feat: add token support for consul_kv discovery

apache · Oct 7, 2023 · f8b52fa · f8b52fa
1 parent 7d8680d
commit f8b52fa
Show file tree

Hide file tree

Showing 5 changed files with 130 additions and 12 deletions.
diff --git a/apisix/discovery/consul_kv/init.lua b/apisix/discovery/consul_kv/init.lua
@@ -320,18 +320,14 @@ end
 
 local function format_consul_params(consul_conf)
     local consul_server_list = core.table.new(0, #consul_conf.servers)
-    local args
+    local args = {
+        token = consul_conf.token,
+        recurse = true
+    }
 
-    if consul_conf.keepalive == false then
-        args = {
-            recurse = true,
-        }
-    elseif consul_conf.keepalive then
-        args = {
-            recurse = true,
-            wait = consul_conf.timeout.wait, --blocked wait!=0; unblocked by wait=0
-            index = 0,
-        }
+    if consul_conf.keepalive then
+        args.wait = consul_conf.timeout.wait --blocked wait!=0; unblocked by wait=0
+        args.index = 0
     end
 
     for _, v in pairs(consul_conf.servers) do

diff --git a/apisix/discovery/consul_kv/schema.lua b/apisix/discovery/consul_kv/schema.lua
@@ -24,6 +24,7 @@ return {
                 type = "string",
             }
         },
+        token = {type = "string", default = ""},
         fetch_interval = {type = "integer", minimum = 1, default = 3},
         keepalive = {
             type = "boolean",

diff --git a/docs/en/latest/discovery/consul_kv.md b/docs/en/latest/discovery/consul_kv.md
@@ -40,6 +40,7 @@ discovery:
     servers:
       - "http://127.0.0.1:8500"
       - "http://127.0.0.1:8600"
+    token: "..."                  # if your consul cluster has enabled acl access control, you need to specify the token
     prefix: "upstreams"
     skip_keys:                    # if you need to skip special keys
       - "upstreams/unused_api/"

diff --git a/t/discovery/consul.t b/t/discovery/consul.t
@@ -701,7 +701,7 @@ location /v1/acl {
 }
 --- request eval
 "PUT /v1/acl/bootstrap\n" . "{\"BootstrapSecret\": \"2b778dd9-f5f1-6f29-b4b4-9a5fa948757a\"}"
---- error_code: 200
+--- error_code_like: ^(?:200|403)$
 
 
 

diff --git a/t/discovery/consul_kv.t b/t/discovery/consul_kv.t
@@ -109,6 +109,37 @@ discovery:
         max_fails: 1
 _EOC_
 
+our $yaml_config_with_acl = <<_EOC_;
+apisix:
+  node_listen: 1984
+deployment:
+  role: data_plane
+  role_data_plane:
+    config_provider: yaml
+discovery:
+  consul_kv:
+    servers:
+      - "http://127.0.0.1:8502"
+    token: "2b778dd9-f5f1-6f29-b4b4-9a5fa948757a"
+    prefix: "upstreams"
+    skip_keys:
+      - "upstreams/unused_api/"
+    timeout:
+      connect: 1000
+      read: 1000
+      wait: 60
+    weight: 1
+    fetch_interval: 1
+    keepalive: true
+    default_service:
+      host: "127.0.0.1"
+      port: 20999
+      metadata:
+        fail_timeout: 1
+        weight: 1
+        max_fails: 1
+_EOC_
+
 
 run_tests();
 
@@ -576,3 +607,92 @@ qr/retry connecting consul after \d seconds/
 --- grep_error_log_out
 retry connecting consul after 1 seconds
 retry connecting consul after 4 seconds
+
+
+
+=== TEST 13: bootstrap acl
+--- config
+location /v1/acl {
+    proxy_pass http://127.0.0.1:8502;
+}
+--- request eval
+"PUT /v1/acl/bootstrap\n" . "{\"BootstrapSecret\": \"2b778dd9-f5f1-6f29-b4b4-9a5fa948757a\"}"
+--- error_code_like: ^(?:200|403)$
+
+
+
+=== TEST 14: test register and unregister nodes
+--- yaml_config eval: $::yaml_config_with_acl
+--- apisix_yaml
+routes:
+  -
+    uri: /*
+    upstream:
+      service_name: http://127.0.0.1:8502/v1/kv/upstreams/webpages/
+      discovery_type: consul_kv
+      type: roundrobin
+#END
+--- config
+location /v1/kv {
+    proxy_pass http://127.0.0.1:8502;
+    proxy_set_header X-Consul-Token "2b778dd9-f5f1-6f29-b4b4-9a5fa948757a";
+}
+location /sleep {
+    content_by_lua_block {
+        local args = ngx.req.get_uri_args()
+        local sec = args.sec or "2"
+        ngx.sleep(tonumber(sec))
+        ngx.say("ok")
+    }
+}
+--- timeout: 6
+--- request eval
+[
+    "DELETE /v1/kv/upstreams/webpages/127.0.0.1:30511",
+    "DELETE /v1/kv/upstreams/webpages/127.0.0.1:30512",
+    "PUT /v1/kv/upstreams/webpages/127.0.0.1:30513\n" . "{\"weight\": 1, \"max_fails\": 2, \"fail_timeout\": 1}",
+    "PUT /v1/kv/upstreams/webpages/127.0.0.1:30514\n" . "{\"weight\": 1, \"max_fails\": 2, \"fail_timeout\": 1}",
+    "GET /sleep",
+
+    "GET /hello?random1",
+    "GET /hello?random2",
+    "GET /hello?random3",
+    "GET /hello?random4",
+
+    "DELETE /v1/kv/upstreams/webpages/127.0.0.1:30513",
+    "DELETE /v1/kv/upstreams/webpages/127.0.0.1:30514",
+    "PUT /v1/kv/upstreams/webpages/127.0.0.1:30511\n" . "{\"weight\": 1, \"max_fails\": 2, \"fail_timeout\": 1}",
+    "PUT /v1/kv/upstreams/webpages/127.0.0.1:30512\n" . "{\"weight\": 1, \"max_fails\": 2, \"fail_timeout\": 1}",
+    "GET /sleep?sec=5",
+
+    "GET /hello?random1",
+    "GET /hello?random2",
+    "GET /hello?random3",
+    "GET /hello?random4",
+
+]
+--- response_body_like eval
+[
+    qr/true/,
+    qr/true/,
+    qr/true/,
+    qr/true/,
+    qr/ok\n/,
+
+    qr/server [3-4]\n/,
+    qr/server [3-4]\n/,
+    qr/server [3-4]\n/,
+    qr/server [3-4]\n/,
+
+    qr/true/,
+    qr/true/,
+    qr/true/,
+    qr/true/,
+    qr/ok\n/,
+
+    qr/server [1-2]\n/,
+    qr/server [1-2]\n/,
+    qr/server [1-2]\n/,
+    qr/server [1-2]\n/
+]
+--- ignore_error_log