Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

change: creating core resources does not allow passing in create_time and update_time #10232

Merged
merged 3 commits into from
Oct 7, 2023
Merged

change: creating core resources does not allow passing in create_time and update_time #10232

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
63a5040
change: remove create_time and update_time for resources in admin api
Sn0rt Sep 21, 2023
425725c
Merge branch 'master' into api7/remove-create_time-and-update_time
Sn0rt Sep 28, 2023
6a60fb0
fix: follow the review
Sn0rt Sep 28, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 43 additions & 2 deletions apisix/admin/resource.lua
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ local utils = require("apisix.admin.utils")
local apisix_ssl = require("apisix.ssl")
local setmetatable = setmetatable
local tostring = tostring
local ipairs = ipairs
local type = type


Expand Down Expand Up @@ -49,7 +50,38 @@ local function split_typ_and_id(id, sub_path)
end


function _M:check_conf(id, conf, need_id, typ)
local function check_forbidden_properties(conf, forbidden_properties)
local not_allow_properties = "the property is forbidden: "

if conf then
for _, v in ipairs(forbidden_properties) do
if conf[v] then
return not_allow_properties .. " " .. v
end
end

if conf.upstream then
for _, v in ipairs(forbidden_properties) do
if conf.upstream[v] then
return not_allow_properties .. " upstream." .. v
end
end
end

if conf.plugins then
for _, v in ipairs(forbidden_properties) do
if conf.plugins[v] then
return not_allow_properties .. " plugins." .. v
end
end
end
end

return nil
end


function _M:check_conf(id, conf, need_id, typ, allow_time)
if self.name == "secrets" then
id = typ .. "/" .. id
end
Expand All @@ -76,6 +108,15 @@ function _M:check_conf(id, conf, need_id, typ)
conf.id = id
end

-- check create time and update time
if not allow_time then
local forbidden_properties = {"create_time", "update_time"}
local err = check_forbidden_properties(conf, forbidden_properties)
if err then
return nil, {error_msg = err}
end
end

core.log.info("conf : ", core.json.delay_encode(conf))

-- check the resource own rules
Expand Down Expand Up @@ -355,7 +396,7 @@ function _M:patch(id, conf, sub_path, args)

core.log.info("new conf: ", core.json.delay_encode(node_value, true))

local ok, err = self:check_conf(id, node_value, true, typ)
local ok, err = self:check_conf(id, node_value, true, typ, true)
if not ok then
return 400, err
end
Expand Down
24 changes: 3 additions & 21 deletions docs/en/latest/admin-api.md
View file
Open in desktop

Large diffs are not rendered by default.

16 changes: 0 additions & 16 deletions docs/zh/latest/admin-api.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -326,8 +326,6 @@ Route 也称之为路由,可以通过定义一些规则来匹配客户端的
| timeout | 否 | 辅助 | 为 Route 设置 Upstream 连接、发送消息和接收消息的超时时间(单位为秒)。该配置将会覆盖在 Upstream 中配置的 [timeout](#upstream) 选项。 | {"connect": 3, "send": 3, "read": 3} |
| enable_websocket | 否 | 辅助 | 当设置为 `true` 时,启用 `websocket`(boolean), 默认值为 `false`。 | |
| status | 否 | 辅助 | 当设置为 `1` 时,启用该路由,默认值为 `1`。 | `1` 表示启用,`0` 表示禁用。 |
| create_time | 否 | 辅助 | epoch 时间戳,单位为秒。如果不指定则自动创建。 | 1602883670 |
| update_time | 否 | 辅助 | epoch 时间戳,单位为秒。如果不指定则自动创建。 | 1602883670 |

:::note 注意

Expand Down Expand Up @@ -637,8 +635,6 @@ Service 是某类 API 的抽象(也可以理解为一组 Route 的抽象)。
| labels | 否 | 匹配规则 | 标识附加属性的键值对。 | {"version":"v2","build":"16","env":"production"} |
| enable_websocket | 否 | 辅助 | `websocket`(boolean) 配置,默认值为 `false`。 | |
| hosts | 否 | 匹配规则 | 非空列表形态的 `host`,表示允许有多个不同 `host`,匹配其中任意一个即可。| ["foo.com", "\*.bar.com"] |
| create_time | 否 | 辅助 | epoch 时间戳,单位为秒。如果不指定则自动创建。 | 1602883670 |
| update_time | 否 | 辅助 | epoch 时间戳,单位为秒。如果不指定则自动创建。 | 1602883670 |

Service 对象 JSON 配置示例:

Expand Down Expand Up @@ -822,8 +818,6 @@ Consumer 资源请求地址:/apisix/admin/consumers/{username}
| plugins | 否 | Plugin | 该 Consumer 对应的插件配置,它的优先级是最高的:Consumer > Route > Plugin Config > Service。对于具体插件配置,请参考 [Plugins](#plugin)。 | |
| desc | 否 | 辅助 | consumer 描述。 | |
| labels | 否 | 匹配规则 | 标识附加属性的键值对。 | {"version":"v2","build":"16","env":"production"} |
| create_time | 否 | 辅助 | epoch 时间戳,单位为秒。如果不指定则自动创建。 | 1602883670 |
| update_time | 否 | 辅助 | epoch 时间戳,单位为秒。如果不指定则自动创建。 | 1602883670 |

Consumer 对象 JSON 配置示例:

Expand Down Expand Up @@ -919,8 +913,6 @@ APISIX 的 Upstream 除了基本的负载均衡算法选择外,还支持对上
| upstream_host | 否 | 辅助 | 指定上游请求的 host,只在 `pass_host` 配置为 `rewrite` 时有效。 | |
| scheme | 否 | 辅助 | 跟上游通信时使用的 scheme。对于 7 层代理,可选值为 [`http`, `https`, `grpc`, `grpcs`]。对于 4 层代理,可选值为 [`tcp`, `udp`, `tls`]。默认值为 `http`,详细信息请参考下文。 |
| labels | 否 | 匹配规则 | 标识附加属性的键值对。 | {"version":"v2","build":"16","env":"production"} |
| create_time | 否 | 辅助 | epoch 时间戳,单位为秒。如果不指定则自动创建。 | 1602883670 |
| update_time | 否 | 辅助 | epoch 时间戳,单位为秒。如果不指定则自动创建。 | 1602883670 |
| tls.client_cert | 否,不能和 `tls.client_cert_id` 一起使用 | https 证书 | 设置跟上游通信时的客户端证书,详细信息请参考下文。 | |
| tls.client_key | 否,不能和 `tls.client_cert_id` 一起使用 | https 证书私钥 | 设置跟上游通信时的客户端私钥,详细信息请参考下文。 | |
| tls.client_cert_id | 否,不能和 `tls.client_cert`、`tls.client_key` 一起使用 | SSL | 设置引用的 SSL id,详见 [SSL](#ssl)。 | |
Expand Down Expand Up @@ -1210,8 +1202,6 @@ SSL 资源请求地址:/apisix/admin/ssls/{id}
| client.skip_mtls_uri_regex | 否 | PCRE 正则表达式数组 | 用来匹配请求的 URI,如果匹配,则该请求将绕过客户端证书的检查,也就是跳过 MTLS。 | ["/hello[0-9]+", "/foobar"] |
| snis | 是 | 匹配规则 | 非空数组形式,可以匹配多个 SNI。 | |
| labels | 否 | 匹配规则 | 标识附加属性的键值对。 | {"version":"v2","build":"16","env":"production"} |
| create_time | 否 | 辅助 | epoch 时间戳,单位为秒。如果不指定则自动创建。 | 1602883670 |
| update_time | 否 | 辅助 | epoch 时间戳,单位为秒。如果不指定则自动创建。 | 1602883670 |
| type | 否 | 辅助 | 标识证书的类型,默认值为 `server`。 | `client` 表示证书是客户端证书,APISIX 访问上游时使用;`server` 表示证书是服务端证书,APISIX 验证客户端请求时使用。 |
| status | 否 | 辅助 | 当设置为 `1` 时,启用此 SSL,默认值为 `1`。 | `1` 表示启用,`0` 表示禁用 |
| ssl_protocols | 否 | tls 协议字符串数组 | 用于控制服务器与客户端之间使用的 SSL/TLS 协议版本。更多的配置示例,请参考[SSL 协议](./ssl-protocol.md)。 | |
Expand Down Expand Up @@ -1253,8 +1243,6 @@ Global Rule 资源请求地址:/apisix/admin/global_rules/{id}
| 名称 | 必选项 | 类型 | 描述 | 示例值 |
| ----------- | ------ | ------ | ------------------------------------------------- | ---------- |
| plugins | 是 | Plugin | 插件配置。详细信息请参考 [Plugin](terminology/plugin.md)。 | |
| create_time | 否 | 辅助 | epoch 时间戳,单位为秒,如果不指定则自动创建。 | 1602883670 |
| update_time | 否 | 辅助 | epoch 时间戳,单位为秒,如果不指定则自动创建。 | 1602883670 |

## Consumer Group

Expand Down Expand Up @@ -1282,8 +1270,6 @@ Consumer Group 资源请求地址:/apisix/admin/consumer_groups/{id}
|plugins | 是 |Plugin| 插件配置。详细信息请参考 [Plugin](terminology/plugin.md)。 | |
|desc | 否 | 辅助 | 标识描述、使用场景等。 | Consumer 测试。|
|labels | 否 | 辅助 | 标识附加属性的键值对。 |{"version":"v2","build":"16","env":"production"}|
|create_time| 否 | 辅助 | epoch 时间戳,单位为秒,如果不指定则自动创建。 |1602883670|
|update_time| 否 | 辅助 | epoch 时间戳,单位为秒,如果不指定则自动创建。 |1602883670|

## Plugin Config

Expand Down Expand Up @@ -1311,8 +1297,6 @@ Plugin Config 资源请求地址:/apisix/admin/plugin_configs/{id}
|plugins | 是 |Plugin| 更多信息请参考 [Plugin](terminology/plugin.md)。||
|desc | 否 | 辅助 | 标识描述、使用场景等。 |customer xxxx|
|labels | 否 | 辅助 | 标识附加属性的键值对。 |{"version":"v2","build":"16","env":"production"}|
|create_time| 否 | 辅助 | epoch 时间戳,单位为秒,如果不指定则自动创建。 |1602883670|
|update_time| 否 | 辅助 | epoch 时间戳,单位为秒,如果不指定则自动创建。 |1602883670|

## Plugin Metadata

Expand Down
26 changes: 3 additions & 23 deletions t/admin/consumers.t
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -335,26 +335,6 @@ GET /t
}
--- request
GET /t
--- response_body
passed



=== TEST 11: delete test consumer(pony)
--- config
location /t {
content_by_lua_block {
ngx.sleep(0.3)
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/consumers/pony',
ngx.HTTP_DELETE
)

ngx.status = code
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
--- error_code: 400
--- response_body eval
qr/\{"error_msg":"the property is forbidden:.*"\}/
21 changes: 3 additions & 18 deletions t/admin/routes4.t
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -790,21 +790,6 @@ passed
ngx.say(body)
}
}
--- response_body
passed



=== TEST 23: delete test route(id : 1)
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, message = t('/apisix/admin/routes/1',
ngx.HTTP_DELETE
)
ngx.say("[delete] code: ", code, " message: ", message)
}
}
--- response_body
[delete] code: 200 message: passed
--- error_code: 400
--- response_body eval
qr/\{"error_msg":"the property is forbidden:.*"\}/
59 changes: 29 additions & 30 deletions t/admin/services.t
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1171,54 +1171,53 @@ GET /t
local code, body = t('/apisix/admin/services/1',
ngx.HTTP_PUT,
[[{
"upstream": {
"nodes": {
"127.0.0.1:8080": 1
},
"type": "roundrobin",
"create_time": 1602883670,
"update_time": 1602893670
}
}]],
[[{
"value": {
"upstream": {
"nodes": {
"127.0.0.1:8080": 1
},
"type": "roundrobin",
"create_time": 1602883670,
"update_time": 1602893670
}
"upstream": {
"nodes": {
"127.0.0.1:8080": 1
},
"key": "/apisix/services/1"
}]]
)

"type": "roundrobin"
},
"create_time": 1602883670,
"update_time": 1602893670
}]])
ngx.status = code
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
--- error_code: 400
--- response_body eval
qr/\{"error_msg":"the property is forbidden:.*"\}/



=== TEST 35: delete test service(id: 1)
=== TEST 35: create service and the built-in resource with create_time and update_time(id: 1)
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, message = t('/apisix/admin/services/1', ngx.HTTP_DELETE)
ngx.say("[delete] code: ", code, " message: ", message)
local code, body = t('/apisix/admin/services/1',
ngx.HTTP_PUT,
[[{
"upstream": {
"type": "roundrobin",
"nodes": {
"127.0.0.1:8080": 1
},
"create_time": 1602883670,
"update_time": 1602893670
}
}]])
ngx.status = code
ngx.say(body)
}
}
--- request
GET /t
--- response_body
[delete] code: 200 message: passed
--- error_code: 400
--- response_body eval
qr/\{"error_msg":"the property is forbidden:.*"\}/



Expand Down
4 changes: 0 additions & 4 deletions t/admin/ssl.t
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -555,8 +555,6 @@ GET /t
cert = ssl_cert,
key = ssl_key,
sni = "test.com",
create_time = 1602883670,
update_time = 1602893670,
validity_start = 1602873670,
validity_end = 1603893670
}
Expand All @@ -567,8 +565,6 @@ GET /t
[[{
"value": {
"sni": "test.com",
"create_time": 1602883670,
"update_time": 1602893670,
"validity_start": 1602873670,
"validity_end": 1603893670
},
Expand Down
Loading
Loading