse-logger.lua @@ -40,6 +40,7 @@ local schema = { timeout = {type = "integer", minimum = 1, default = 3}, name = {type = "string", default = "clickhouse logger"}, ssl_verify = {type = "boolean", default = true}, +log_format = {type = "object"}, }, oneOf = { {required = {"endpoint_addr", "user", "password", "dat
[apisix-docker] branch release/apisix-2.15.2 updated (486321d -> 610da04)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a change to branch release/apisix-2.15.2 in repository https://gitbox.apache.org/repos/asf/apisix-docker.git discard 486321d feat: bump APISIX to 2.15.2 omit 61cc106 fix: replace wget with curl in apisix debian image(#419) omit 66b034f feat: bump dashboard to 3.0.0 (#418) omit ef3ba15 chore: cleanup example documentation (#414) omit d5f4a6b chore: change the user for all-in-one omit 994ccc7 fix: etcdctl missing due to PATH var is not set correctly (#402) omit 378b60d feat: release APISIX 3.1.0 (#396) omit 880c245 chore: remove alpine image (#395) omit f38dd74 fix: granafa dashboard iframe policy (#357) omit e5b6bd7 feat: images with non-root user for debian (#394) omit e6cbbea fix: wrong etcd advertise in release test (#393) omit b5ce8d3 fix: wrong env usage in docker compose (#392) omit c084d08 fix: makefile build-dashboard phony missing (#390) omit 8529dcc feat: bump APISIX Dashboard to 2.15.0 (#389) omit aa29713 feat: bump APISIX Dashboard to 2.14.0 (#388) omit 8fb6768 fix: wrong etcd advertise url (#387) omit d37717f fix: dashboard image push condition (#385) omit d2ea37a feat: bump APISIX Dashboard to 2.13.1 (#384) omit 0d0c786 docs: update README (#380) add bd26754 feat: upgrade APISIX to 2.15.1 add 43cd1aa move the CI/example's configurations back to V2 add 80636fa make CI pass with V2 configuration add f6e9429 feat: bump APISIX to 2.15.2 add dad8042 fix: replace wget with curl in apisix debian image(#419) add 610da04 just let CI pass This update added new revisions after undoing existing revisions. That is to say, some revisions that were in the old version of the branch are not in the new version. This situation occurs when a user --force pushes a change and generates a repository containing something like this: * -- * -- B -- O -- O -- O (486321d) \ N -- N -- N refs/heads/release/apisix-2.15.2 (610da04) You should already have received notification emails for all of the O revisions, and so the following emails describe only the N revisions from the common base, B. Any revisions marked "omit" are not gone; other references still refer to them. Any revisions marked "discard" are gone forever. No new revisions were added by this update. Summary of changes: .github/workflows/apisix-docker-example-test.yaml | 2 +- .github/workflows/apisix_all_in_one_ci.yaml | 4 +- .github/workflows/apisix_dev_push_docker_hub.yaml | 2 +- .github/workflows/apisix_push_docker_hub.yaml | 2 +- .github/workflows/dashboard_all_in_one_ci.yaml| 6 +- .github/workflows/dashboard_push_docker_hub.yaml | 14 +-- Makefile | 54 --- README.md | 106 ++ all-in-one/apisix-dashboard/Dockerfile| 4 +- all-in-one/apisix/Dockerfile | 7 +- all-in-one/apisix/config.yaml | 12 +-- {debian-dev => alpine-dev}/Dockerfile | 57 +--- alpine/Dockerfile | 65 + alpine/README.MD | 7 ++ {centos => alpine}/hooks/build| 0 centos/Dockerfile | 2 - compose/apisix_conf/master/config.yaml| 24 +++-- compose/apisix_conf/release/config.yaml | 24 +++-- compose/dashboard-compose.yaml| 4 +- compose/docker-compose-master.yaml| 1 - compose/docker-compose-release.yaml | 1 - dashboard/Dockerfile.alpine | 4 +- dashboard/Dockerfile.centos | 4 +- debian/Dockerfile | 6 -- docs/en/latest/build.md | 8 +- docs/en/latest/example.md | 20 ++-- example/apisix_conf/config.yaml | 30 +++--- example/dashboard_conf/conf.yaml | 8 -- example/docker-compose-arm64.yml | 3 +- example/docker-compose.yml| 6 +- 30 files changed, 266 insertions(+), 221 deletions(-) copy {debian-dev => alpine-dev}/Dockerfile (59%) create mode 100644 alpine/Dockerfile create mode 100644 alpine/README.MD copy {centos => alpine}/hooks/build (100%)
[apisix] branch master updated: fix(etcd): reloaded data may be in res.body.node (#8736)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new a18573a3b fix(etcd): reloaded data may be in res.body.node (#8736) a18573a3b is described below commit a18573a3b8775f5a92ba92b948e8212affbf7057 Author: 罗泽轩 AuthorDate: Wed Feb 8 10:07:15 2023 +0800 fix(etcd): reloaded data may be in res.body.node (#8736) Fixes https://github.com/apache/apisix/issues/8682 --- apisix/core/config_etcd.lua | 6 +-- t/core/config_etcd.t| 97 + 2 files changed, 99 insertions(+), 4 deletions(-) diff --git a/apisix/core/config_etcd.lua b/apisix/core/config_etcd.lua index d671c6ed2..4946cc5c2 100644 --- a/apisix/core/config_etcd.lua +++ b/apisix/core/config_etcd.lua @@ -367,12 +367,9 @@ local function sync_data(self) return false, err end -local dir_res, headers = res.body.list or {}, res.headers +local dir_res, headers = res.body.list or res.body.node or {}, res.headers log.debug("readdir key: ", self.key, " res: ", json.delay_encode(dir_res)) -if not dir_res then -return false, err -end if self.values then for i, val in ipairs(self.values) do @@ -673,6 +670,7 @@ local function _automatic_fetch(premature, self) end -- for test +_M.test_sync_data = sync_data _M.test_automatic_fetch = _automatic_fetch function _M.inject_sync_data(f) sync_data = f diff --git a/t/core/config_etcd.t b/t/core/config_etcd.t index 825e0f225..380b82522 100644 --- a/t/core/config_etcd.t +++ b/t/core/config_etcd.t @@ -347,3 +347,100 @@ GET /t reconnected to etcd --- response_body passed + + + +=== TEST 11: reloaded data may be in res.body.node (special kvs structure) +--- yaml_config +deployment: +role: traditional +role_traditional: +config_provider: etcd +admin: +admin_key: null +--- config +location /t { +content_by_lua_block { +local config_etcd = require("apisix.core.config_etcd") +local etcd_cli = {} +function etcd_cli.readdir() +return { +status = 200, +headers = {}, +body = { +header = {revision = 1}, +kvs = {{key = "foo", value = "bar"}}, +} +} +end +config_etcd.test_sync_data({ +etcd_cli = etcd_cli, +key = "fake", +single_item = true, +-- need_reload because something wrong happened before +need_reload = true, +upgrade_version = function() end, +conf_version = 1, +}) +} +} +--- request +GET /t +--- log_level: debug +--- grep_error_log eval +qr/readdir key: fake res: .+/ +--- grep_error_log_out eval +qr/readdir key: fake res: \{("value":"bar","key":"foo"|"key":"foo","value":"bar")\}/ +--- wait: 1 +--- no_error_log +[error] + + + +=== TEST 12: reloaded data may be in res.body.node (admin_api_version is v2) +--- yaml_config +deployment: +role: traditional +role_traditional: +config_provider: etcd +admin: +admin_key: null +admin_api_version: v2 +--- config +location /t { +content_by_lua_block { +local config_etcd = require("apisix.core.config_etcd") +local etcd_cli = {} +function etcd_cli.readdir() +return { +status = 200, +headers = {}, +body = { +header = {revision = 1}, +kvs = { +{key = "/foo"}, +{key = "/foo/bar", value = {"bar"}} +}, +} +} +end +config_etcd.test_sync_data({ +etcd_cli = etcd_cli, +key = "fake", +-- need_reload because something wrong happened before +need_reload = true, +upgrade_version = function() end, +conf_version = 1, +}) +} +} +--- request +GET /t +--- log_level: debug +--- grep_error_log eval +qr/readdir key: fake res: .+/ +--- grep_error_log_out eval +qr/readdir key: fake res: \{.*"nodes":\[\{.*"value":\["bar"\].*\}\].*\}/ +--- wait: 1 +--- no_error_log +[error]
[apisix] branch master updated: fix: fix fetch all service info from consul (#8651)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new bbff579e9 fix: fix fetch all service info from consul (#8651) bbff579e9 is described below commit bbff579e9af19e569fc229f3b61664aa0a1d1c93 Author: fabriceli AuthorDate: Wed Feb 8 09:55:20 2023 +0800 fix: fix fetch all service info from consul (#8651) Co-authored-by: Fabriceli --- apisix/discovery/consul/init.lua | 159 +++-- conf/config-default.yaml | 7 +- docs/en/latest/discovery/consul.md | 4 +- t/discovery/consul_dump.t | 2 +- 4 files changed, 89 insertions(+), 83 deletions(-) diff --git a/apisix/discovery/consul/init.lua b/apisix/discovery/consul/init.lua index dd8275e7d..686ab4120 100644 --- a/apisix/discovery/consul/init.lua +++ b/apisix/discovery/consul/init.lua @@ -43,16 +43,18 @@ local events local events_list local consul_services +local default_skip_services = {"consul"} + local _M = { -version = 0.1, +version = 0.2, } local function discovery_consul_callback(data, event, source, pid) all_services = data log.notice("update local variable all_services, event is: ", event, -"source: ", source, "server pid:", pid, -", all services: ", json_delay_encode(all_services, true)) +"source: ", source, "server pid:", pid, +", all services: ", json_delay_encode(all_services, true)) end @@ -75,44 +77,15 @@ function _M.nodes(service_name) end log.info("process id: ", ngx_worker_id(), ", all_services[", service_name, "] = ", -json_delay_encode(resp_list, true)) +json_delay_encode(resp_list, true)) return resp_list end -local function parse_instance(node) -local service_name, host, port = node.Service, node.Address, node.Port --- if exist, skip special service name -if service_name and skip_service_map[service_name] then -return false -end --- "" means metadata of the service -return true, host, tonumber(port), "", service_name -end - - -local function update_all_services(server_name_prefix, data) -local up_services = core.table.new(0, #data) -local weight = default_weight -for _, node in pairs(data) do -local succ, ip, port, metadata, server_name = parse_instance(node) -if succ then -local nodes = up_services[server_name] -if not nodes then -nodes = core.table.new(1, 0) -up_services[server_name] = nodes -end -core.table.insert(nodes, { -host = ip, -port = port, -weight = metadata and metadata.weight or weight, -}) -end -end - +local function update_all_services(consul_server_url, up_services) -- clean old unused data -local old_services = consul_services[server_name_prefix] or {} +local old_services = consul_services[consul_server_url] or {} for k, _ in pairs(old_services) do all_services[k] = nil end @@ -121,7 +94,7 @@ local function update_all_services(server_name_prefix, data) for k, v in pairs(up_services) do all_services[k] = v end -consul_services[server_name_prefix] = up_services +consul_services[consul_server_url] = up_services log.info("update all services: ", json_delay_encode(all_services, true)) end @@ -154,7 +127,7 @@ local function read_dump_services() local now_time = ngx.time() log.info("dump file last_update: ", entity.last_update, ", dump_params.expire: ", -dump_params.expire, ", now_time: ", now_time) +dump_params.expire, ", now_time: ", now_time) if dump_params.expire ~= 0 and (entity.last_update + dump_params.expire) < now_time then log.warn("dump file: ", dump_params.path, " had expired, ignored it") return @@ -223,9 +196,9 @@ function _M.connect(premature, consul_server, retry_delay) and watch_result.status) if watch_error_info then log.error("connect consul: ", consul_server.consul_server_url, -" by sub url: ", consul_server.consul_watch_sub_url, -", got watch result: ", json_delay_encode(watch_result, true), - ", with error: ", watch_error_info) +" by sub url: ", consul_server.consul_watch_sub_url, +", got watch result: ", json_delay_encode(watch_result, true), +", with error: ", watch_error_info) retr
[apisix-docker] branch release/apisix-2.15.2 created (now 486321d)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a change to branch release/apisix-2.15.2 in repository https://gitbox.apache.org/repos/asf/apisix-docker.git at 486321d feat: bump APISIX to 2.15.2 No new revisions were added by this update.
[apisix] branch master updated: feat: stream subsystem support consul service discovery (#8696)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new d019da018 feat: stream subsystem support consul service discovery (#8696) d019da018 is described below commit d019da018ca8c06bf80e363a0512a30808da1b8e Author: Ashing Zheng AuthorDate: Mon Feb 6 10:00:53 2023 +0800 feat: stream subsystem support consul service discovery (#8696) Fixes https://github.com/apache/apisix/issues/7779 --- docs/en/latest/discovery/consul.md | 21 +++ t/discovery/stream/consul.t| 278 + 2 files changed, 299 insertions(+) diff --git a/docs/en/latest/discovery/consul.md b/docs/en/latest/discovery/consul.md index 17e13b001..2db7af144 100644 --- a/docs/en/latest/discovery/consul.md +++ b/docs/en/latest/discovery/consul.md @@ -148,6 +148,8 @@ To avoid confusion, use the full consul key url path as service name in practice ### Upstream setting + L7 + Here is an example of routing a request with a URL of "/*" to a service which named "service_a" and use consul discovery client in the registry : ```shell @@ -188,6 +190,25 @@ The format response as below: You could find more usage in the `apisix/t/discovery/consul.t` file. + L4 + +Consul service discovery also supports use in L4, the configuration method is similar to L7. + +```shell +$ curl http://127.0.0.1:9180/apisix/admin/stream_routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -i -d ' +{ +"remote_addr": "127.0.0.1", +"upstream": { + "scheme": "tcp", + "service_name": "service_a", + "type": "roundrobin", + "discovery_type": "consul" +} +}' +``` + +You could find more usage in the `apisix/t/discovery/stream/consul.t` file. + ## Debugging API It also offers control api for debugging. diff --git a/t/discovery/stream/consul.t b/t/discovery/stream/consul.t new file mode 100644 index 0..b50fae184 --- /dev/null +++ b/t/discovery/stream/consul.t @@ -0,0 +1,278 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +use t::APISIX 'no_plan'; + +repeat_each(1); +log_level('info'); +no_root_location(); +no_shuffle(); + + +add_block_preprocessor(sub { +my ($block) = @_; + +my $http_config = $block->http_config // <<_EOC_; + +server { +listen 20999; + +location / { +content_by_lua_block { +ngx.say("missing consul services") +} +} +} + +server { +listen 30511; + +location /hello { +content_by_lua_block { +ngx.say("server 1") +} +} +} +server { +listen 30512; + +location /hello { +content_by_lua_block { +ngx.say("server 2") +} +} +} +server { +listen 30513; + +location /hello { +content_by_lua_block { +ngx.say("server 3") +} +} +} +server { +listen 30514; + +location /hello { +content_by_lua_block { +ngx.say("server 4") +} +} +} +_EOC_ + +$block->set_value("http_config", $http_config); + +if (!$block->stream_request) { +$block->set_value("stream_request", "GET /hello HTTP/1.1\r\nHost: 127.0.0.1:1985\r\nConnection: close\r\n\r\n"); +} +}); + +our $yaml_config = <<_EOC_; +apisix: + node_listen: 1984 + enable_control: true + control: +ip: 127.0.0.1 +port: 9090 +deployment: + role: data_plane + role_data_plane: +config_provider: yaml +discovery: + consul: +servers: + - "http://127.0.0.1:8500; + - "http://127.0.0.1:8600; +skip_services: + - "service_c" +timeout: + connect: 1000 + read: 1000 + wait: 60 +wei
[apisix] branch master updated: chore(kafka-logger): support configuration `meta_refresh_interval` parameter (#8762)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new 1a66fc52b chore(kafka-logger): support configuration `meta_refresh_interval` parameter (#8762) 1a66fc52b is described below commit 1a66fc52b3a9051feb0d30f885a6f05be56bd632 Author: JunXu Chen AuthorDate: Mon Feb 6 10:00:23 2023 +0800 chore(kafka-logger): support configuration `meta_refresh_interval` parameter (#8762) Fixes https://github.com/apache/apisix/issues/6033 --- apisix/plugins/kafka-logger.lua| 2 ++ docs/en/latest/plugins/kafka-logger.md | 1 + docs/zh/latest/plugins/kafka-logger.md | 1 + t/plugin/kafka-logger2.t | 58 ++ 4 files changed, 62 insertions(+) diff --git a/apisix/plugins/kafka-logger.lua b/apisix/plugins/kafka-logger.lua index 0b22d92e5..a4bfcda1b 100644 --- a/apisix/plugins/kafka-logger.lua +++ b/apisix/plugins/kafka-logger.lua @@ -122,6 +122,7 @@ local schema = { producer_batch_size = {type = "integer", minimum = 0, default = 1048576}, producer_max_buffering = {type = "integer", minimum = 1, default = 5}, producer_time_linger = {type = "integer", minimum = 1, default = 1}, +meta_refresh_interval = {type = "integer", minimum = 1, default = 30}, }, oneOf = { { required = {"broker_list", "kafka_topic"},}, @@ -246,6 +247,7 @@ function _M.log(conf, ctx) broker_config["batch_size"] = conf.producer_batch_size broker_config["max_buffering"] = conf.producer_max_buffering broker_config["flush_time"] = conf.producer_time_linger * 1000 +broker_config["refresh_interval"] = conf.meta_refresh_interval * 1000 local prod, err = core.lrucache.plugin_ctx(lrucache, ctx, nil, create_producer, broker_list, broker_config, conf.cluster_name) diff --git a/docs/en/latest/plugins/kafka-logger.md b/docs/en/latest/plugins/kafka-logger.md index 2f49108a7..24ec21de5 100644 --- a/docs/en/latest/plugins/kafka-logger.md +++ b/docs/en/latest/plugins/kafka-logger.md @@ -61,6 +61,7 @@ It might take some time to receive the log data. It will be automatically sent a | producer_batch_size| integer | optional| 1048576| [0,...] | `batch_size` parameter in [lua-resty-kafka](https://github.com/doujiang24/lua-resty-kafka) in bytes. [...] | producer_max_buffering | integer | optional| 5 | [1,...] | `max_buffering` parameter in [lua-resty-kafka](https://github.com/doujiang24/lua-resty-kafka) representing maximum buffer size. Unit is message count. [...] | producer_time_linger | integer | optional| 1 | [1,...] | `flush_time` parameter in [lua-resty-kafka](https://github.com/doujiang24/lua-resty-kafka) in seconds. [...] +| meta_refresh_interval | integer | optional| 30 | [1,...] | `refresh_interval` parameter in [lua-resty-kafka](https://github.com/doujiang24/lua-resty-kafka) specifies the time to auto refresh the metadata, in seconds. [...] This Plugin supports using batch processors to aggregate and process entries (logs/data) in a batch. This avoids the need for frequently submitting the data. The batch processor submits data every `5` seconds or when the data in the queue reaches `1000`. See [Batch Processor](../batch-processor.md#configuration) for more information or setting your custom configuration. diff --git a/docs/zh/latest/plugins/kafka-logger.md b/docs/zh/latest/plugins/kafka-logger.md index 5a6fd987b..ea68923d7 100644 ---
[apisix] tag 2.15.2 created (now a9ac45e34)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a change to tag 2.15.2 in repository https://gitbox.apache.org/repos/asf/apisix.git at a9ac45e34 (commit) No new revisions were added by this update.
[apisix] branch master updated: feat: ready to release 2.15.2 (#8783)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new 403e4c51d feat: ready to release 2.15.2 (#8783) 403e4c51d is described below commit 403e4c51d605f7ea88f2481bc505ba9c9942c347 Author: 罗泽轩 AuthorDate: Fri Feb 3 19:31:23 2023 +0800 feat: ready to release 2.15.2 (#8783) --- CHANGELOG.md | 7 +++ docs/zh/latest/CHANGELOG.md | 5 ++ rockspec/apisix-2.15.2-0.rockspec | 102 ++ 3 files changed, 114 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0d9ff9cf6..e51dfd178 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -26,6 +26,7 @@ title: Changelog - [3.1.0](#310) - [3.0.0](#300) - [3.0.0-beta](#300-beta) +- [2.15.2](#2152) - [2.15.1](#2151) - [2.15.0](#2150) - [2.14.1](#2141) @@ -295,6 +296,12 @@ Returns multiple configurations: - avoid error when multiple plugins associated with consumer and have rewrite phase: [#7531](https://github.com/apache/apisix/pull/7531) - upgrade lua-resty-etcd to 1.8.3 which fixes various issues: [#7565](https://github.com/apache/apisix/pull/7565) +## 2.15.2 + +**This is an LTS maintenance release and you can see the CHANGELOG in `release/2.15` branch.** + +[https://github.com/apache/apisix/blob/release/2.15/CHANGELOG.md#2152](https://github.com/apache/apisix/blob/release/2.15/CHANGELOG.md#2152) + ## 2.15.1 **This is an LTS maintenance release and you can see the CHANGELOG in `release/2.15` branch.** diff --git a/docs/zh/latest/CHANGELOG.md b/docs/zh/latest/CHANGELOG.md index 2e685cb5e..67cf8c6c8 100644 --- a/docs/zh/latest/CHANGELOG.md +++ b/docs/zh/latest/CHANGELOG.md @@ -26,6 +26,7 @@ title: CHANGELOG - [3.1.0](#310) - [3.0.0](#300) - [3.0.0-beta](#300-beta) +- [2.15.2](#2152) - [2.15.1](#2151) - [2.15.0](#2150) - [2.14.1](#2141) @@ -293,6 +294,10 @@ title: CHANGELOG - 当 consumer 上绑定了多个插件且该插件定义了 rewrite 方法时,避免抛出异常 [#7531](https://github.com/apache/apisix/pull/7531) - 升级 lua-resty-etcd 到 1.8.3。该版本修复了若干问题。 [#7565](https://github.com/apache/apisix/pull/7565) +## 2.15.2 + +**这是一个 LTS 维护版本,您可以在 `release/2.15` 分支中看到 CHANGELOG。** + ## 2.15.1 **这是一个 LTS 维护版本,您可以在 `release/2.15` 分支中看到 CHANGELOG。** diff --git a/rockspec/apisix-2.15.2-0.rockspec b/rockspec/apisix-2.15.2-0.rockspec new file mode 100644 index 0..fd7ed693f --- /dev/null +++ b/rockspec/apisix-2.15.2-0.rockspec @@ -0,0 +1,102 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one or more +-- contributor license agreements. See the NOTICE file distributed with +-- this work for additional information regarding copyright ownership. +-- The ASF licenses this file to You under the Apache License, Version 2.0 +-- (the "License"); you may not use this file except in compliance with +-- the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. +-- + +package = "apisix" +version = "2.15.2-0" +supported_platforms = {"linux", "macosx"} + +source = { +url = "git://github.com/apache/apisix", +branch = "2.15.2", +} + +description = { +summary = "Apache APISIX is a cloud-native microservices API gateway, delivering the ultimate performance, security, open source and scalable platform for all your APIs and microservices.", +homepage = "https://github.com/apache/apisix;, +license = "Apache License 2.0", +} + +dependencies = { +"lua-resty-ctxdump = 0.1-0", +"lua-resty-dns-client = 6.0.2", +"lua-resty-template = 2.0", +"lua-resty-etcd = 1.8.3", +"api7-lua-resty-http = 0.2.0", +"lua-resty-balancer = 0.04", +"lua-resty-ngxvar = 0.5.2", +"lua-resty-jit-uuid = 0.0.7", +"lua-resty-healthcheck-api7 = 2.2.1", +"api7-lua-resty-jwt = 0.2.4", +"lua-resty-hmac-ffi = 0.05", +"lua-resty-cookie = 0.1.0", +"lua-resty-session = 3.10", +"opentracing-openresty = 0.1", +"lua-resty-radixtree = 2.8.2", +"lua-protobuf = 0.3.4", +"lua-resty-openidc = 1.7.5", +"luafilesystem = 1.7.0-2", +"api7-lua-tinyyaml = 0.4.2", +"nginx-lua-prometheus = 0.20220527", +"jsonschema = 0.9.8", +"lua-resty-ipmatcher = 0.6.1", +&qu
[apisix] branch master updated: feat(elasticsearch-logger): support multi elasticsearch endpoints (#8604)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new 0e2b9256e feat(elasticsearch-logger): support multi elasticsearch endpoints (#8604) 0e2b9256e is described below commit 0e2b9256ee008d6b04a6a61d29cfa61556d51338 Author: xiaoxuanzi AuthorDate: Wed Feb 1 10:01:40 2023 +0800 feat(elasticsearch-logger): support multi elasticsearch endpoints (#8604) --- apisix/plugins/elasticsearch-logger.lua| 23 - docs/en/latest/plugins/elasticsearch-logger.md | 3 +- docs/zh/latest/plugins/elasticsearch-logger.md | 3 +- t/plugin/elasticsearch-logger.t| 71 +- 4 files changed, 94 insertions(+), 6 deletions(-) diff --git a/apisix/plugins/elasticsearch-logger.lua b/apisix/plugins/elasticsearch-logger.lua index e797efdb0..9e416d32c 100644 --- a/apisix/plugins/elasticsearch-logger.lua +++ b/apisix/plugins/elasticsearch-logger.lua @@ -22,6 +22,7 @@ local bp_manager_mod = require("apisix.utils.batch-processor-manager") local ngx = ngx local str_format = core.string.format +local math_random = math.random local plugin_name = "elasticsearch-logger" local batch_processor_manager = bp_manager_mod.new(plugin_name) @@ -30,10 +31,19 @@ local batch_processor_manager = bp_manager_mod.new(plugin_name) local schema = { type = "object", properties = { +-- deprecated, use "endpoint_addrs" instead endpoint_addr = { type = "string", pattern = "[^/]$", }, +endpoint_addrs = { +type = "array", +minItems = 1, +items = { +type = "string", +pattern = "[^/]$", +}, +}, field = { type = "object", properties = { @@ -67,7 +77,10 @@ local schema = { } }, encrypt_fields = {"auth.password"}, -required = { "endpoint_addr", "field" }, +oneOf = { +{required = {"endpoint_addr", "field"}}, +{required = {"endpoint_addrs", "field"}} +}, } @@ -114,7 +127,13 @@ local function send_to_elasticsearch(conf, entries) return false, str_format("create http error: %s", err) end -local uri = conf.endpoint_addr .. "/_bulk" +local selected_endpoint_addr +if conf.endpoint_addr then +selected_endpoint_addr = conf.endpoint_addr +else +selected_endpoint_addr = conf.endpoint_addrs[math_random(#conf.endpoint_addrs)] +end +local uri = selected_endpoint_addr .. "/_bulk" local body = core.table.concat(entries, "") local headers = {["Content-Type"] = "application/x-ndjson"} if conf.auth then diff --git a/docs/en/latest/plugins/elasticsearch-logger.md b/docs/en/latest/plugins/elasticsearch-logger.md index 739641d57..b9e239dc9 100644 --- a/docs/en/latest/plugins/elasticsearch-logger.md +++ b/docs/en/latest/plugins/elasticsearch-logger.md @@ -37,7 +37,8 @@ When the Plugin is enabled, APISIX will serialize the request context informatio | Name | Type| Required | Default | Description | | - | --- | | --- | | -| endpoint_addr | string | True | | Elasticsearch API.| +| endpoint_addr | string | Deprecated | | Deprecated. Use `endpoint_addrs` instead. Elasticsearch API. | +| endpoint_addrs | array | True | | Elasticsearch API. If multiple endpoints are configured, they will be written randomly.| | field | array | True | | Elasticsearch `field` configuration. | | field.index | string | True | | Elasticsearch [_index field](https://www.elastic.co/guide/en/elasticsearch/reference/current/mapping-index-field.html#mapping-index-field). | | field.type| string | False| Elasticsearch default value | Elasticsearch [_type field](https://www.elastic.co/guide/en/elasticsearch/reference/7.17/mapping-type-field.html#mapping-type-field). | diff --git a/docs/zh/latest/plugins/elasticsearch-logger.md b/docs/zh/latest/plugins/elasticsearch-logger.md index 4b25d3077..0b47001ed 100644 --- a/docs/zh/
[apisix] branch release/2.15 updated: feat: release 2.15.2 (#8754)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch release/2.15 in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/release/2.15 by this push: new a9ac45e34 feat: release 2.15.2 (#8754) a9ac45e34 is described below commit a9ac45e34b4f0153bc309e9064683969aee1a0a4 Author: 罗泽轩 AuthorDate: Wed Feb 1 10:01:18 2023 +0800 feat: release 2.15.2 (#8754) --- CHANGELOG.md | 14 ++ apisix/core/version.lua | 2 +- docs/en/latest/building-apisix.md | 2 +- docs/en/latest/config.json| 2 +- docs/zh/latest/CHANGELOG.md | 14 ++ docs/zh/latest/building-apisix.md | 2 +- docs/zh/latest/config.json| 2 +- rockspec/apisix-2.15.2-0.rockspec | 102 ++ 8 files changed, 135 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 452606aed..c2ec28273 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -23,6 +23,7 @@ title: Changelog ## Table of Contents +- [2.15.2](#2152) - [2.15.1](#2151) - [2.15.0](#2150) - [2.14.1](#2141) @@ -61,6 +62,19 @@ title: Changelog - [0.7.0](#070) - [0.6.0](#060) +## 2.15.2 + +### Bugfix + +- File-logger should avoid buffer-caused log truncation when writing logs: [#7884](https://github.com/apache/apisix/pull/7884) +- Fix the problem that x-forwarded-host cannot be modified in proxy-rewrite plugin: [#8200](https://github.com/apache/apisix/pull/8200) +- Fix the problem that userinfo is not set when use_jwks is true in the openid-connect plugin: [#8347](https://github.com/apache/apisix/pull/8347) +- Fix a problem that 502 occurs when http and grpc share the same upstream node due to connection pool reuse: [#8364](https://github.com/apache/apisix/pull/8364) +- Fix the problem that the plugin configured under service object cannot take effect in time under some circumstances: [#8482](https://github.com/apache/apisix/pull/8482) +- When hotloading plugins, redundant timers may be left behind if the request-id plugin initializes the snowflake generator incorrectly: [#8556](https://github.com/apache/apisix/pull/8556) +- Close previous proto synchronizer for grpc-transcode when hotloading plugins: [#8557](https://github.com/apache/apisix/pull/8557) +- Fix plugin disable feature not working in 2.15.1: [#8609](https://github.com/apache/apisix/pull/8609) + ## 2.15.1 ### Bugfix diff --git a/apisix/core/version.lua b/apisix/core/version.lua index f225b3c69..241eb5e7b 100644 --- a/apisix/core/version.lua +++ b/apisix/core/version.lua @@ -20,5 +20,5 @@ -- @module core.version return { -VERSION = "2.15.1" +VERSION = "2.15.2" } diff --git a/docs/en/latest/building-apisix.md b/docs/en/latest/building-apisix.md index bbdbeb4f2..d33cece2e 100644 --- a/docs/en/latest/building-apisix.md +++ b/docs/en/latest/building-apisix.md @@ -52,7 +52,7 @@ curl https://raw.githubusercontent.com/apache/apisix/master/utils/install-depend Then, create a directory and set the environment variable `APISIX_VERSION`: ```shell -APISIX_VERSION='2.15.1' +APISIX_VERSION='2.15.2' mkdir apisix-${APISIX_VERSION} ``` diff --git a/docs/en/latest/config.json b/docs/en/latest/config.json index cec39c1b0..609e2c496 100644 --- a/docs/en/latest/config.json +++ b/docs/en/latest/config.json @@ -1,5 +1,5 @@ { - "version": "2.15.1", + "version": "2.15.2", "sidebar": [ { "type": "category", diff --git a/docs/zh/latest/CHANGELOG.md b/docs/zh/latest/CHANGELOG.md index 520dbab8f..5dfd33e25 100644 --- a/docs/zh/latest/CHANGELOG.md +++ b/docs/zh/latest/CHANGELOG.md @@ -23,6 +23,7 @@ title: CHANGELOG ## Table of Contents +- [2.15.2](#2152) - [2.15.1](#2151) - [2.15.0](#2150) - [2.14.1](#2141) @@ -61,6 +62,19 @@ title: CHANGELOG - [0.7.0](#070) - [0.6.0](#060) +## 2.15.2 + +### Bugfix + +- file-logger 在写日志时,应避免缓冲区造成的日志截断:[#7884](https://github.com/apache/apisix/pull/7884) +- 修复无法在 proxy-rewrite 插件中修改 x-forwarded-host 的问题:[#8200](https://github.com/apache/apisix/pull/8200) +- 修复 openid-connect 插件中当 use_jwks 为 true 时没有设置 userinfo 的问题:[#8347](https://github.com/apache/apisix/pull/8347) +- 修复因连接池复用,http 和 grpc 共用同一个上游节点时偶发 502 的问题:[#8364](https://github.com/apache/apisix/pull/8364) +- 修复某些情况下,配置在 service 对象下的插件无法及时生效的问题:[#8482](https://github.com/apache/apisix/pull/8482) +- 插件热加载时,如果 request-id 插件中初始化 snowflake 生成器出错,可能遗留多余的计时器:[#8556](https://github.com/apache/apisix/pull/8556) +- 插件热加载时,关闭 grpc-transcode 的 proto 同步器:[#8557](https://github.com/apache/apisix/pull/8557) +- 修复 2.15.1 中插件禁用功能无法使用的问题:[#8609](https://github.com/apache/apisix/pull/8609) + ## 2.15.1 ### Bugfix diff --git a/docs/zh/latest/building-apisix.md b/docs/zh/latest/building-apisix.md index 809c43767..b07933b0d 100644 --- a/docs/zh/latest/building-apisix.md +++ b/docs/zh/
[apisix] branch master updated: chore: use operator # instead of string.len (#8751)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new 9e63f69cf chore: use operator # instead of string.len (#8751) 9e63f69cf is described below commit 9e63f69cf66f67553ca5febba5aab51f6a29699f Author: Ashing Zheng AuthorDate: Wed Feb 1 09:30:37 2023 +0800 chore: use operator # instead of string.len (#8751) --- t/lib/server.lua | 2 +- t/plugin/sls-logger.t | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/t/lib/server.lua b/t/lib/server.lua index 603ca2ae6..542c6eaef 100644 --- a/t/lib/server.lua +++ b/t/lib/server.lua @@ -532,7 +532,7 @@ function _M.google_logging_entries() return end -token = string.sub(token, string.len(args_token_type) + 2) +token = string.sub(token, #args_token_type + 2) local verify = jwt:verify(rsa_public_key, token) if not verify.verified then ngx.status = 401 diff --git a/t/plugin/sls-logger.t b/t/plugin/sls-logger.t index c1bce8107..fa3e9c43c 100644 --- a/t/plugin/sls-logger.t +++ b/t/plugin/sls-logger.t @@ -167,7 +167,7 @@ hello world local first_idx = string.find(log_entry, " ") + 1 local last_idx2 = string.find(log_entry, " ", first_idx) local rfc3339_date = string.sub(log_entry, first_idx, last_idx2) -local rfc3339_len = string.len(rfc3339_date) +local rfc3339_len = #rfc3339_date local rfc3339_millisecond = string.sub(rfc3339_date, rfc3339_len - 4, rfc3339_len - 2) return tonumber(rfc3339_millisecond) end
[apisix] branch release/2.15 updated (d057ef55d -> 7f2e443fc)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a change to branch release/2.15 in repository https://gitbox.apache.org/repos/asf/apisix.git from d057ef55d fix broken tests add 7f2e443fc chore: upgrade `casbin` to `1.41.5` (#8744) No new revisions were added by this update. Summary of changes: rockspec/apisix-master-0.rockspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
[apisix] branch master updated: chore: hi 2023 (#8748)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new acee3a877 chore: hi 2023 (#8748) acee3a877 is described below commit acee3a87736eb13eee65b3bed236e9a7c18d12fe Author: 罗泽轩 AuthorDate: Tue Jan 31 14:13:19 2023 +0800 chore: hi 2023 (#8748) --- NOTICE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/NOTICE b/NOTICE index 13e98eb20..c663509f2 100644 --- a/NOTICE +++ b/NOTICE @@ -1,5 +1,5 @@ Apache APISIX -Copyright 2019-2022 The Apache Software Foundation +Copyright 2019-2023 The Apache Software Foundation This product includes software developed at The Apache Software Foundation (http://www.apache.org/).
[apisix] branch master updated: refactor(admin): stream_routes/upstreams/protos/services/global_rules/consumer_groups/plugin_configs (#8661)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new 22be6d08c refactor(admin): stream_routes/upstreams/protos/services/global_rules/consumer_groups/plugin_configs (#8661) 22be6d08c is described below commit 22be6d08cef7de16c3f8a303e75c1872378c3dee Author: dongjunduo AuthorDate: Mon Jan 30 19:30:17 2023 -0600 refactor(admin): stream_routes/upstreams/protos/services/global_rules/consumer_groups/plugin_configs (#8661) Fixes https://github.com/apache/apisix/issues/8569 --- apisix/admin/consumer_group.lua | 155 +++ apisix/admin/global_rules.lua | 155 +++ apisix/admin/init.lua | 12 ++- apisix/admin/plugin_config.lua | 155 +++ apisix/admin/proto.lua | 114 -- apisix/admin/resource.lua | 57 - apisix/admin/routes.lua | 2 +- apisix/admin/services.lua | 177 +++- apisix/admin/stream_routes.lua | 119 +++ apisix/admin/upstreams.lua | 175 +++ 10 files changed, 150 insertions(+), 971 deletions(-) diff --git a/apisix/admin/consumer_group.lua b/apisix/admin/consumer_group.lua index 6e1e41df4..9aed58f06 100644 --- a/apisix/admin/consumer_group.lua +++ b/apisix/admin/consumer_group.lua @@ -16,40 +16,15 @@ -- local core = require("apisix.core") local consumers = require("apisix.consumer").consumers -local utils = require("apisix.admin.utils") +local resource = require("apisix.admin.resource") local schema_plugin = require("apisix.admin.plugins").check_schema local type = type local tostring = tostring local ipairs = ipairs -local _M = { -need_v3_filter = true, -} - - -local function check_conf(id, conf, need_id) -if not conf then -return nil, {error_msg = "missing configurations"} -end - -id = id or conf.id -if need_id and not id then -return nil, {error_msg = "missing id"} -end - -if not need_id and id then -return nil, {error_msg = "wrong id, do not need it"} -end - -if need_id and conf.id and tostring(conf.id) ~= tostring(id) then -return nil, {error_msg = "wrong id"} -end - -conf.id = id - -core.log.info("conf: ", core.json.delay_encode(conf)) -local ok, err = core.schema.check(core.schema.consumer_group, conf) +local function check_conf(id, conf, need_id, schema) +local ok, err = core.schema.check(schema, conf) if not ok then return nil, {error_msg = "invalid configuration: " .. err} end @@ -63,50 +38,7 @@ local function check_conf(id, conf, need_id) end -function _M.put(id, conf) -local ok, err = check_conf(id, conf, true) -if not ok then -return 400, err -end - -local key = "/consumer_groups/" .. id - -local ok, err = utils.inject_conf_with_prev_conf("consumer_group", key, conf) -if not ok then -return 503, {error_msg = err} -end - -local res, err = core.etcd.set(key, conf) -if not res then -core.log.error("failed to put consumer group[", key, "]: ", err) -return 503, {error_msg = err} -end - -return res.status, res.body -end - - -function _M.get(id) -local key = "/consumer_groups" -if id then -key = key .. "/" .. id -end -local res, err = core.etcd.get(key, not id) -if not res then -core.log.error("failed to get consumer group[", key, "]: ", err) -return 503, {error_msg = err} -end - -utils.fix_count(res.body, id) -return res.status, res.body -end - - -function _M.delete(id) -if not id then -return 400, {error_msg = "missing consumer group id"} -end - +local function delete_checker(id) local consumers, consumers_ver = consumers() if consumers_ver and consumers then for _, consumer in ipairs(consumers) do @@ -120,76 +52,15 @@ function _M.delete(id) end end -local key = "/consumer_groups/" .. id -local res, err = core.etcd.delete(key) -if not res then -core.log.error("failed to delete consumer group[", key, "]: ", err) -return 503, {error_msg = err} -end - - -return res.status, res.body -end - - -function _M.patch(id, conf, sub_path) -if not id then -return 400, {error_msg = "missing consumer group id"} -end - -if not conf then -return 400, {error_msg = "missing new configuration"} -end - -if
[apisix] branch master updated (5a3a8080c -> a5dc4c336)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git from 5a3a8080c chore: upgrade `casbin` to `1.41.5` (#8744) add a5dc4c336 feat: support send error-log to kafka brokers (#8693) No new revisions were added by this update. Summary of changes: apisix/plugins/error-log-logger.lua| 115 - docs/en/latest/plugins/error-log-logger.md | 36 +- docs/zh/latest/plugins/error-log-logger.md | 38 +- ...ogger-skywalking.t => error-log-logger-kafka.t} | 142 ++--- 4 files changed, 253 insertions(+), 78 deletions(-) copy t/plugin/{error-log-logger-skywalking.t => error-log-logger-kafka.t} (56%)
[apisix] branch master updated: chore: upgrade `casbin` to `1.41.5` (#8744)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new 5a3a8080c chore: upgrade `casbin` to `1.41.5` (#8744) 5a3a8080c is described below commit 5a3a8080c4f8e51a7197fe6249fe18c8ecdec79f Author: leslie AuthorDate: Tue Jan 31 09:14:36 2023 +0800 chore: upgrade `casbin` to `1.41.5` (#8744) --- rockspec/apisix-master-0.rockspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rockspec/apisix-master-0.rockspec b/rockspec/apisix-master-0.rockspec index 737741728..eac63bbd6 100644 --- a/rockspec/apisix-master-0.rockspec +++ b/rockspec/apisix-master-0.rockspec @@ -68,7 +68,7 @@ dependencies = { "lua-resty-consul = 0.3-2", "penlight = 1.9.2-1", "ext-plugin-proto = 0.6.0", -"casbin = 1.41.3", +"casbin = 1.41.5", "api7-snowflake = 2.0-1", "inspect == 3.1.1", "lualdap = 1.2.6-1",
[apisix] branch master updated (c8d5afb5b -> 736c8f28e)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git from c8d5afb5b change(jwt-auth): unify apisix/core/vault.lua and apisix/secret/vault.lua (#8660) add 736c8f28e fix: grpc-transcode plugin: fix map data population (#8731) No new revisions were added by this update. Summary of changes: .editorconfig | 1 + apisix/plugins/grpc-transcode/util.lua | 30 ++- t/grpc_server_example/echo.pb | Bin 0 -> 997 bytes t/grpc_server_example/go.mod | 1 + t/grpc_server_example/main.go | 12 ++ t/grpc_server_example/proto/echo.pb.go | 236 + .../proto/{src.proto => echo.proto}| 17 +- t/grpc_server_example/proto/echo_grpc.pb.go| 105 + t/plugin/grpc-transcode3.t | 90 9 files changed, 480 insertions(+), 12 deletions(-) create mode 100644 t/grpc_server_example/echo.pb create mode 100644 t/grpc_server_example/proto/echo.pb.go copy t/grpc_server_example/proto/{src.proto => echo.proto} (77%) create mode 100644 t/grpc_server_example/proto/echo_grpc.pb.go
[apisix] branch master updated: change(jwt-auth): unify apisix/core/vault.lua and apisix/secret/vault.lua (#8660)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new c8d5afb5b change(jwt-auth): unify apisix/core/vault.lua and apisix/secret/vault.lua (#8660) c8d5afb5b is described below commit c8d5afb5b02a800bb3f7090bc5adb1d26e281d53 Author: Abhishek Choudhary AuthorDate: Mon Jan 30 08:54:56 2023 +0530 change(jwt-auth): unify apisix/core/vault.lua and apisix/secret/vault.lua (#8660) Fixes https://github.com/apache/apisix/issues/8424 --- README.md | 2 +- apisix/core/vault.lua | 127 apisix/plugins/jwt-auth.lua| 74 +-- apisix/secret/vault.lua| 6 - conf/config-default.yaml | 13 -- docs/en/latest/getting-started.md | 2 +- docs/en/latest/plugins/jwt-auth.md | 95 + docs/zh/latest/getting-started.md | 2 +- docs/zh/latest/plugins/jwt-auth.md | 104 +- t/plugin/jwt-auth-vault.t | 386 - 10 files changed, 16 insertions(+), 795 deletions(-) diff --git a/README.md b/README.md index b7bba5c87..44fbc224c 100644 --- a/README.md +++ b/README.md @@ -140,7 +140,7 @@ A/B testing, canary release, blue-green deployment, limit rate, defense against - [Elasticsearch](docs/en/latest/plugins/elasticsearch-logger.md): push logs to Elasticsearch. - [Datadog](docs/en/latest/plugins/datadog.md): push custom metrics to the DogStatsD server, comes bundled with [Datadog agent](https://docs.datadoghq.com/agent/), over the UDP protocol. DogStatsD basically is an implementation of StatsD protocol which collects the custom metrics for Apache APISIX agent, aggregates it into a single data point and sends it to the configured Datadog server. - [Helm charts](https://github.com/apache/apisix-helm-chart) - - [HashiCorp Vault](https://www.vaultproject.io/): Support secret management solution for accessing secrets from Vault secure storage backed in a low trust environment. Currently, RS256 keys (public-private key pairs) or secret keys can be linked from vault in [jwt-auth](docs/en/latest/plugins/jwt-auth.md#enable-jwt-auth-with-vault-compatibility) authentication plugin. + - [HashiCorp Vault](https://www.vaultproject.io/): Support secret management solution for accessing secrets from Vault secure storage backed in a low trust environment. Currently, RS256 keys (public-private key pairs) or secret keys can be linked from vault in jwt-auth authentication plugin using [APISIX Secret](docs/en/latest/terminology/secret.md) resource. - **Highly scalable** - [Custom plugins](docs/en/latest/plugin-develop.md): Allows hooking of common phases, such as `rewrite`, `access`, `header filter`, `body filter` and `log`, also allows to hook the `balancer` stage. diff --git a/apisix/core/vault.lua b/apisix/core/vault.lua deleted file mode 100644 index aeb8485d9..0 --- a/apisix/core/vault.lua +++ /dev/null @@ -1,127 +0,0 @@ --- --- Licensed to the Apache Software Foundation (ASF) under one or more --- contributor license agreements. See the NOTICE file distributed with --- this work for additional information regarding copyright ownership. --- The ASF licenses this file to You under the Apache License, Version 2.0 --- (the "License"); you may not use this file except in compliance with --- the License. You may obtain a copy of the License at --- --- http://www.apache.org/licenses/LICENSE-2.0 --- --- Unless required by applicable law or agreed to in writing, software --- distributed under the License is distributed on an "AS IS" BASIS, --- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. --- See the License for the specific language governing permissions and --- limitations under the License. --- - Vault Tools. --- Vault is an identity-based secrets and encryption management system. --- --- @module core.vault - -local core = require("apisix.core") -local http = require("resty.http") -local json = require("cjson") - -local fetch_local_conf = require("apisix.core.config_local").local_conf -local norm_path = require("pl.path").normpath - -local _M = {} - -local function fetch_vault_conf() -local conf, err = fetch_local_conf() -if not conf then -return nil, "failed to fetch vault configuration from config yaml: " .. err -end - -if not conf.vault then -return nil, "accessing vault data requires configuration information" -end -return conf.vault -end - - -local function make_request_to_vault(method, key, skip_prefix, data) -local vault, err = fetch_vault_conf() -if not vault then -return nil, err -end - -local httpc = http.new() --- config timeout or default to 50
[apisix] branch master updated: feat: stream subsystem support consul_kv service discovery (#8633)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new fab68d7c2 feat: stream subsystem support consul_kv service discovery (#8633) fab68d7c2 is described below commit fab68d7c23a7ce11260dac5018a54ae185a633c8 Author: Ashing Zheng AuthorDate: Mon Jan 30 09:42:39 2023 +0800 feat: stream subsystem support consul_kv service discovery (#8633) Fixes https://github.com/apache/apisix/issues/7779 --- docs/en/latest/discovery/consul_kv.md | 21 +++ t/discovery/stream/consul_kv.t| 269 ++ 2 files changed, 290 insertions(+) diff --git a/docs/en/latest/discovery/consul_kv.md b/docs/en/latest/discovery/consul_kv.md index b370b6bcd..bfb434417 100644 --- a/docs/en/latest/discovery/consul_kv.md +++ b/docs/en/latest/discovery/consul_kv.md @@ -131,6 +131,8 @@ To avoid confusion, use the full consul key url path as service name in practice ### Upstream setting + L7 + Here is an example of routing a request with a URL of "/*" to a service which named "http://127.0.0.1:8500/v1/kv/upstreams/webpages/; and use consul_kv discovery client in the registry : ```shell @@ -172,6 +174,25 @@ The format response as below: You could find more usage in the `apisix/t/discovery/consul_kv.t` file. + L4 + +Consul_kv service discovery also supports use in L4, the configuration method is similar to L7. + +```shell +$ curl http://127.0.0.1:9180/apisix/admin/stream_routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -i -d ' +{ +"remote_addr": "127.0.0.1", +"upstream": { + "scheme": "tcp", + "service_name": "http://127.0.0.1:8500/v1/kv/upstreams/webpages/;, + "type": "roundrobin", + "discovery_type": "consul_kv" +} +}' +``` + +You could find more usage in the `apisix/t/discovery/stream/consul_kv.t` file. + ## Debugging API It also offers control api for debugging. diff --git a/t/discovery/stream/consul_kv.t b/t/discovery/stream/consul_kv.t new file mode 100644 index 0..5ef1e6509 --- /dev/null +++ b/t/discovery/stream/consul_kv.t @@ -0,0 +1,269 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +use t::APISIX 'no_plan'; + +repeat_each(1); +log_level('info'); +no_root_location(); +no_shuffle(); + + +add_block_preprocessor(sub { +my ($block) = @_; + +my $http_config = $block->http_config // <<_EOC_; + +server { +listen 20999; + +location / { +content_by_lua_block { +ngx.say("missing consul_kv services") +} +} +} + +server { +listen 30511; + +location /hello { +content_by_lua_block { +ngx.say("server 1") +} +} +} +server { +listen 30512; + +location /hello { +content_by_lua_block { +ngx.say("server 2") +} +} +} +server { +listen 30513; + +location /hello { +content_by_lua_block { +ngx.say("server 3") +} +} +} +server { +listen 30514; + +location /hello { +content_by_lua_block { +ngx.say("server 4") +} +} +} +_EOC_ + +$block->set_value("http_config", $http_config); + +if (!$block->stream_request) { +$block->set_value("stream_request", "GET /hello HTTP/1.1\r\nHost: 127.0.0.1:1985\r\nConnection: close\r\n\r\n"); +} +}); + +our $yaml_config = <<_EOC_; +apisix: + node_listen: 1984 +deployment: + role: data_plane + role_data_plane: +config_provider: yaml +discovery: + consul_kv: +servers: + - "http://127.0.0.1:8500; + - "http://127.0.0.1:8600; +prefix: "upstreams" +skip_keys: + - "upstream
[apisix] 09/09: fix broken tests
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch release/2.15 in repository https://gitbox.apache.org/repos/asf/apisix.git commit d057ef55d08ec3266802fef4a5420885c9720912 Author: spacewander AuthorDate: Sun Jan 29 11:07:57 2023 +0800 fix broken tests Signed-off-by: spacewander --- t/plugin/grpc-transcode-reload-bugfix.t | 2 +- t/plugin/request-id-reload-bugfix.t | 9 + 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/t/plugin/grpc-transcode-reload-bugfix.t b/t/plugin/grpc-transcode-reload-bugfix.t index 7eee56f16..556b2cad2 100644 --- a/t/plugin/grpc-transcode-reload-bugfix.t +++ b/t/plugin/grpc-transcode-reload-bugfix.t @@ -34,7 +34,7 @@ add_block_preprocessor(sub { close_cnt = 0 core.config.new = function(key, opts) local obj, err = orig_new(key, opts) -if key == "/protos" then +if key == "/proto" then local orig_close = obj.close obj.close = function(...) core.log.warn("call config close") diff --git a/t/plugin/request-id-reload-bugfix.t b/t/plugin/request-id-reload-bugfix.t index 71775e7d9..1b4bb5fe1 100644 --- a/t/plugin/request-id-reload-bugfix.t +++ b/t/plugin/request-id-reload-bugfix.t @@ -33,6 +33,12 @@ add_block_preprocessor(sub { local orig_new = core.etcd.new core.etcd.new = function(...) local cli, prefix = orig_new(...) +-- in 2.15.x, there is an extra call in init_worker phase +-- so when backporting this fix, we need to filter out the +-- extra call in the test +if ngx.get_phase() ~= "timer" then +return cli, prefix +end cli.keepalive = function(...) return false, "test error" end @@ -61,6 +67,9 @@ __DATA__ === TEST 1: unregister timer when etcd keepalive failed --- yaml_config +apisix: + node_listen: 1984 + admin_key: null plugins: - request-id plugin_attr:
[apisix] 01/09: fix(file-loger): use no buffering model when open file (#7884)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch release/2.15 in repository https://gitbox.apache.org/repos/asf/apisix.git commit c6c32e771a8db7730272668855c0b249a04b3fc4 Author: levy liu <375636...@qq.com> AuthorDate: Wed Nov 23 11:23:52 2022 +0800 fix(file-loger): use no buffering model when open file (#7884) Fixes https://github.com/apache/apisix/issues/7839 --- apisix/plugins/file-logger.lua | 12 +--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/apisix/plugins/file-logger.lua b/apisix/plugins/file-logger.lua index e624b0bbc..9fbe359a7 100644 --- a/apisix/plugins/file-logger.lua +++ b/apisix/plugins/file-logger.lua @@ -75,6 +75,9 @@ if is_apisix_or then return nil, err end +-- it will case output problem with buffer when log is larger than buffer +file:setvbuf("no") + handler.file = file handler.open_time = ngx.now() * 1000 return handler @@ -116,11 +119,14 @@ local function write_file_data(conf, log_message) if not file then core.log.error("failed to open file: ", conf.path, ", error info: ", err) else -local ok, err = file:write(msg, '\n') +-- file:write(msg, "\n") will call fwrite several times +-- which will cause problem with the log output +-- it should be atomic +msg = msg .. "\n" +-- write to file directly, no need flush +local ok, err = file:write(msg) if not ok then core.log.error("failed to write file: ", conf.path, ", error info: ", err) -else -file:flush() end -- file will be closed by gc, if open_file_cache exists
[apisix] 04/09: fix broken test
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch release/2.15 in repository https://gitbox.apache.org/repos/asf/apisix.git commit 9ae617ddfbfc4b00c0b187566ddd44daff5fdb90 Author: spacewander AuthorDate: Sat Jan 28 11:07:16 2023 +0800 fix broken test Signed-off-by: spacewander --- t/plugin/openid-connect.t | 7 +-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/t/plugin/openid-connect.t b/t/plugin/openid-connect.t index d8be67598..98adeb5cd 100644 --- a/t/plugin/openid-connect.t +++ b/t/plugin/openid-connect.t @@ -593,7 +593,7 @@ passed --- request GET /uri HTTP/1.1 --- more_headers -Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhMSI6IkRhdGEgMSIsImlhdCI6MTU4NTEyMjUwMiwiZXhwIjoxOTAwNjk4NTAyLCJhdWQiOiJodHRwOi8vbXlzb2Z0Y29ycC5pbiIsImlzcyI6Ik15c29mdCBjb3JwIiwic3ViIjoic29tZUB1c2VyLmNvbSJ9.Vq_sBN7nH67vMDbiJE01EP4hvJYE_5ju6izjkOX8pF5OS4g2RWKWpL6h6-b0tTkCzG4JD5BEl13LWW-Gxxw0i9vEK0FLg_kC_kZLYB8WuQ6B9B9YwzmZ3OLbgnYzt_VD7D-7psEbwapJl5hbFsIjDgOAEx-UCmjUcl2frZxZavG2LUiEGs9Ri7KqOZmTLgNDMWfeWh1t1LyD0_b-eTInbasVtKQxMlb5kR0Ln_Qg5092L-irJ7dqaZma7HItCnzXJROdqJEsMIBA [...] +Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhMSI6IkRhdGEgMSIsImlhdCI6MTU4NTEyMjUwMiwiZXhwIjoxOTAwNjk4NTAyLCJhdWQiOiJodHRwOi8vbXlzb2Z0Y29ycC5pbiIsImlzcyI6Ik15c29mdCBjb3JwIiwic3ViIjoic29tZUB1c2VyLmNvbSJ9.u1ISx7JbuK_GFRIUqIMP175FqXRyF9V7y86480Q4N3jNxs3ePbc51TFtIHDrKttstU4Tub28PYVSlr-HXfjo7w --- response_body_like uri: /uri authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhMSI6IkRhdGEgMSIsImlhdCI6MTU4NTEyMjUwMiwiZXhwIjoxOTAwNjk4NTAyLCJhdWQiOiJodHRwOi8vbXlzb2Z0Y29ycC5pbiIsImlzcyI6Ik15c29mdCBjb3JwIiwic3ViIjoic29tZUB1c2VyLmNvbSJ9.u1ISx7JbuK_GFRIUqIMP175FqXRyF9V7y86480Q4N3jNxs3ePbc51TFtIHDrKttstU4Tub28PYVSlr-HXfjo7w @@ -1308,6 +1308,8 @@ true ngx.say(body) } } +--- request +GET /t --- response_body passed @@ -1373,6 +1375,7 @@ passed end } } +--- request +GET /t --- response_body_like x-userinfo: ey.* ->>>>>>> 4346b0b2... fix(openid-connect): return userinfo when use_jwks is true (#8347)
[apisix] 03/09: fix(openid-connect): return userinfo when use_jwks is true (#8347)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch release/2.15 in repository https://gitbox.apache.org/repos/asf/apisix.git commit b4a69274fb0e7a68e6ffa6de9e3a6a97bc734dd4 Author: levy liu <375636...@qq.com> AuthorDate: Tue Nov 22 14:22:03 2022 +0800 fix(openid-connect): return userinfo when use_jwks is true (#8347) Fixes https://github.com/apache/apisix/issues/8133 Signed-off-by: spacewander --- apisix/plugins/openid-connect.lua | 2 +- t/plugin/openid-connect.t | 117 +- 2 files changed, 116 insertions(+), 3 deletions(-) diff --git a/apisix/plugins/openid-connect.lua b/apisix/plugins/openid-connect.lua index b472feca0..976c606b6 100644 --- a/apisix/plugins/openid-connect.lua +++ b/apisix/plugins/openid-connect.lua @@ -213,7 +213,7 @@ local function introspect(ctx, conf) -- Token successfully validated. local method = (conf.public_key and "public_key") or (conf.use_jwks and "jwks") core.log.debug("token validate successfully by ", method) -return res, err, token, nil +return res, err, token, res else -- Validate token against introspection endpoint. -- TODO: Same as above for public key validation. diff --git a/t/plugin/openid-connect.t b/t/plugin/openid-connect.t index 9337e4235..d8be67598 100644 --- a/t/plugin/openid-connect.t +++ b/t/plugin/openid-connect.t @@ -593,13 +593,14 @@ passed --- request GET /uri HTTP/1.1 --- more_headers -Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhMSI6IkRhdGEgMSIsImlhdCI6MTU4NTEyMjUwMiwiZXhwIjoxOTAwNjk4NTAyLCJhdWQiOiJodHRwOi8vbXlzb2Z0Y29ycC5pbiIsImlzcyI6Ik15c29mdCBjb3JwIiwic3ViIjoic29tZUB1c2VyLmNvbSJ9.u1ISx7JbuK_GFRIUqIMP175FqXRyF9V7y86480Q4N3jNxs3ePbc51TFtIHDrKttstU4Tub28PYVSlr-HXfjo7w response_body +Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhMSI6IkRhdGEgMSIsImlhdCI6MTU4NTEyMjUwMiwiZXhwIjoxOTAwNjk4NTAyLCJhdWQiOiJodHRwOi8vbXlzb2Z0Y29ycC5pbiIsImlzcyI6Ik15c29mdCBjb3JwIiwic3ViIjoic29tZUB1c2VyLmNvbSJ9.Vq_sBN7nH67vMDbiJE01EP4hvJYE_5ju6izjkOX8pF5OS4g2RWKWpL6h6-b0tTkCzG4JD5BEl13LWW-Gxxw0i9vEK0FLg_kC_kZLYB8WuQ6B9B9YwzmZ3OLbgnYzt_VD7D-7psEbwapJl5hbFsIjDgOAEx-UCmjUcl2frZxZavG2LUiEGs9Ri7KqOZmTLgNDMWfeWh1t1LyD0_b-eTInbasVtKQxMlb5kR0Ln_Qg5092L-irJ7dqaZma7HItCnzXJROdqJEsMIBA [...] +--- response_body_like uri: /uri authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhMSI6IkRhdGEgMSIsImlhdCI6MTU4NTEyMjUwMiwiZXhwIjoxOTAwNjk4NTAyLCJhdWQiOiJodHRwOi8vbXlzb2Z0Y29ycC5pbiIsImlzcyI6Ik15c29mdCBjb3JwIiwic3ViIjoic29tZUB1c2VyLmNvbSJ9.u1ISx7JbuK_GFRIUqIMP175FqXRyF9V7y86480Q4N3jNxs3ePbc51TFtIHDrKttstU4Tub28PYVSlr-HXfjo7w host: localhost x-access-token: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhMSI6IkRhdGEgMSIsImlhdCI6MTU4NTEyMjUwMiwiZXhwIjoxOTAwNjk4NTAyLCJhdWQiOiJodHRwOi8vbXlzb2Z0Y29ycC5pbiIsImlzcyI6Ik15c29mdCBjb3JwIiwic3ViIjoic29tZUB1c2VyLmNvbSJ9.u1ISx7JbuK_GFRIUqIMP175FqXRyF9V7y86480Q4N3jNxs3ePbc51TFtIHDrKttstU4Tub28PYVSlr-HXfjo7w x-real-ip: 127.0.0.1 +x-userinfo: ey.* --- no_error_log [error] --- error_code: 200 @@ -1263,3 +1264,115 @@ true --- error_code: 302 --- no_error_log [error] + + + +=== TEST 32: set use_jwks and set_userinfo_header to validate "x-userinfo" in request header +--- config +location /t { +content_by_lua_block { +local t = require("lib.test_admin").test +local code, body = t('/apisix/admin/routes/1', + ngx.HTTP_PUT, + [[{ +"plugins": { +"openid-connect": { +"client_id": "course_management", +"client_secret": "d1ec69e9-55d2-4109-a3ea-befa071579d5", +"discovery": "http://127.0.0.1:8090/auth/realms/University/.well-known/openid-configuration;, +"realm": "University", +"bearer_only": true, +"access_token_in_authorization_header": true, +"set_userinfo_header": true, +"use_jwks": true, +"redirect_uri": "http://localhost:3000;, +"ssl_verify": false, +"timeout": 10, +"introspection_endpoint_auth_method": "client_secret_post", +"introspection_endpoint": "http://127.0.0.1:8090/auth/realms/University/protocol/openid-connect/token/introspect; +} +}, +
[apisix] 06/09: fix: the plugins bound on the service use the latest configuration (#8482)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch release/2.15 in repository https://gitbox.apache.org/repos/asf/apisix.git commit e9a24d721b62977e35836fc2b300d699048ca239 Author: tzssangglass AuthorDate: Thu Dec 8 15:24:10 2022 +0800 fix: the plugins bound on the service use the latest configuration (#8482) Fixes https://github.com/apache/apisix/issues/8481 Signed-off-by: spacewander --- apisix/plugin.lua| 2 +- t/node/consumer-plugin.t | 114 +++ 2 files changed, 115 insertions(+), 1 deletion(-) diff --git a/apisix/plugin.lua b/apisix/plugin.lua index 0f7845fe0..f35f55ec2 100644 --- a/apisix/plugin.lua +++ b/apisix/plugin.lua @@ -658,7 +658,7 @@ function _M.merge_consumer_route(route_conf, consumer_conf, api_ctx) local flag = route_conf.value.id .. "#" .. route_conf.modifiedIndex .. "#" .. consumer_conf.id .. "#" .. consumer_conf.modifiedIndex -local new_conf = merged_route(flag, nil, +local new_conf = merged_route(flag, api_ctx.conf_version, merge_consumer_route, route_conf, consumer_conf) api_ctx.conf_type = api_ctx.conf_type .. "" diff --git a/t/node/consumer-plugin.t b/t/node/consumer-plugin.t index 1007bed13..81f1b07cc 100644 --- a/t/node/consumer-plugin.t +++ b/t/node/consumer-plugin.t @@ -407,3 +407,117 @@ passed [error] --- error_log find consumer John_Doe + + + +=== TEST 12: the plugins bound on the service should use the latest configuration +--- config +location /t { +content_by_lua_block { +local t = require("lib.test_admin").test +local code, body = t('/apisix/admin/consumers', +ngx.HTTP_PUT, +[[{ +"username":"jack", +"plugins": { +"key-auth": { +"key": "auth-jack" +} +} +}]] +) +if code >= 300 then +ngx.status = code +ngx.say(body) +return +end + +local code, body = t('/apisix/admin/services/1', +ngx.HTTP_PUT, +[[{ +"plugins": { +"key-auth": { +"header": "Authorization" +}, +"proxy-rewrite": { +"uri": "/hello1" +} +} +}]] +) +if code >= 300 then +ngx.status = code +ngx.say(body) +return +end + +local code, body = t('/apisix/admin/routes/1', +ngx.HTTP_PUT, +[[{ +"methods": [ +"GET" +], +"uri": "/hello", +"service_id": "1", +"upstream": { +"nodes": { +"127.0.0.1:1980": 1 +}, +"type": "roundrobin" +} +}]] +) +if code >= 300 then +ngx.status = code +ngx.say(body) +return +end + +local http = require "resty.http" +local uri = "http://127.0.0.1:; .. ngx.var.server_port .. "/hello" +local httpc = http.new() +local headers = { +["Authorization"] = "auth-jack" +} +local res, err = httpc:request_uri(uri, {headers = headers}) +assert(res.status == 200) +if not res then +ngx.log(ngx.ERR, err) +return +end +ngx.print(res.body) + +local code, body = t('/apisix/admin/services/1', +ngx.HTTP_PUT, +[[{ +"plugins": { +"key-auth": { +"header": "Authorization" +}, +"proxy-rewrite": { +"uri": "/server_port" +} +} +}]] +) +if code >= 300 then +ngx.status = code +ngx.say(body) +return +end +ngx.sleep(0.1) + +local res, err = httpc:request_uri(uri, {headers = headers}) +assert(res.status == 200) +if not res then +ngx.log(ngx.ERR, err) +return +end +ngx.say(res.body) +} +} +--- request +GET /t +--- response_body +hello1 world +1980
[apisix] 07/09: fix: define destroy() to close protos (#8557)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch release/2.15 in repository https://gitbox.apache.org/repos/asf/apisix.git commit edc68b5580e07d7bd6ecb56a1e6ccd7b2bece90c Author: jinhua luo AuthorDate: Tue Dec 27 16:52:15 2022 +0800 fix: define destroy() to close protos (#8557) Fixes https://github.com/apache/apisix/issues/8519 --- apisix/plugins/grpc-transcode.lua | 5 +++ apisix/plugins/grpc-transcode/proto.lua | 5 +++ t/plugin/grpc-transcode-reload-bugfix.t | 75 + 3 files changed, 85 insertions(+) diff --git a/apisix/plugins/grpc-transcode.lua b/apisix/plugins/grpc-transcode.lua index 2405d33ec..3875bc096 100644 --- a/apisix/plugins/grpc-transcode.lua +++ b/apisix/plugins/grpc-transcode.lua @@ -110,6 +110,11 @@ function _M.init() end +function _M.destroy() +proto.destroy() +end + + function _M.check_schema(conf) local ok, err = core.schema.check(schema, conf) if not ok then diff --git a/apisix/plugins/grpc-transcode/proto.lua b/apisix/plugins/grpc-transcode/proto.lua index c30c17e71..0186feef4 100644 --- a/apisix/plugins/grpc-transcode/proto.lua +++ b/apisix/plugins/grpc-transcode/proto.lua @@ -170,5 +170,10 @@ function _M.init() end end +function _M.destroy() +if protos then +protos:close() +end +end return _M diff --git a/t/plugin/grpc-transcode-reload-bugfix.t b/t/plugin/grpc-transcode-reload-bugfix.t new file mode 100644 index 0..7eee56f16 --- /dev/null +++ b/t/plugin/grpc-transcode-reload-bugfix.t @@ -0,0 +1,75 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +use t::APISIX 'no_plan'; + +log_level('warn'); +repeat_each(1); +no_long_string(); +no_root_location(); + +add_block_preprocessor(sub { +my ($block) = @_; + +if (!$block->request) { +$block->set_value("request", "GET /t"); +} + +my $extra_init_by_lua = <<_EOC_; +local core = require("apisix.core") +local orig_new = core.config.new +close_cnt = 0 +core.config.new = function(key, opts) +local obj, err = orig_new(key, opts) +if key == "/protos" then +local orig_close = obj.close +obj.close = function(...) +core.log.warn("call config close") +close_cnt = close_cnt + 1 +return orig_close(...) +end +end +return obj, err +end +_EOC_ + +$block->set_value("extra_init_by_lua", $extra_init_by_lua); +}); + +run_tests; + +__DATA__ + +=== TEST 1: close protos when grpc-transcode plugin reload +--- config +location /t { +content_by_lua_block { +local t = require("lib.test_admin").test +local code = t('/apisix/admin/plugins/reload', +ngx.HTTP_PUT) +if code >= 300 then +ngx.status = code +return +end + +ngx.sleep(2) +if close_cnt ~= 1 then +ngx.status = 500 +end +} +} +--- error_log +call config close
[apisix] 08/09: fix: unregister timer when snowflake etcd keepalive failed (#8556)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch release/2.15 in repository https://gitbox.apache.org/repos/asf/apisix.git commit 0575742b9fc6f3817367a29edd1ef96f3c664392 Author: jinhua luo AuthorDate: Mon Dec 26 14:37:18 2022 +0800 fix: unregister timer when snowflake etcd keepalive failed (#8556) Fixes https://github.com/apache/apisix/issues/8520 --- apisix/plugins/request-id.lua | 1 + t/plugin/request-id-reload-bugfix.t | 117 2 files changed, 118 insertions(+) diff --git a/apisix/plugins/request-id.lua b/apisix/plugins/request-id.lua index 353bd3f83..ceddcdf94 100644 --- a/apisix/plugins/request-id.lua +++ b/apisix/plugins/request-id.lua @@ -129,6 +129,7 @@ local function gen_data_machine(max_number) if err4 then snowflake_inited = nil data_machine = nil +timers.unregister_timer("plugin#request-id") core.log.error("snowflake data_machine: " .. id .." lease failed.") end start_at = now diff --git a/t/plugin/request-id-reload-bugfix.t b/t/plugin/request-id-reload-bugfix.t new file mode 100644 index 0..71775e7d9 --- /dev/null +++ b/t/plugin/request-id-reload-bugfix.t @@ -0,0 +1,117 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +use t::APISIX 'no_plan'; + +log_level('warn'); +repeat_each(1); +no_long_string(); +no_root_location(); + +add_block_preprocessor(sub { +my ($block) = @_; + +if (!$block->request) { +$block->set_value("request", "GET /t"); +} + +my $extra_init_by_lua = <<_EOC_; +local core = require("apisix.core") +local orig_new = core.etcd.new +core.etcd.new = function(...) +local cli, prefix = orig_new(...) +cli.keepalive = function(...) +return false, "test error" +end +-- only simulate error once +-- because reload would redo init() +core.etcd.new = orig_new +return cli, prefix +end + +local timers = require("apisix.timers") +local orig_unregister = timers.unregister_timer +unregister_cnt = 0 +timers.unregister_timer = function(name, privileged) +core.log.error("unregister timer: ", name) +unregister_cnt = unregister_cnt + 1 +return orig_unregister(name, privileged) +end +_EOC_ + +$block->set_value("extra_init_by_lua", $extra_init_by_lua); +}); + +run_tests; + +__DATA__ + +=== TEST 1: unregister timer when etcd keepalive failed +--- yaml_config +plugins: +- request-id +plugin_attr: +request-id: +snowflake: +enable: true +data_machine_interval: 1 +--- config +location /t { +content_by_lua_block { +local t = require("lib.test_admin").test +local code, body = t('/apisix/admin/routes/1', + ngx.HTTP_PUT, + [[{ +"plugins": { +"request-id": { +"algorithm": "snowflake" +} +}, +"upstream": { +"nodes": { +"127.0.0.1:1982": 1 +}, +"type": "roundrobin" +}, +"uri": "/opentracing" +}]] +) +if code >= 300 then +ngx.status = code +return +end + +-- wait for keepalive fails +ngx.sleep(2) + +local code = t('/apisix/admin/plugins/reload', +ngx.HTTP_PUT) +if code >= 300 then +ngx.status = code +return +end + +ngx.sleep(2) +ngx.log(ngx.ERR, unregister_cnt) +if unregister_cnt ~= 1 then +ngx.status = 500 +end +} +} +--- timeout: 5 +--- error_log +lease failed +unregister timer: plugin#request-id
[apisix] 05/09: fix: proxy grpc sometimes occurs 502 (#8364)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch release/2.15 in repository https://gitbox.apache.org/repos/asf/apisix.git commit 39391dc6b92685813391f151cfa9a9886029cf6f Author: soulbird AuthorDate: Wed Dec 7 13:47:52 2022 +0800 fix: proxy grpc sometimes occurs 502 (#8364) Co-authored-by: soulbird Fixes https://github.com/apache/apisix/issues/8166 --- apisix/balancer.lua | 5 ++- ci/centos7-ci.sh| 2 +- ci/linux_openresty_common_runner.sh | 2 +- t/grpc_server_example/go.mod| 4 +-- t/grpc_server_example/go.sum| 29 +-- t/grpc_server_example/main.go | 41 + t/node/upstream-keepalive-pool.t| 71 + 7 files changed, 144 insertions(+), 10 deletions(-) diff --git a/apisix/balancer.lua b/apisix/balancer.lua index 462d04f07..f83653317 100644 --- a/apisix/balancer.lua +++ b/apisix/balancer.lua @@ -313,18 +313,17 @@ do pool_opt.pool_size = size local scheme = up_conf.scheme +local pool = scheme .. "#" .. server.host .. "#" .. server.port -- other TLS schemes don't use http balancer keepalive if (scheme == "https" or scheme == "grpcs") then -local pool = server.host .. "#" .. server.port local sni = ctx.var.upstream_host pool = pool .. "#" .. sni if up_conf.tls and up_conf.tls.client_cert then pool = pool .. "#" .. up_conf.tls.client_cert end - -pool_opt.pool = pool end +pool_opt.pool = pool local ok, err = balancer.set_current_peer(server.host, server.port, pool_opt) diff --git a/ci/centos7-ci.sh b/ci/centos7-ci.sh index 543e54514..f2c40850b 100755 --- a/ci/centos7-ci.sh +++ b/ci/centos7-ci.sh @@ -55,7 +55,7 @@ install_dependencies() { CGO_ENABLED=0 go build ./grpc_server_example \ --grpc-address :50051 -grpcs-address :50052 -grpcs-mtls-address :50053 \ +-grpc-address :50051 -grpcs-address :50052 -grpcs-mtls-address :50053 -grpc-http-address :50054 \ -crt ../certs/apisix.crt -key ../certs/apisix.key -ca ../certs/mtls_ca.crt \ > grpc_server_example.log 2>&1 || (cat grpc_server_example.log && exit 1)& diff --git a/ci/linux_openresty_common_runner.sh b/ci/linux_openresty_common_runner.sh index 02e5ea471..3e0365eda 100755 --- a/ci/linux_openresty_common_runner.sh +++ b/ci/linux_openresty_common_runner.sh @@ -71,7 +71,7 @@ script() { set_coredns ./t/grpc_server_example/grpc_server_example \ --grpc-address :50051 -grpcs-address :50052 -grpcs-mtls-address :50053 \ +-grpc-address :50051 -grpcs-address :50052 -grpcs-mtls-address :50053 -grpc-http-address :50054 \ -crt ./t/certs/apisix.crt -key ./t/certs/apisix.key -ca ./t/certs/mtls_ca.crt \ & diff --git a/t/grpc_server_example/go.mod b/t/grpc_server_example/go.mod index cccb735e9..8d36bae68 100644 --- a/t/grpc_server_example/go.mod +++ b/t/grpc_server_example/go.mod @@ -3,7 +3,7 @@ module github.com/api7/grpc_server_example go 1.11 require ( - github.com/golang/protobuf v1.5.0 + golang.org/x/net v0.2.0 google.golang.org/grpc v1.32.0 - google.golang.org/protobuf v1.27.1 // indirect + google.golang.org/protobuf v1.27.1 ) diff --git a/t/grpc_server_example/go.sum b/t/grpc_server_example/go.sum index d150a12f6..d9ceb02e6 100644 --- a/t/grpc_server_example/go.sum +++ b/t/grpc_server_example/go.sum @@ -18,29 +18,52 @@ github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/mod
[apisix] 02/09: fix: can not modify x-forwarded-host in proxy rewrite (#8200)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch release/2.15 in repository https://gitbox.apache.org/repos/asf/apisix.git commit abed6f17010b50ca3ee59852341443f56d61b282 Author: levy liu <375636...@qq.com> AuthorDate: Thu Nov 3 14:36:42 2022 +0800 fix: can not modify x-forwarded-host in proxy rewrite (#8200) Signed-off-by: spacewander --- apisix/cli/ngx_tpl.lua| 3 --- apisix/core/ctx.lua | 1 + apisix/init.lua | 5 + t/APISIX.pm | 3 --- t/plugin/proxy-rewrite2.t | 2 +- t/plugin/proxy-rewrite3.t | 53 +++ 6 files changed, 60 insertions(+), 7 deletions(-) diff --git a/apisix/cli/ngx_tpl.lua b/apisix/cli/ngx_tpl.lua index dba9917cb..0ec7f50ab 100644 --- a/apisix/cli/ngx_tpl.lua +++ b/apisix/cli/ngx_tpl.lua @@ -716,9 +716,6 @@ http { if ($http_x_forwarded_for != "") { set $var_x_forwarded_for "${http_x_forwarded_for}, ${realip_remote_addr}"; } -if ($http_x_forwarded_host != "") { -set $var_x_forwarded_host $http_x_forwarded_host; -} if ($http_x_forwarded_port != "") { set $var_x_forwarded_port $http_x_forwarded_port; } diff --git a/apisix/core/ctx.lua b/apisix/core/ctx.lua index 5bf3daa57..03297a2ff 100644 --- a/apisix/core/ctx.lua +++ b/apisix/core/ctx.lua @@ -200,6 +200,7 @@ do var_x_forwarded_proto = true, var_x_forwarded_port = true, +var_x_forwarded_host = true, } -- sort in alphabetical diff --git a/apisix/init.lua b/apisix/init.lua index 3e2b11055..96068894f 100644 --- a/apisix/init.lua +++ b/apisix/init.lua @@ -229,6 +229,11 @@ local function set_upstream_headers(api_ctx, picked_server) if proto then api_ctx.var.var_x_forwarded_proto = proto end + +local x_forwarded_host = api_ctx.var.http_x_forwarded_host +if x_forwarded_host then +api_ctx.var.var_x_forwarded_host = x_forwarded_host +end end diff --git a/t/APISIX.pm b/t/APISIX.pm index bce7c735a..8c7b41bdd 100644 --- a/t/APISIX.pm +++ b/t/APISIX.pm @@ -770,9 +770,6 @@ _EOC_ if (\$http_x_forwarded_for != "") { set \$var_x_forwarded_for "\${http_x_forwarded_for}, \${realip_remote_addr}"; } -if (\$http_x_forwarded_host != "") { -set \$var_x_forwarded_host \$http_x_forwarded_host; -} if (\$http_x_forwarded_port != "") { set \$var_x_forwarded_port \$http_x_forwarded_port; } diff --git a/t/plugin/proxy-rewrite2.t b/t/plugin/proxy-rewrite2.t index fcd4011ba..2ba08d9f8 100644 --- a/t/plugin/proxy-rewrite2.t +++ b/t/plugin/proxy-rewrite2.t @@ -211,7 +211,7 @@ localhost -=== TEST 7: pass duplicate X-Forwarded-Proto +=== TEST 7: pass duplicate X-Forwarded-Proto --- apisix_yaml routes: - diff --git a/t/plugin/proxy-rewrite3.t b/t/plugin/proxy-rewrite3.t index b67ef379e..7501abd1d 100644 --- a/t/plugin/proxy-rewrite3.t +++ b/t/plugin/proxy-rewrite3.t @@ -288,3 +288,56 @@ GET /print_uri_detailed HTTP/1.1 --- response_body ngx.var.uri: /print_uri_detailed ngx.var.request_uri: /print_uri_detailed + + + +=== TEST 12: set route(rewrite X-Forwarded-Host) +--- config +location /t { +content_by_lua_block { +local t = require("lib.test_admin").test +local code, body = t('/apisix/admin/routes/1', + ngx.HTTP_PUT, + [[{ +"methods": ["GET"], +"plugins": { +"proxy-rewrite": { +"headers": { +"X-Forwarded-Host": "test.com" +} +} +}, +"upstream": { +"nodes": { +"127.0.0.1:1980": 1 +}, +"type": "roundrobin" +}, +"uri": "/echo" +}]] +) + +if code >= 300 then +ngx.status = code +end +ngx.say(body) +} +} +--- request +GET /t +--- response_body +passed +--- no_error_log +[error] + + + +=== TEST 13: rewrite X-Forwarded-Host +--- request +GET /echo HTTP/1.1 +--- more_headers +X-Forwarded-Host: apisix.ai +--- response_headers +X-Forwarded-Host: test.com +--- no_error_log +[error]
[apisix] branch release/2.15 updated (d8f17609b -> d057ef55d)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a change to branch release/2.15 in repository https://gitbox.apache.org/repos/asf/apisix.git from d8f17609b ci: use fixed os version of ubuntu (#8438) (#8614) new c6c32e771 fix(file-loger): use no buffering model when open file (#7884) new abed6f170 fix: can not modify x-forwarded-host in proxy rewrite (#8200) new b4a69274f fix(openid-connect): return userinfo when use_jwks is true (#8347) new 9ae617ddf fix broken test new 39391dc6b fix: proxy grpc sometimes occurs 502 (#8364) new e9a24d721 fix: the plugins bound on the service use the latest configuration (#8482) new edc68b558 fix: define destroy() to close protos (#8557) new 0575742b9 fix: unregister timer when snowflake etcd keepalive failed (#8556) new d057ef55d fix broken tests The 9 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: apisix/balancer.lua| 5 +- apisix/cli/ngx_tpl.lua | 3 - apisix/core/ctx.lua| 1 + apisix/init.lua| 5 + apisix/plugin.lua | 2 +- apisix/plugins/file-logger.lua | 12 +- apisix/plugins/grpc-transcode.lua | 5 + apisix/plugins/grpc-transcode/proto.lua| 5 + apisix/plugins/openid-connect.lua | 2 +- apisix/plugins/request-id.lua | 1 + ci/centos7-ci.sh | 2 +- ci/linux_openresty_common_runner.sh| 2 +- t/APISIX.pm| 3 - t/grpc_server_example/go.mod | 4 +- t/grpc_server_example/go.sum | 29 - t/grpc_server_example/main.go | 41 +++ t/node/consumer-plugin.t | 114 +++ t/node/upstream-keepalive-pool.t | 71 .../grpc-transcode-reload-bugfix.t}| 46 +--- t/plugin/openid-connect.t | 118 ++- t/plugin/proxy-rewrite2.t | 2 +- t/plugin/proxy-rewrite3.t | 53 + t/plugin/request-id-reload-bugfix.t| 126 + 23 files changed, 612 insertions(+), 40 deletions(-) copy t/{admin/plugin-metadata2.t => plugin/grpc-transcode-reload-bugfix.t} (58%) create mode 100644 t/plugin/request-id-reload-bugfix.t
[apisix] branch master updated: fix(proxy-mirror): use with uri rewrite (#8718)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new db2077ab6 fix(proxy-mirror): use with uri rewrite (#8718) db2077ab6 is described below commit db2077ab6a4aa39d623ca8f194ebb56ba4377ba8 Author: Zeping Bai AuthorDate: Sun Jan 29 14:44:57 2023 +0800 fix(proxy-mirror): use with uri rewrite (#8718) Fixes https://github.com/apache/apisix/issues/8167 --- apisix/plugins/proxy-mirror.lua | 18 -- t/plugin/proxy-mirror2.t| 128 2 files changed, 140 insertions(+), 6 deletions(-) diff --git a/apisix/plugins/proxy-mirror.lua b/apisix/plugins/proxy-mirror.lua index 460f0e4f6..312d3ec37 100644 --- a/apisix/plugins/proxy-mirror.lua +++ b/apisix/plugins/proxy-mirror.lua @@ -89,14 +89,20 @@ end local function enable_mirror(ctx, conf) -if conf.path and conf.path_concat_mode == "prefix" then -ctx.var.upstream_mirror_uri = resolver_host(conf.host) .. conf.path .. ctx.var.uri .. -ctx.var.is_args .. (ctx.var.args or '') -else -ctx.var.upstream_mirror_uri = resolver_host(conf.host) .. (conf.path or ctx.var.uri) .. -ctx.var.is_args .. (ctx.var.args or '') +local uri = (ctx.var.upstream_uri and ctx.var.upstream_uri ~= "") and +ctx.var.upstream_uri or +ctx.var.uri .. ctx.var.is_args .. (ctx.var.args or '') + +if conf.path then +if conf.path_concat_mode == "prefix" then +uri = conf.path .. uri +else +uri = conf.path .. ctx.var.is_args .. (ctx.var.args or '') +end end +ctx.var.upstream_mirror_uri = resolver_host(conf.host) .. uri + if has_mod then apisix_ngx_client.enable_mirror() end diff --git a/t/plugin/proxy-mirror2.t b/t/plugin/proxy-mirror2.t new file mode 100644 index 0..adc2b4c6d --- /dev/null +++ b/t/plugin/proxy-mirror2.t @@ -0,0 +1,128 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +use t::APISIX 'no_plan'; + +repeat_each(1); +no_long_string(); +no_shuffle(); +no_root_location(); +log_level('info'); +worker_connections(1024); + +add_block_preprocessor(sub { +my ($block) = @_; + +my $http_config = $block->http_config // <<_EOC_; + +server { +listen 1986; +server_tokens off; + +location / { +content_by_lua_block { +local core = require("apisix.core") +core.log.info("upstream_http_version: ", ngx.req.http_version()) + +local headers_tab = ngx.req.get_headers() +local headers_key = {} +for k in pairs(headers_tab) do +core.table.insert(headers_key, k) +end +core.table.sort(headers_key) + +for _, v in pairs(headers_key) do +core.log.info(v, ": ", headers_tab[v]) +end + +core.log.info("uri: ", ngx.var.request_uri) +ngx.say("hello world") +} +} +} +_EOC_ + +$block->set_value("http_config", $http_config); + +if (!$block->request) { +$block->set_value("request", "GET /t"); +} +}); + +run_tests; + +__DATA__ + +=== TEST 1: use proxy-rewrite to change uri before mirror +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/routes/1', +ngx.HTTP_PUT, +[[{ +"plugins": { +"proxy-rewrite":{ +"_meta": { +"priority": 1010 +}, +
[apisix] branch master updated: ci: move helper script to the right dir (#8691)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new 822d545c3 ci: move helper script to the right dir (#8691) 822d545c3 is described below commit 822d545c3b0991269948fc2a8b684e484d06baf6 Author: 罗泽轩 AuthorDate: Sun Jan 29 09:46:24 2023 +0800 ci: move helper script to the right dir (#8691) Fixes https://github.com/apache/apisix/issues/8685 --- .github/workflows/code-lint.yml| 2 +- ci/centos7-ci.sh | 2 +- {utils => ci}/linux-install-etcd-client.sh | 0 {utils => ci}/linux-install-openresty.sh | 0 ci/linux_apisix_current_luarocks_runner.sh | 4 ++-- ci/linux_apisix_master_luarocks_runner.sh | 4 ++-- ci/linux_openresty_common_runner.sh| 4 ++-- ci/performance_test.sh | 2 +- 8 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/code-lint.yml b/.github/workflows/code-lint.yml index c1ffccf30..c8303191b 100644 --- a/.github/workflows/code-lint.yml +++ b/.github/workflows/code-lint.yml @@ -22,7 +22,7 @@ jobs: export_or_prefix export OPENRESTY_VERSION=default -./utils/linux-install-openresty.sh +./ci/linux-install-openresty.sh ./utils/linux-install-luarocks.sh sudo luarocks install luacheck diff --git a/ci/centos7-ci.sh b/ci/centos7-ci.sh index f86221a1a..8103503d3 100755 --- a/ci/centos7-ci.sh +++ b/ci/centos7-ci.sh @@ -35,7 +35,7 @@ install_dependencies() { ./utils/linux-install-luarocks.sh # install etcdctl -./utils/linux-install-etcd-client.sh +./ci/linux-install-etcd-client.sh # install vault cli capabilities install_vault_cli diff --git a/utils/linux-install-etcd-client.sh b/ci/linux-install-etcd-client.sh similarity index 100% rename from utils/linux-install-etcd-client.sh rename to ci/linux-install-etcd-client.sh diff --git a/utils/linux-install-openresty.sh b/ci/linux-install-openresty.sh similarity index 100% rename from utils/linux-install-openresty.sh rename to ci/linux-install-openresty.sh diff --git a/ci/linux_apisix_current_luarocks_runner.sh b/ci/linux_apisix_current_luarocks_runner.sh index 7fa165fb7..cb974524b 100755 --- a/ci/linux_apisix_current_luarocks_runner.sh +++ b/ci/linux_apisix_current_luarocks_runner.sh @@ -23,9 +23,9 @@ do_install() { export_or_prefix -./utils/linux-install-openresty.sh +./ci/linux-install-openresty.sh ./utils/linux-install-luarocks.sh -./utils/linux-install-etcd-client.sh +./ci/linux-install-etcd-client.sh } script() { diff --git a/ci/linux_apisix_master_luarocks_runner.sh b/ci/linux_apisix_master_luarocks_runner.sh index 2ffa94cde..d49f271f6 100755 --- a/ci/linux_apisix_master_luarocks_runner.sh +++ b/ci/linux_apisix_master_luarocks_runner.sh @@ -23,9 +23,9 @@ do_install() { export_or_prefix -./utils/linux-install-openresty.sh +./ci/linux-install-openresty.sh ./utils/linux-install-luarocks.sh -./utils/linux-install-etcd-client.sh +./ci/linux-install-etcd-client.sh } script() { diff --git a/ci/linux_openresty_common_runner.sh b/ci/linux_openresty_common_runner.sh index cd4472521..4029d851b 100755 --- a/ci/linux_openresty_common_runner.sh +++ b/ci/linux_openresty_common_runner.sh @@ -27,11 +27,11 @@ before_install() { do_install() { export_or_prefix -./utils/linux-install-openresty.sh +./ci/linux-install-openresty.sh ./utils/linux-install-luarocks.sh -./utils/linux-install-etcd-client.sh +./ci/linux-install-etcd-client.sh create_lua_deps diff --git a/ci/performance_test.sh b/ci/performance_test.sh index 695db94bd..99a9e0c7d 100755 --- a/ci/performance_test.sh +++ b/ci/performance_test.sh @@ -25,7 +25,7 @@ install_dependencies() { apt-get -y install lua5.1 liblua5.1-0-dev libldap2-dev export_or_prefix export OPENRESTY_VERSION=source -./utils/linux-install-openresty.sh +./ci/linux-install-openresty.sh bash utils/install-dependencies.sh install_luarocks make deps }
[apisix] branch master updated: refactor(pubsub): simpify the get_cmd implementation (#8608)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new 3fdbbaa6b refactor(pubsub): simpify the get_cmd implementation (#8608) 3fdbbaa6b is described below commit 3fdbbaa6bcfd48095755db5fb2dcd4b5e9c7a903 Author: 罗泽轩 AuthorDate: Sun Jan 29 09:32:26 2023 +0800 refactor(pubsub): simpify the get_cmd implementation (#8608) --- apisix/core/pubsub.lua | 14 -- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/apisix/core/pubsub.lua b/apisix/core/pubsub.lua index 818cb8df0..25ac46f13 100644 --- a/apisix/core/pubsub.lua +++ b/apisix/core/pubsub.lua @@ -26,7 +26,6 @@ local pb = require("pb") local ngx = ngx local setmetatable = setmetatable local pcall= pcall -local pairs= pairs local _M = { version = 0.1 } @@ -57,15 +56,10 @@ end -- parse command name and parameters from client message local function get_cmd(data) -for key, value in pairs(data) do --- There are sequence and command properties in the data, --- select the handler according to the command value. -if key ~= "sequence" and key ~= "req" then --- new version of lua-protobuf will add a new field 'oneof_name = oneof_type' --- so we also need to filter it out (in this case, the 'req' key) -return key, value -end -end +-- There are sequence and command properties in the data, +-- select the handler according to the command value. +local key = data.req +return key, data[key] end
[apisix] branch master updated: feat: stream subsystem support kubernetes service discovery (#8640)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new 9c899b876 feat: stream subsystem support kubernetes service discovery (#8640) 9c899b876 is described below commit 9c899b87648039e2c6c73b087d627aea2df90f55 Author: Ashing Zheng AuthorDate: Sat Jan 28 08:58:39 2023 +0800 feat: stream subsystem support kubernetes service discovery (#8640) Fixes https://github.com/apache/apisix/issues/7779 --- apisix/cli/ngx_tpl.lua | 7 + apisix/discovery/kubernetes/init.lua | 29 ++- docs/en/latest/discovery/kubernetes.md | 6 + docs/zh/latest/discovery/kubernetes.md | 6 + t/APISIX.pm| 4 + t/kubernetes/discovery/stream/kubernetes.t | 348 + 6 files changed, 396 insertions(+), 4 deletions(-) diff --git a/apisix/cli/ngx_tpl.lua b/apisix/cli/ngx_tpl.lua index 95ac3b763..7083d4201 100644 --- a/apisix/cli/ngx_tpl.lua +++ b/apisix/cli/ngx_tpl.lua @@ -145,6 +145,13 @@ stream { lua_shared_dict plugin-limit-conn-stream {* stream.lua_shared_dict["plugin-limit-conn-stream"] *}; {% end %} +# for discovery shared dict +{% if discovery_shared_dicts then %} +{% for key, size in pairs(discovery_shared_dicts) do %} +lua_shared_dict {*key*}-stream {*size*}; +{% end %} +{% end %} + resolver {% for _, dns_addr in ipairs(dns_resolver or {}) do %} {*dns_addr*} {% end %} {% if dns_resolver_valid then %} valid={*dns_resolver_valid*}{% end %} ipv6={% if enable_ipv6 then %}on{% else %}off{% end %}; resolver_timeout {*resolver_timeout*}; diff --git a/apisix/discovery/kubernetes/init.lua b/apisix/discovery/kubernetes/init.lua index d7258a556..3f5f275d9 100644 --- a/apisix/discovery/kubernetes/init.lua +++ b/apisix/discovery/kubernetes/init.lua @@ -25,7 +25,8 @@ local os = os local error = error local pcall = pcall local setmetatable = setmetatable -local process = require("ngx.process") +local is_http = ngx.config.subsystem == "http" +local support_process, process = pcall(require, "ngx.process") local core = require("apisix.core") local util = require("apisix.cli.util") local local_conf = require("apisix.core.config_local").local_conf() @@ -331,9 +332,24 @@ local function start_fetch(handle) ngx.timer.at(0, timer_runner) end +local function get_endpoint_dict(id) +local shm = "kubernetes" + +if id and #id > 0 then +shm = shm .. "-" .. id +end + +if not is_http then +shm = shm .. "-stream" +end + +return ngx.shared[shm] +end + local function single_mode_init(conf) -local endpoint_dict = ngx.shared.kubernetes +local endpoint_dict = get_endpoint_dict() + if not endpoint_dict then error("failed to get lua_shared_dict: ngx.shared.kubernetes, " .. "please check your APISIX version") @@ -407,7 +423,7 @@ local function multiple_mode_worker_init(confs) error("duplicate id value") end -local endpoint_dict = ngx.shared["kubernetes-" .. id] +local endpoint_dict = get_endpoint_dict(id) if not endpoint_dict then error(string.format("failed to get lua_shared_dict: ngx.shared.kubernetes-%s, ", id) .. "please check your APISIX version") @@ -433,7 +449,7 @@ local function multiple_mode_init(confs) error("duplicate id value") end -local endpoint_dict = ngx.shared["kubernetes-" .. id] +local endpoint_dict = get_endpoint_dict(id) if not endpoint_dict then error(string.format("failed to get lua_shared_dict: ngx.shared.kubernetes-%s, ", id) .. "please check your APISIX version") @@ -504,6 +520,11 @@ end function _M.init_worker() +if not support_process then +core.log.error("kubernetes discovery not support in subsystem: ", ngx.config.subsystem, + ", please check if your openresty version >= 1.19.9.1 or not") +return +end local discovery_conf = local_conf.discovery.kubernetes core.log.info("kubernetes discovery conf: ", core.json.delay_encode(discovery_conf)) if #discovery_conf == 0 then diff --git a/docs/en/latest/discovery/kubernetes.md b/docs/en/latest/discovery/kubernetes.md index 04e01f6ca..e80c73851 100644 --- a/docs/en/latest/discovery/kubernetes.md +++ b/docs/en/latest/discovery/kubernetes.md @@ -34,6 +34,12 @@ The [_Kubernetes_](https://kubernetes.io/) service discovery [_List-Watch_](http Discovery also provides a no
[apisix] branch master updated (b440a06e0 -> 4131fbf64)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git from b440a06e0 ci: kafka should register port in the zookeeper same as exposed (#8672) add 4131fbf64 fix: remove backslash before slash when encoding (#8684) No new revisions were added by this update. Summary of changes: apisix/core/json.lua | 1 + t/admin/api.t| 2 +- t/core/json.t| 19 +++ t/gm/gm.t| 2 +- t/plugin/ext-plugin/sanity.t | 2 +- t/plugin/real-ip.t | 2 +- t/stream-node/sanity.t | 2 +- 7 files changed, 25 insertions(+), 5 deletions(-)
[apisix] branch master updated: ci: kafka should register port in the zookeeper same as exposed (#8672)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new b440a06e0 ci: kafka should register port in the zookeeper same as exposed (#8672) b440a06e0 is described below commit b440a06e0b01ed3b49233e6bf6971f13056ca7e1 Author: Peter Zhu AuthorDate: Wed Jan 18 09:58:18 2023 +0800 ci: kafka should register port in the zookeeper same as exposed (#8672) --- ci/pod/docker-compose.plugin.yml | 4 ++-- ci/pod/kafka/kafka-server/env/common2.env | 4 ++-- t/plugin/kafka-logger.t | 5 - 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/ci/pod/docker-compose.plugin.yml b/ci/pod/docker-compose.plugin.yml index 8ddeef202..f1f03ec29 100644 --- a/ci/pod/docker-compose.plugin.yml +++ b/ci/pod/docker-compose.plugin.yml @@ -109,8 +109,8 @@ services: KAFKA_CFG_ZOOKEEPER_CONNECT: zookeeper-server2:2181 restart: unless-stopped ports: - - "19092:9092" - - "19094:9094" + - "19092:19092" + - "19094:19094" depends_on: - zookeeper-server1 - zookeeper-server2 diff --git a/ci/pod/kafka/kafka-server/env/common2.env b/ci/pod/kafka/kafka-server/env/common2.env index d07bf6d1a..c0fb5f57c 100644 --- a/ci/pod/kafka/kafka-server/env/common2.env +++ b/ci/pod/kafka/kafka-server/env/common2.env @@ -1,7 +1,7 @@ ALLOW_PLAINTEXT_LISTENER=yes KAFKA_CFG_AUTO_CREATE_TOPICS_ENABLE=false -KAFKA_CFG_LISTENERS=PLAINTEXT://0.0.0.0:9092,SASL_PLAINTEXT://0.0.0.0:9094 -KAFKA_CFG_ADVERTISED_LISTENERS=PLAINTEXT://127.0.0.1:9092,SASL_PLAINTEXT://127.0.0.1:9094 +KAFKA_CFG_LISTENERS=PLAINTEXT://0.0.0.0:19092,SASL_PLAINTEXT://0.0.0.0:19094 +KAFKA_CFG_ADVERTISED_LISTENERS=PLAINTEXT://127.0.0.1:19092,SASL_PLAINTEXT://127.0.0.1:19094 KAFKA_CFG_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM= KAFKA_CFG_SSL_KEYSTORE_LOCATION=/opt/bitnami/kafka/config/certs/kafka.keystore.jks KAFKA_CFG_SSL_KEYSTORE_PASSWORD=changeit diff --git a/t/plugin/kafka-logger.t b/t/plugin/kafka-logger.t index 3ac9a0a08..4ffef3ba1 100644 --- a/t/plugin/kafka-logger.t +++ b/t/plugin/kafka-logger.t @@ -669,7 +669,8 @@ failed to do PLAIN auth with 127.0.0.1:19094: Authentication failed: Invalid use "password":"admin-secret" } }], -"kafka_topic":"test2", +"kafka_topic":"test4", +"producer_type":"sync", "key":"key1", "timeout":1, "batch_max_size":1, @@ -704,6 +705,8 @@ abcdef hello world --- error_log eval qr/send data to kafka: \{.*"body":"abcdef"/ +--- no_error_log +[error] --- wait: 2
[apisix] branch master updated: fix: upgrade lua-resty-etcd to 1.10.3 (#8668)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new 63f8a67f2 fix: upgrade lua-resty-etcd to 1.10.3 (#8668) 63f8a67f2 is described below commit 63f8a67f2c6e02cd196cdb46b4af2d83085703cc Author: 罗泽轩 AuthorDate: Mon Jan 16 14:02:46 2023 +0800 fix: upgrade lua-resty-etcd to 1.10.3 (#8668) --- rockspec/apisix-master-0.rockspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rockspec/apisix-master-0.rockspec b/rockspec/apisix-master-0.rockspec index eced881ad..737741728 100644 --- a/rockspec/apisix-master-0.rockspec +++ b/rockspec/apisix-master-0.rockspec @@ -34,7 +34,7 @@ dependencies = { "lua-resty-ctxdump = 0.1-0", "api7-lua-resty-dns-client = 7.0.1", "lua-resty-template = 2.0", -"lua-resty-etcd = 1.10.2", +"lua-resty-etcd = 1.10.3", "api7-lua-resty-http = 0.2.0", "lua-resty-balancer = 0.04", "lua-resty-ngxvar = 0.5.2",
[apisix] branch master updated (daa5f7037 -> df1cadb27)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git from daa5f7037 chore: make send_stream_request more clear (#8627) add df1cadb27 fix: upgrade casbin to 1.41.3 to improve performance (#8676) No new revisions were added by this update. Summary of changes: rockspec/apisix-master-0.rockspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
[apisix] branch master updated: chore: make send_stream_request more clear (#8627)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new daa5f7037 chore: make send_stream_request more clear (#8627) daa5f7037 is described below commit daa5f7037d3b0d9b173bc8478ca683657fff031d Author: Ashing Zheng AuthorDate: Thu Jan 12 13:42:55 2023 +0800 chore: make send_stream_request more clear (#8627) --- t/discovery/stream/eureka.t | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/t/discovery/stream/eureka.t b/t/discovery/stream/eureka.t index 5d3246167..df01ddd36 100644 --- a/t/discovery/stream/eureka.t +++ b/t/discovery/stream/eureka.t @@ -45,8 +45,7 @@ add_block_preprocessor(sub { my ($block) = @_; if (!$block->stream_request) { -# GET /eureka/apps/APISIX-EUREKA HTTP/1.1\r\nHost: 127.0.0.1:1985\r\nConnection: close\r\n\r\n -$block->set_value("stream_request", "\x47\x45\x54\x20\x2f\x65\x75\x72\x65\x6b\x61\x2f\x61\x70\x70\x73\x2f\x41\x50\x49\x53\x49\x58\x2d\x45\x55\x52\x45\x4b\x41\x20\x48\x54\x54\x50\x2f\x31\x2e\x31\x0d\x0a\x48\x6f\x73\x74\x3a\x20\x31\x32\x37\x2e\x30\x2e\x30\x2e\x31\x3a\x31\x39\x38\x35\x0d\x0a\x43\x6f\x6e\x6e\x65\x63\x74\x69\x6f\x6e\x3a\x20\x63\x6c\x6f\x73\x65\x0d\x0a\x0d\x0a"); +$block->set_value("stream_request", "GET /eureka/apps/APISIX-EUREKA HTTP/1.1\r\nHost: 127.0.0.1:1985\r\nConnection: close\r\n\r\n"); } });
[apisix] branch master updated: feat: stream subsystem support nacos service discovery (#8584)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new 9e3fd0002 feat: stream subsystem support nacos service discovery (#8584) 9e3fd0002 is described below commit 9e3fd00021c26be38b9d83aee76fa5bc7b6d4501 Author: Ashing Zheng AuthorDate: Thu Jan 12 08:55:52 2023 +0800 feat: stream subsystem support nacos service discovery (#8584) Fixes https://github.com/apache/apisix/issues/7779 --- apisix/cli/ngx_tpl.lua| 1 + apisix/discovery/nacos/init.lua | 3 ++ apisix/init.lua | 5 +++ apisix/router.lua | 3 ++ conf/config-default.yaml | 1 + docs/en/latest/discovery/nacos.md | 19 docs/zh/latest/discovery/nacos.md | 19 t/APISIX.pm | 1 + t/discovery/stream/nacos.t| 92 +++ 9 files changed, 144 insertions(+) diff --git a/apisix/cli/ngx_tpl.lua b/apisix/cli/ngx_tpl.lua index 7a1f4e9c7..95ac3b763 100644 --- a/apisix/cli/ngx_tpl.lua +++ b/apisix/cli/ngx_tpl.lua @@ -139,6 +139,7 @@ stream { lua_shared_dict lrucache-lock-stream {* stream.lua_shared_dict["lrucache-lock-stream"] *}; lua_shared_dict etcd-cluster-health-check-stream {* stream.lua_shared_dict["etcd-cluster-health-check-stream"] *}; +lua_shared_dict worker-events-stream {* stream.lua_shared_dict["worker-events-stream"] *}; {% if enabled_stream_plugins["limit-conn"] then %} lua_shared_dict plugin-limit-conn-stream {* stream.lua_shared_dict["plugin-limit-conn-stream"] *}; diff --git a/apisix/discovery/nacos/init.lua b/apisix/discovery/nacos/init.lua index 225636eb3..e12c025c5 100644 --- a/apisix/discovery/nacos/init.lua +++ b/apisix/discovery/nacos/init.lua @@ -236,6 +236,7 @@ local function get_nacos_services() -- here we use lazy load to work around circle dependency local get_upstreams = require('apisix.upstream').upstreams local get_routes = require('apisix.router').http_routes +local get_stream_routes = require('apisix.router').stream_routes local get_services = require('apisix.http.service').services local values = get_upstreams() iter_and_add_service(services, values) @@ -243,6 +244,8 @@ local function get_nacos_services() iter_and_add_service(services, values) values = get_services() iter_and_add_service(services, values) +values = get_stream_routes() +iter_and_add_service(services, values) return services end diff --git a/apisix/init.lua b/apisix/init.lua index d238bd161..b518f0e30 100644 --- a/apisix/init.lua +++ b/apisix/init.lua @@ -907,6 +907,11 @@ function _M.stream_init_worker() router.stream_init_worker() apisix_upstream.init_worker() +local we = require("resty.worker.events") +local ok, err = we.configure({shm = "worker-events-stream", interval = 0.1}) +if not ok then +error("failed to init worker event: " .. err) +end local discovery = require("apisix.discovery.init").discovery if discovery and discovery.init_worker then discovery.init_worker() diff --git a/apisix/router.lua b/apisix/router.lua index 9bdafebbd..2fd14917c 100644 --- a/apisix/router.lua +++ b/apisix/router.lua @@ -123,6 +123,9 @@ function _M.ssls() end function _M.http_routes() +if not _M.router_http then +return nil, nil +end return _M.router_http.routes() end diff --git a/conf/config-default.yaml b/conf/config-default.yaml index 4dca7bac0..9e47f0660 100755 --- a/conf/config-default.yaml +++ b/conf/config-default.yaml @@ -164,6 +164,7 @@ nginx_config: # config for render the template to generate n etcd-cluster-health-check-stream: 10m lrucache-lock-stream: 10m plugin-limit-conn-stream: 10m + worker-events-stream: 10m # As user can add arbitrary configurations in the snippet, # it is user's responsibility to check the configurations diff --git a/docs/en/latest/discovery/nacos.md b/docs/en/latest/discovery/nacos.md index 684098e7f..ace1860e9 100644 --- a/docs/en/latest/discovery/nacos.md +++ b/docs/en/latest/discovery/nacos.md @@ -56,6 +56,8 @@ discovery: ### Upstream setting + L7 + Here is an example of routing a request with an URI of "/nacos/*" to a service which named "http://192.168.33.1:8848/nacos/v1/ns/instance/list?serviceName=APISIX-NACOS; and use nacos discovery client in the registry: ```shell @@ -96,6 +98,23 @@ The formatted response as below: } ``` + L4 + +Nacos service discovery also supports use in L4, the configuration method is similar to L7. + +```shell +$ curl http://127.0.0.1:9180/apisix/admin/stream_routes/1 -H 'X-API-
[apisix] branch master updated: refactor(admin): refactor resource routes (#8611)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new 3b35a99c3 refactor(admin): refactor resource routes (#8611) 3b35a99c3 is described below commit 3b35a99c3f400657a53c36c6d037b3f025a37c88 Author: dongjunduo AuthorDate: Thu Jan 12 08:55:09 2023 +0800 refactor(admin): refactor resource routes (#8611) Fixes https://github.com/apache/apisix/issues/8569 --- apisix/admin/init.lua | 9 +- apisix/admin/resource.lua | 206 ++ apisix/admin/routes.lua | 181 ++-- 3 files changed, 222 insertions(+), 174 deletions(-) diff --git a/apisix/admin/init.lua b/apisix/admin/init.lua index 3ed8d362e..15c4ee6cb 100644 --- a/apisix/admin/init.lua +++ b/apisix/admin/init.lua @@ -198,8 +198,13 @@ local function run() end end -local code, data = resource[method](seg_id, req_body, seg_sub_path, -uri_args) +local code, data +if seg_res == "routes" then +code, data = resource[method](resource, seg_id, req_body, seg_sub_path, uri_args) +else +code, data = resource[method](seg_id, req_body, seg_sub_path, uri_args) +end + if code then if method == "get" and plugin.enable_data_encryption then if seg_res == "consumers" then diff --git a/apisix/admin/resource.lua b/apisix/admin/resource.lua new file mode 100644 index 0..c4aa21b35 --- /dev/null +++ b/apisix/admin/resource.lua @@ -0,0 +1,206 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one or more +-- contributor license agreements. See the NOTICE file distributed with +-- this work for additional information regarding copyright ownership. +-- The ASF licenses this file to You under the Apache License, Version 2.0 +-- (the "License"); you may not use this file except in compliance with +-- the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. +-- +local core = require("apisix.core") +local utils = require("apisix.admin.utils") +local setmetatable = setmetatable +local tostring = tostring +local type = type + + +local _M = { +need_v3_filter = true, +} + + +local mt = { +__index = _M +} + + +function _M:check_conf(id, conf, need_id) +-- check if missing configurations +if not conf then +return nil, {error_msg = "missing configurations"} +end + +-- check id if need id +id = id or conf.id +if need_id and not id then +return nil, {error_msg = "missing ".. self.kind .. " id"} +end + +if not need_id and id then +return nil, {error_msg = "wrong ".. self.kind .. " id, do not need it"} +end + +if need_id and conf.id and tostring(conf.id) ~= tostring(id) then +return nil, {error_msg = "wrong ".. self.kind .. " id"} +end + +conf.id = id + +core.log.info("schema: ", core.json.delay_encode(self.schema)) +core.log.info("conf : ", core.json.delay_encode(conf)) + +-- check the resource own rules +return self.checker(id, conf, need_id, self.schema) +end + + +function _M:get(id) +local key = "/" .. self.name +if id then +key = key .. "/" .. id +end + +local res, err = core.etcd.get(key, not id) +if not res then +core.log.error("failed to get ", self.kind, "[", key, "] from etcd: ", err) +return 503, {error_msg = err} +end + +utils.fix_count(res.body, id) +return res.status, res.body +end + + +function _M:post(id, conf, sub_path, args) +local id, err = self:check_conf(id, conf, false) +if not id then +return 400, err +end + +local key = "/" .. self.name +utils.inject_timestamp(conf) +local res, err = core.etcd.push(key, conf, args.ttl) +if not res then +core.log.error("failed to post ", self.kind, "[", key, "] to etcd: ", err) +return 503, {error_msg = err} +end + +return res.status, res.body +end + + +function _M:put(id, conf, sub_path, args) +local id, err = self:check_conf(id, conf, true) +if not id then +return 400, err +end + +local key = "/" .. self.name .. "/"
[apisix] branch master updated (3b35a99c3 -> c9ed5d7fe)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git from 3b35a99c3 refactor(admin): refactor resource routes (#8611) add c9ed5d7fe feat: stream subsystem support dns service discovery (#8593) No new revisions were added by this update. Summary of changes: apisix/discovery/dns/init.lua | 24 -- docs/en/latest/discovery/dns.md| 2 +- docs/zh/latest/discovery/dns.md| 2 +- t/discovery/{dns/sanity.t => stream/dns.t} | 132 + 4 files changed, 36 insertions(+), 124 deletions(-) copy t/discovery/{dns/sanity.t => stream/dns.t} (76%)