From 9d06df08161a978296496d0e09e2ed9ec5c093a1 Mon Sep 17 00:00:00 2001
From: Wangchong Zhou <fffonion@gmail.com>
Date: Mon, 1 Aug 2022 23:14:01 +0800
Subject: [PATCH] fix(vaults) load vault subschema in `off` strategy (#9174)

---
 kong/db/declarative/init.lua                  |  2 +-
 kong/db/schema/others/declarative_config.lua  | 36 +++++++++++++++++--
 .../01-validate_spec.lua                      | 21 ++++++++++-
 3 files changed, 55 insertions(+), 4 deletions(-)

diff --git a/kong/db/declarative/init.lua b/kong/db/declarative/init.lua
index 0b4b1120d04..9b5dc811239 100644
--- a/kong/db/declarative/init.lua
+++ b/kong/db/declarative/init.lua
@@ -55,7 +55,7 @@ local Config = {}
 -- of the database (e.g. for db_import)
 -- @treturn table A Config schema adjusted for this configuration
 function declarative.new_config(kong_config, partial)
-  local schema, err = declarative_config.load(kong_config.loaded_plugins)
+  local schema, err = declarative_config.load(kong_config.loaded_plugins, kong_config.loaded_vaults)
   if not schema then
     return nil, err
   end
diff --git a/kong/db/schema/others/declarative_config.lua b/kong/db/schema/others/declarative_config.lua
index 73aaabe172e..4470b1516e7 100644
--- a/kong/db/schema/others/declarative_config.lua
+++ b/kong/db/schema/others/declarative_config.lua
@@ -5,6 +5,7 @@ local Entity = require("kong.db.schema.entity")
 local Schema = require("kong.db.schema")
 local constants = require("kong.constants")
 local plugin_loader = require("kong.db.schema.plugin_loader")
+local vault_loader = require("kong.db.schema.vault_loader")
 local schema_topological_sort = require "kong.db.schema.topological_sort"
 
 
@@ -274,6 +275,31 @@ local function load_plugin_subschemas(fields, plugin_set, indent)
   return true
 end
 
+local function load_vault_subschemas(fields, vault_set)
+  if not fields then
+    return true
+  end
+
+  if not vault_set then
+    return true
+  end
+
+  for _, f in ipairs(fields) do
+    local fname, fdata = next(f)
+
+    if fname == "vaults" then
+      for vault in pairs(vault_set) do
+        local _, err = vault_loader.load_subschema(fdata.elements, vault, errors)
+        if err then
+          return nil, err
+        end
+      end
+    end
+  end
+
+  return true
+end
+
 
 local function populate_references(input, known_entities, by_id, by_key, expected, parent_entity)
   for _, entity in ipairs(known_entities) do
@@ -663,7 +689,7 @@ local function flatten(self, input)
     -- and that is the reason why we try to validate the input again with the
     -- filled foreign keys
     if not self.full_schema then
-      self.full_schema = DeclarativeConfig.load(self.plugin_set, true)
+      self.full_schema = DeclarativeConfig.load(self.plugin_set, self.vault_set, true)
     end
 
     local input_copy = utils.deep_copy(input, false)
@@ -742,7 +768,7 @@ local function load_entity_subschemas(entity_name, entity)
 end
 
 
-function DeclarativeConfig.load(plugin_set, include_foreign)
+function DeclarativeConfig.load(plugin_set, vault_set, include_foreign)
   all_schemas = {}
   local schemas_array = {}
   for _, entity in ipairs(constants.CORE_ENTITIES) do
@@ -785,6 +811,11 @@ function DeclarativeConfig.load(plugin_set, include_foreign)
     return nil, err
   end
 
+  local ok, err = load_vault_subschemas(fields, vault_set)
+  if not ok then
+    return nil, err
+  end
+
   -- we replace the "foreign"-type fields at the top-level
   -- with "string"-type fields only after the subschemas have been loaded,
   -- otherwise they will detect the mismatch.
@@ -804,6 +835,7 @@ function DeclarativeConfig.load(plugin_set, include_foreign)
   schema.flatten = flatten
   schema.insert_default_workspace_if_not_given = insert_default_workspace_if_not_given
   schema.plugin_set = plugin_set
+  schema.vault_set = vault_set
 
   return schema, nil, def
 end
diff --git a/spec/01-unit/01-db/01-schema/11-declarative_config/01-validate_spec.lua b/spec/01-unit/01-db/01-schema/11-declarative_config/01-validate_spec.lua
index b8b84b4314c..8eb0695b9e2 100644
--- a/spec/01-unit/01-db/01-schema/11-declarative_config/01-validate_spec.lua
+++ b/spec/01-unit/01-db/01-schema/11-declarative_config/01-validate_spec.lua
@@ -13,7 +13,10 @@ describe("declarative config: validate", function()
 
   lazy_setup(function()
     local _
-    DeclarativeConfig, _, DeclarativeConfig_def = assert(declarative_config.load(helpers.test_conf.loaded_plugins))
+    DeclarativeConfig, _, DeclarativeConfig_def = assert(declarative_config.load(
+      helpers.test_conf.loaded_plugins,
+      helpers.test_conf.loaded_vaults
+    ))
   end)
 
   pending("metaschema", function()
@@ -596,6 +599,22 @@ describe("declarative config: validate", function()
       end)
 
     end)
+
+    describe("vaults", function()
+      it("accepts vaults", function()
+        local config = assert(lyaml.load([[
+          _format_version: "1.1"
+          vaults:
+          - prefix: aba
+            config:
+              prefix: "BANANA_"
+            description: "Banana vault"
+            tags: ~
+            name: env
+        ]]))
+        assert(DeclarativeConfig:validate(config))
+      end)
+    end)
   end)
 
   describe("custom entities", function()