修复访问策略 cors 数据转换的问题 (#172)

TencentBlueKing · Aug 3, 2023 · 2224630 · 2224630
1 parent 4d2b31a
commit 2224630
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 5 deletions.
diff --git a/src/dashboard/apigateway/apigateway/controller/crds/release_data/access_strategy.py b/src/dashboard/apigateway/apigateway/controller/crds/release_data/access_strategy.py
@@ -137,16 +137,20 @@ def _to_plugin_config(self, access_strategy: AccessStrategy) -> Dict[str, Any]:
         config = access_strategy.config
         allow_origins, allow_origins_by_regex = self._convert_allowed_origins(config["allowed_origins"])
         plugin_config = {
-            # 在 plugin BkCorsConvertor 中，统一处理 allow_origins, allow_origins_by_regex 空数据
-            "allow_origins": allow_origins,
-            "allow_origins_by_regex": allow_origins_by_regex,
+            # allow_origins 要求必须满足正则条件，不能为空字符串，且其不存在时，在 apisix 默认值为 *，
+            # 若 allow_credential=true，apisix schema 校验会失败，因此为空时，将其设置为 "null"
+            "allow_origins": allow_origins or "null",
             "allow_methods": self._convert_allowed_methods(config["allowed_methods"]),
             "allow_headers": self._convert_allowed_headers(config["allowed_headers"]),
             "expose_headers": self._convert_expose_headers(config.get("exposed_headers", [])),
             "max_age": config.get("max_age", 5),
             "allow_credential": config.get("allow_credentials") or False,
         }
 
+        if allow_origins_by_regex:
+            # allow_origins_by_regex 要求数组最小长度为 1
+            plugin_config["allow_origins_by_regex"] = allow_origins_by_regex
+
         return plugin_config
 
     def _convert_allowed_origins(self, allowed_origins: List[str]) -> Tuple[str, List]:

diff --git a/...ashboard/apigateway/apigateway/tests/controller/crds/release_data/test_access_strategy.py b/...ashboard/apigateway/apigateway/tests/controller/crds/release_data/test_access_strategy.py
@@ -102,7 +102,6 @@ def setup_fixture(self):
                 },
                 {
                     "allow_origins": "http://demo.example.com",
-                    "allow_origins_by_regex": [],
                     "allow_methods": "GET,POST,OPTIONS",
                     "allow_headers": "X-Token,X-Requested-With",
                     "expose_headers": "X-Token,X-Foo",
@@ -120,7 +119,7 @@ def setup_fixture(self):
                     "allow_credentials": False,
                 },
                 {
-                    "allow_origins": "",
+                    "allow_origins": "null",
                     "allow_origins_by_regex": [r"^http://demo\.example\.com$", r"^http://.*\.example\.com$"],
                     "allow_methods": "GET",
                     "allow_headers": "X-Token",