From f3180c89e31eb395d9e7fef8a5c5a18f751a448b Mon Sep 17 00:00:00 2001 From: wzy0618 <44865628+wzy0618@users.noreply.github.com> Date: Thu, 12 Oct 2023 17:27:09 +0800 Subject: [PATCH] fix: fix and optimize tls in upstream_schema (#10269) --- apisix/schema_def.lua | 12 ++---- t/core/schema_def.t | 98 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 101 insertions(+), 9 deletions(-) diff --git a/apisix/schema_def.lua b/apisix/schema_def.lua index 8413beda7fb1..0fd96940978b 100644 --- a/apisix/schema_def.lua +++ b/apisix/schema_def.lua @@ -402,16 +402,10 @@ local upstream_schema = { }, }, dependencies = { - client_cert = { - required = {"client_key"}, - ["not"] = {required = {"client_cert_id"}} - }, - client_key = { - required = {"client_cert"}, - ["not"] = {required = {"client_cert_id"}} - }, + client_cert = {required = {"client_key"}}, + client_key = {required = {"client_cert"}}, client_cert_id = { - ["not"] = {required = {"client_client", "client_key"}} + ["not"] = {required = {"client_cert", "client_key"}} } } }, diff --git a/t/core/schema_def.t b/t/core/schema_def.t index b6a7bba05b0c..da3bb51f8b26 100644 --- a/t/core/schema_def.t +++ b/t/core/schema_def.t @@ -139,3 +139,101 @@ qr/ok: false err: property "(id|plugins)" is required/ GET /t --- response_body passed + + + +=== TEST 4: sanity check upstream_schema +--- config + location /t { + content_by_lua_block { + local schema_def = require("apisix.schema_def") + local core = require("apisix.core") + local t = require("lib.test_admin") + local ssl_cert = t.read_file("t/certs/apisix.crt") + local ssl_key = t.read_file("t/certs/apisix.key") + local upstream = { + nodes = { + ["127.0.0.1:8080"] = 1 + }, + type = "roundrobin", + tls = { + client_cert_id = 1, + client_cert = ssl_cert, + client_key = ssl_key + } + } + local ok, err = core.schema.check(schema_def.upstream, upstream) + assert(not ok) + assert(err ~= nil) + + upstream = { + nodes = { + ["127.0.0.1:8080"] = 1 + }, + type = "roundrobin", + tls = { + client_cert_id = 1 + } + } + local ok, err = core.schema.check(schema_def.upstream, upstream) + assert(ok) + assert(err == nil, err) + + upstream = { + nodes = { + ["127.0.0.1:8080"] = 1 + }, + type = "roundrobin", + tls = { + client_cert = ssl_cert, + client_key = ssl_key + } + } + local ok, err = core.schema.check(schema_def.upstream, upstream) + assert(ok) + assert(err == nil, err) + + upstream = { + nodes = { + ["127.0.0.1:8080"] = 1 + }, + type = "roundrobin", + tls = { + } + } + local ok, err = core.schema.check(schema_def.upstream, upstream) + assert(ok) + assert(err == nil, err) + + upstream = { + nodes = { + ["127.0.0.1:8080"] = 1 + }, + type = "roundrobin", + tls = { + client_cert = ssl_cert + } + } + local ok, err = core.schema.check(schema_def.upstream, upstream) + assert(not ok) + assert(err ~= nil) + + upstream = { + nodes = { + ["127.0.0.1:8080"] = 1 + }, + type = "roundrobin", + tls = { + client_cert_id = 1, + client_key = ssl_key + } + } + local ok, err = core.schema.check(schema_def.upstream, upstream) + assert(not ok) + assert(err ~= nil) + + ngx.say("passed") + } + } +--- response_body +passed