From f8b52fac05d20a6a54167459240be632d21f6a11 Mon Sep 17 00:00:00 2001 From: sevensolutions <84123899+sevensolutions@users.noreply.github.com> Date: Sat, 7 Oct 2023 13:19:47 +0000 Subject: [PATCH] feat: add token support for consul_kv discovery --- apisix/discovery/consul_kv/init.lua | 18 ++-- apisix/discovery/consul_kv/schema.lua | 1 + docs/en/latest/discovery/consul_kv.md | 1 + t/discovery/consul.t | 2 +- t/discovery/consul_kv.t | 120 ++++++++++++++++++++++++++ 5 files changed, 130 insertions(+), 12 deletions(-) diff --git a/apisix/discovery/consul_kv/init.lua b/apisix/discovery/consul_kv/init.lua index 2dad772ace75..6d616e059190 100644 --- a/apisix/discovery/consul_kv/init.lua +++ b/apisix/discovery/consul_kv/init.lua @@ -320,18 +320,14 @@ end local function format_consul_params(consul_conf) local consul_server_list = core.table.new(0, #consul_conf.servers) - local args + local args = { + token = consul_conf.token, + recurse = true + } - if consul_conf.keepalive == false then - args = { - recurse = true, - } - elseif consul_conf.keepalive then - args = { - recurse = true, - wait = consul_conf.timeout.wait, --blocked wait!=0; unblocked by wait=0 - index = 0, - } + if consul_conf.keepalive then + args.wait = consul_conf.timeout.wait --blocked wait!=0; unblocked by wait=0 + args.index = 0 end for _, v in pairs(consul_conf.servers) do diff --git a/apisix/discovery/consul_kv/schema.lua b/apisix/discovery/consul_kv/schema.lua index a2ebb5d07919..4c02b2c80dd0 100644 --- a/apisix/discovery/consul_kv/schema.lua +++ b/apisix/discovery/consul_kv/schema.lua @@ -24,6 +24,7 @@ return { type = "string", } }, + token = {type = "string", default = ""}, fetch_interval = {type = "integer", minimum = 1, default = 3}, keepalive = { type = "boolean", diff --git a/docs/en/latest/discovery/consul_kv.md b/docs/en/latest/discovery/consul_kv.md index bfb434417033..e0a2602c074b 100644 --- a/docs/en/latest/discovery/consul_kv.md +++ b/docs/en/latest/discovery/consul_kv.md @@ -40,6 +40,7 @@ discovery: servers: - "http://127.0.0.1:8500" - "http://127.0.0.1:8600" + token: "..." # if your consul cluster has enabled acl access control, you need to specify the token prefix: "upstreams" skip_keys: # if you need to skip special keys - "upstreams/unused_api/" diff --git a/t/discovery/consul.t b/t/discovery/consul.t index 29c882dce9b0..739d9f885557 100644 --- a/t/discovery/consul.t +++ b/t/discovery/consul.t @@ -701,7 +701,7 @@ location /v1/acl { } --- request eval "PUT /v1/acl/bootstrap\n" . "{\"BootstrapSecret\": \"2b778dd9-f5f1-6f29-b4b4-9a5fa948757a\"}" ---- error_code: 200 +--- error_code_like: ^(?:200|403)$ diff --git a/t/discovery/consul_kv.t b/t/discovery/consul_kv.t index 9363f768d209..507410f79bd9 100644 --- a/t/discovery/consul_kv.t +++ b/t/discovery/consul_kv.t @@ -109,6 +109,37 @@ discovery: max_fails: 1 _EOC_ +our $yaml_config_with_acl = <<_EOC_; +apisix: + node_listen: 1984 +deployment: + role: data_plane + role_data_plane: + config_provider: yaml +discovery: + consul_kv: + servers: + - "http://127.0.0.1:8502" + token: "2b778dd9-f5f1-6f29-b4b4-9a5fa948757a" + prefix: "upstreams" + skip_keys: + - "upstreams/unused_api/" + timeout: + connect: 1000 + read: 1000 + wait: 60 + weight: 1 + fetch_interval: 1 + keepalive: true + default_service: + host: "127.0.0.1" + port: 20999 + metadata: + fail_timeout: 1 + weight: 1 + max_fails: 1 +_EOC_ + run_tests(); @@ -576,3 +607,92 @@ qr/retry connecting consul after \d seconds/ --- grep_error_log_out retry connecting consul after 1 seconds retry connecting consul after 4 seconds + + + +=== TEST 13: bootstrap acl +--- config +location /v1/acl { + proxy_pass http://127.0.0.1:8502; +} +--- request eval +"PUT /v1/acl/bootstrap\n" . "{\"BootstrapSecret\": \"2b778dd9-f5f1-6f29-b4b4-9a5fa948757a\"}" +--- error_code_like: ^(?:200|403)$ + + + +=== TEST 14: test register and unregister nodes +--- yaml_config eval: $::yaml_config_with_acl +--- apisix_yaml +routes: + - + uri: /* + upstream: + service_name: http://127.0.0.1:8502/v1/kv/upstreams/webpages/ + discovery_type: consul_kv + type: roundrobin +#END +--- config +location /v1/kv { + proxy_pass http://127.0.0.1:8502; + proxy_set_header X-Consul-Token "2b778dd9-f5f1-6f29-b4b4-9a5fa948757a"; +} +location /sleep { + content_by_lua_block { + local args = ngx.req.get_uri_args() + local sec = args.sec or "2" + ngx.sleep(tonumber(sec)) + ngx.say("ok") + } +} +--- timeout: 6 +--- request eval +[ + "DELETE /v1/kv/upstreams/webpages/127.0.0.1:30511", + "DELETE /v1/kv/upstreams/webpages/127.0.0.1:30512", + "PUT /v1/kv/upstreams/webpages/127.0.0.1:30513\n" . "{\"weight\": 1, \"max_fails\": 2, \"fail_timeout\": 1}", + "PUT /v1/kv/upstreams/webpages/127.0.0.1:30514\n" . "{\"weight\": 1, \"max_fails\": 2, \"fail_timeout\": 1}", + "GET /sleep", + + "GET /hello?random1", + "GET /hello?random2", + "GET /hello?random3", + "GET /hello?random4", + + "DELETE /v1/kv/upstreams/webpages/127.0.0.1:30513", + "DELETE /v1/kv/upstreams/webpages/127.0.0.1:30514", + "PUT /v1/kv/upstreams/webpages/127.0.0.1:30511\n" . "{\"weight\": 1, \"max_fails\": 2, \"fail_timeout\": 1}", + "PUT /v1/kv/upstreams/webpages/127.0.0.1:30512\n" . "{\"weight\": 1, \"max_fails\": 2, \"fail_timeout\": 1}", + "GET /sleep?sec=5", + + "GET /hello?random1", + "GET /hello?random2", + "GET /hello?random3", + "GET /hello?random4", + +] +--- response_body_like eval +[ + qr/true/, + qr/true/, + qr/true/, + qr/true/, + qr/ok\n/, + + qr/server [3-4]\n/, + qr/server [3-4]\n/, + qr/server [3-4]\n/, + qr/server [3-4]\n/, + + qr/true/, + qr/true/, + qr/true/, + qr/true/, + qr/ok\n/, + + qr/server [1-2]\n/, + qr/server [1-2]\n/, + qr/server [1-2]\n/, + qr/server [1-2]\n/ +] +--- ignore_error_log