From 2308af8390dd56146ec24461458da98a8bb3b96d Mon Sep 17 00:00:00 2001 From: spacewander Date: Thu, 26 Nov 2020 17:36:56 +0800 Subject: [PATCH 1/3] fix: validate plugin configuration in the DP Fix #2834 --- apisix/admin/plugins.lua | 66 +------------ apisix/core/config_etcd.lua | 28 ++++++ apisix/core/config_yaml.lua | 24 ++++- apisix/http/router/radixtree_host_uri.lua | 2 + apisix/http/router/radixtree_uri.lua | 2 + apisix/http/service.lua | 2 + apisix/plugin.lua | 98 +++++++++++++++++++ apisix/plugins/openid-connect.lua | 13 ++- apisix/router.lua | 4 +- apisix/stream/router/ip_port.lua | 2 + rockspec/apisix-master-0.rockspec | 2 +- t/config-center-yaml/global-rule.t | 114 ++++++++++++++++++++++ t/config-center-yaml/route-service.t | 53 ++++++++++ t/config-center-yaml/route.t | 104 +++++++++++++++++--- t/config-center-yaml/stream-route.t | 102 +++++++++++++++++++ t/core/etcd-sync.t | 38 ++++++++ t/plugin/openid-connect.t | 8 +- 17 files changed, 579 insertions(+), 83 deletions(-) create mode 100644 t/config-center-yaml/global-rule.t create mode 100644 t/config-center-yaml/stream-route.t diff --git a/apisix/admin/plugins.lua b/apisix/admin/plugins.lua index 4a95d1898f19..78211f07e03a 100644 --- a/apisix/admin/plugins.lua +++ b/apisix/admin/plugins.lua @@ -16,12 +16,10 @@ -- local require = require local core = require("apisix.core") -local local_plugins = require("apisix.plugin").plugins_hash -local stream_local_plugins = require("apisix.plugin").stream_plugins_hash -local pairs = pairs +local check_schema = require("apisix.plugin").check_schema +local stream_check_schema = require("apisix.plugin").stream_check_schema local ipairs = ipairs local pcall = pcall -local type = type local table_sort = table.sort local table_insert = table.insert local get_uri_args = ngx.req.get_uri_args @@ -30,68 +28,12 @@ local _M = {} function _M.check_schema(plugins_conf, schema_type) - for name, plugin_conf in pairs(plugins_conf) do - core.log.info("check plugin scheme, name: ", name, ", configurations: ", - core.json.delay_encode(plugin_conf, true)) - if type(plugin_conf) ~= "table" then - return false, "invalid plugin conf " .. - core.json.encode(plugin_conf, true) .. - " for plugin [" .. name .. "]" - end - - local plugin_obj = local_plugins[name] - if not plugin_obj then - return false, "unknown plugin [" .. name .. "]" - end - - if plugin_obj.check_schema then - local disable = plugin_conf.disable - plugin_conf.disable = nil - - local ok, err = plugin_obj.check_schema(plugin_conf, schema_type) - if not ok then - return false, "failed to check the configuration of plugin " - .. name .. " err: " .. err - end - - plugin_conf.disable = disable - end - end - - return true + return check_schema(plugins_conf, schema_type, false) end function _M.stream_check_schema(plugins_conf, schema_type) - for name, plugin_conf in pairs(plugins_conf) do - core.log.info("check stream plugin scheme, name: ", name, - ": ", core.json.delay_encode(plugin_conf, true)) - if type(plugin_conf) ~= "table" then - return false, "invalid plugin conf " .. - core.json.encode(plugin_conf, true) .. - " for plugin [" .. name .. "]" - end - - local plugin_obj = stream_local_plugins[name] - if not plugin_obj then - return false, "unknown plugin [" .. name .. "]" - end - - if plugin_obj.check_schema then - local disable = plugin_conf.disable - plugin_conf.disable = nil - - local ok, err = plugin_obj.check_schema(plugin_conf, schema_type) - if not ok then - return false, "failed to check the configuration of " - .. "stream plugin [" .. name .. "]: " .. err - end - - plugin_conf.disable = disable - end - end - - return true + return stream_check_schema(plugins_conf, schema_type, false) end diff --git a/apisix/core/config_etcd.lua b/apisix/core/config_etcd.lua index 161eb7d2aabf..34b6ac9f33c9 100644 --- a/apisix/core/config_etcd.lua +++ b/apisix/core/config_etcd.lua @@ -216,6 +216,14 @@ local function sync_data(self) end end + if data_valid and self.checker then + data_valid, err = self.checker(item.value) + if not data_valid then + log.error("failed to check item data of [", self.key, + "] err:", err, " ,val: ", json.delay_encode(item.value)) + end + end + if data_valid then changed = true insert_tab(self.values, item) @@ -256,6 +264,14 @@ local function sync_data(self) end end + if data_valid and self.checker then + data_valid, err = self.checker(item.value) + if not data_valid then + log.error("failed to check item data of [", self.key, + "] err:", err, " ,val: ", json.delay_encode(item.value)) + end + end + if data_valid then changed = true insert_tab(self.values, item) @@ -349,6 +365,16 @@ local function sync_data(self) return false, "failed to check item data of [" .. self.key .. "] err:" .. err end + + if self.checker then + local ok, err = self.checker(res.value) + if not ok then + self:upgrade_version(res.modifiedIndex) + + return false, "failed to check item data of [" + .. self.key .. "] err:" .. err + end + end end self:upgrade_version(res.modifiedIndex) @@ -538,6 +564,7 @@ function _M.new(key, opts) local filter_fun = opts and opts.filter local timeout = opts and opts.timeout local single_item = opts and opts.single_item + local checker = opts and opts.checker local obj = setmetatable({ etcd_cli = nil, @@ -545,6 +572,7 @@ function _M.new(key, opts) key = key and prefix .. key, automatic = automatic, item_schema = item_schema, + checker = checker, sync_times = 0, running = true, conf_version = 0, diff --git a/apisix/core/config_yaml.lua b/apisix/core/config_yaml.lua index 16bbeb883456..733761f59e66 100644 --- a/apisix/core/config_yaml.lua +++ b/apisix/core/config_yaml.lua @@ -157,6 +157,14 @@ local function sync_data(self) log.error("failed to check item data of [", self.key, "] err:", err, " ,val: ", json.delay_encode(item)) end + + if data_valid and self.checker then + data_valid, err = self.checker(item) + if not data_valid then + log.error("failed to check item data of [", self.key, + "] err:", err, " ,val: ", json.delay_encode(item)) + end + end end if data_valid then @@ -180,8 +188,8 @@ local function sync_data(self) if type(item) ~= "table" then data_valid = false log.error("invalid item data of [", self.key .. "/" .. id, - "], val: ", json.delay_encode(item), - ", it shoud be a object") + "], val: ", json.delay_encode(item), + ", it shoud be a object") end local key = item.id or "arr_" .. i @@ -192,7 +200,15 @@ local function sync_data(self) data_valid, err = check_schema(self.item_schema, item) if not data_valid then log.error("failed to check item data of [", self.key, - "] err:", err, " ,val: ", json.delay_encode(item)) + "] err:", err, " ,val: ", json.delay_encode(item)) + end + end + + if data_valid and self.checker then + data_valid, err = self.checker(item) + if not data_valid then + log.error("failed to check item data of [", self.key, + "] err:", err, " ,val: ", json.delay_encode(item)) end end @@ -287,6 +303,7 @@ function _M.new(key, opts) local item_schema = opts and opts.item_schema local filter_fun = opts and opts.filter local single_item = opts and opts.single_item + local checker = opts and opts.checker -- like /routes and /upstreams, remove first char `/` if key then @@ -296,6 +313,7 @@ function _M.new(key, opts) local obj = setmetatable({ automatic = automatic, item_schema = item_schema, + checker = checker, sync_times = 0, running = true, conf_version = 0, diff --git a/apisix/http/router/radixtree_host_uri.lua b/apisix/http/router/radixtree_host_uri.lua index 97bad348a308..582b72b293d1 100644 --- a/apisix/http/router/radixtree_host_uri.lua +++ b/apisix/http/router/radixtree_host_uri.lua @@ -17,6 +17,7 @@ local require = require local router = require("resty.radixtree") local core = require("apisix.core") +local plugin_checker = require("apisix.plugin").plugin_checker local ipairs = ipairs local type = type local error = error @@ -160,6 +161,7 @@ function _M.init_worker(filter) user_routes, err = core.config.new("/routes", { automatic = true, item_schema = core.schema.route, + checker = plugin_checker, filter = filter, }) if not user_routes then diff --git a/apisix/http/router/radixtree_uri.lua b/apisix/http/router/radixtree_uri.lua index 812b84ce9787..4c9c4e9f37ba 100644 --- a/apisix/http/router/radixtree_uri.lua +++ b/apisix/http/router/radixtree_uri.lua @@ -17,6 +17,7 @@ local require = require local router = require("resty.radixtree") local core = require("apisix.core") +local plugin_checker = require("apisix.plugin").plugin_checker local ipairs = ipairs local type = type local error = error @@ -116,6 +117,7 @@ function _M.init_worker(filter) user_routes, err = core.config.new("/routes", { automatic = true, item_schema = core.schema.route, + checker = plugin_checker, filter = filter, }) if not user_routes then diff --git a/apisix/http/service.lua b/apisix/http/service.lua index 161d82fe2358..a23924d4cb18 100644 --- a/apisix/http/service.lua +++ b/apisix/http/service.lua @@ -15,6 +15,7 @@ -- limitations under the License. -- local core = require("apisix.core") +local plugin_checker = require("apisix.plugin").plugin_checker local ipairs = ipairs local services local error = error @@ -87,6 +88,7 @@ function _M.init_worker() services, err = core.config.new("/services", { automatic = true, item_schema = core.schema.service, + checker = plugin_checker, filter = filter, }) if not services then diff --git a/apisix/plugin.lua b/apisix/plugin.lua index a319fbc86ee3..3b895e41b213 100644 --- a/apisix/plugin.lua +++ b/apisix/plugin.lua @@ -498,4 +498,102 @@ function _M.get(name) end +local function check_schema(plugins_conf, schema_type, skip_disabled_plugin) + for name, plugin_conf in pairs(plugins_conf) do + core.log.info("check plugin scheme, name: ", name, ", configurations: ", + core.json.delay_encode(plugin_conf, true)) + if type(plugin_conf) ~= "table" then + return false, "invalid plugin conf " .. + core.json.encode(plugin_conf, true) .. + " for plugin [" .. name .. "]" + end + + local plugin_obj = local_plugins_hash[name] + if not plugin_obj then + if skip_disabled_plugin then + goto CONTINUE + else + return false, "unknown plugin [" .. name .. "]" + end + end + + if plugin_obj.check_schema then + local disable = plugin_conf.disable + plugin_conf.disable = nil + + local ok, err = plugin_obj.check_schema(plugin_conf, schema_type) + if not ok then + return false, "failed to check the configuration of plugin " + .. name .. " err: " .. err + end + + plugin_conf.disable = disable + end + + ::CONTINUE:: + end + + return true +end +_M.check_schema = check_schema + + +local function stream_check_schema(plugins_conf, schema_type, skip_disabled_plugin) + for name, plugin_conf in pairs(plugins_conf) do + core.log.info("check stream plugin scheme, name: ", name, + ": ", core.json.delay_encode(plugin_conf, true)) + if type(plugin_conf) ~= "table" then + return false, "invalid plugin conf " .. + core.json.encode(plugin_conf, true) .. + " for plugin [" .. name .. "]" + end + + local plugin_obj = stream_local_plugins_hash[name] + if not plugin_obj then + if skip_disabled_plugin then + goto CONTINUE + else + return false, "unknown plugin [" .. name .. "]" + end + end + + if plugin_obj.check_schema then + local disable = plugin_conf.disable + plugin_conf.disable = nil + + local ok, err = plugin_obj.check_schema(plugin_conf, schema_type) + if not ok then + return false, "failed to check the configuration of " + .. "stream plugin [" .. name .. "]: " .. err + end + + plugin_conf.disable = disable + end + + ::CONTINUE:: + end + + return true +end +_M.stream_check_schema = stream_check_schema + + +function _M.plugin_checker(item) + if item.plugins then + return check_schema(item.plugins, nil, true) + end + + return true +end + + +function _M.stream_plugin_checker(item) + if item.plugins then + return stream_check_schema(item.plugins, nil, true) + end + + return true +end + + return _M diff --git a/apisix/plugins/openid-connect.lua b/apisix/plugins/openid-connect.lua index 29aca4c85ebd..1dca41907031 100644 --- a/apisix/plugins/openid-connect.lua +++ b/apisix/plugins/openid-connect.lua @@ -54,6 +54,11 @@ local _M = { } function _M.check_schema(conf) + if conf.ssl_verify == "no" then + -- we used to set 'ssl_verify' to "no" + conf.ssl_verify = false + end + local ok, err = core.schema.check(schema, conf) if not ok then return false, err @@ -63,7 +68,9 @@ function _M.check_schema(conf) conf.scope = "openid" end if not conf.ssl_verify then - conf.ssl_verify = "no" + -- we need to use a boolean default value here + -- so that the schema can pass check in the DP + conf.ssl_verify = false end if not conf.timeout then conf.timeout = 3 @@ -144,6 +151,10 @@ function _M.access(plugin_conf, ctx) if not conf.redirect_uri then conf.redirect_uri = ctx.var.request_uri end + if not conf.ssl_verify then + -- openidc use "no" to disable ssl verification + conf.ssl_verify = "no" + end local response, err if conf.introspection_endpoint or conf.public_key then diff --git a/apisix/router.lua b/apisix/router.lua index 87c46625d5bd..b76b16d98729 100644 --- a/apisix/router.lua +++ b/apisix/router.lua @@ -16,6 +16,7 @@ -- local require = require local core = require("apisix.core") +local plugin_checker = require("apisix.plugin").plugin_checker local error = error local pairs = pairs local ipairs = ipairs @@ -88,7 +89,8 @@ function _M.http_init_worker() local global_rules, err = core.config.new("/global_rules", { automatic = true, - item_schema = core.schema.global_rule + item_schema = core.schema.global_rule, + checker = plugin_checker, }) if not global_rules then error("failed to create etcd instance for fetching /global_rules : " diff --git a/apisix/stream/router/ip_port.lua b/apisix/stream/router/ip_port.lua index 23f020d041a8..85e18a5bccb3 100644 --- a/apisix/stream/router/ip_port.lua +++ b/apisix/stream/router/ip_port.lua @@ -15,6 +15,7 @@ -- limitations under the License. -- local core = require("apisix.core") +local plugin_checker = require("apisix.plugin").stream_plugin_checker local ipairs = ipairs local error = error local ngx_exit = ngx.exit @@ -84,6 +85,7 @@ function _M.stream_init_worker(filter) user_routes, err = core.config.new("/stream_routes", { automatic = true, item_schema = core.schema.stream_route, + checker = plugin_checker, filter = filter, }) diff --git a/rockspec/apisix-master-0.rockspec b/rockspec/apisix-master-0.rockspec index aac126a724e2..67b4207b5df6 100644 --- a/rockspec/apisix-master-0.rockspec +++ b/rockspec/apisix-master-0.rockspec @@ -47,7 +47,7 @@ dependencies = { "luafilesystem = 1.7.0-2", "lua-tinyyaml = 1.0", "lua-resty-prometheus = 1.1", - "jsonschema = 0.8", + "jsonschema = 0.9.2", "lua-resty-ipmatcher = 0.6", "lua-resty-kafka = 0.07", "lua-resty-logger-socket = 2.0-0", diff --git a/t/config-center-yaml/global-rule.t b/t/config-center-yaml/global-rule.t new file mode 100644 index 000000000000..00813faaaf00 --- /dev/null +++ b/t/config-center-yaml/global-rule.t @@ -0,0 +1,114 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +use t::APISIX 'no_plan'; + +repeat_each(1); +log_level('info'); +no_root_location(); +no_shuffle(); + +add_block_preprocessor(sub { + my ($block) = @_; + + my $yaml_config = $block->yaml_config // <<_EOC_; +apisix: + node_listen: 1984 + config_center: yaml + enable_admin: false +_EOC_ + + $block->set_value("yaml_config", $yaml_config); + + if (!$block->request) { + $block->set_value("request", "GET /hello"); + } + + if (!$block->error_log && !$block->no_error_log) { + $block->set_value("no_error_log", "[error]\n[alert]"); + } +}); + +run_tests(); + +__DATA__ + +=== TEST 1: sanity +--- apisix_yaml +routes: + - + id: 1 + uri: /hello + upstream: + nodes: + "127.0.0.1:1980": 1 + type: roundrobin +global_rules: + - + id: 1 + plugins: + response-rewrite: + body: "hello\n" +#END +--- response_body +hello + + + +=== TEST 2: global rule with bad plugin +--- apisix_yaml +routes: + - + id: 1 + uri: /hello + upstream: + nodes: + "127.0.0.1:1980": 1 + type: roundrobin +global_rules: + - + id: 1 + plugins: + response-rewrite: + body: 4 +#END +--- response_body +hello world +--- error_log +property "body" validation failed + + + +=== TEST 3: fix global rule with default value +--- apisix_yaml +routes: + - + id: 1 + uri: /hello + upstream: + nodes: + "127.0.0.1:1980": 1 + type: roundrobin + +global_rules: + - + id: 1 + plugins: + uri-blocker: + block_rules: + - /h* +#END +--- error_code: 403 diff --git a/t/config-center-yaml/route-service.t b/t/config-center-yaml/route-service.t index 8876022b2571..c83af6fb4470 100644 --- a/t/config-center-yaml/route-service.t +++ b/t/config-center-yaml/route-service.t @@ -252,3 +252,56 @@ GET /hello hello --- no_error_log [error] + + + +=== TEST 8: service with bad plugin +--- yaml_config eval: $::yaml_config +--- apisix_yaml +routes: + - + id: 1 + uri: /hello + service_id: 1 +services: + - + id: 1 + plugins: + proxy-rewrite: + uri: 1 + upstream: + nodes: + "127.0.0.1:1980": 1 + type: roundrobin +#END +--- request +GET /hello +--- error_code: 404 +--- error_log +property "uri" validation failed + + + +=== TEST 9: fix service with default value +--- yaml_config eval: $::yaml_config +--- apisix_yaml +routes: + - + id: 1 + uri: /hello + service_id: 1 +services: + - + id: 1 + plugins: + uri-blocker: + block_rules: + - /h* + upstream: + nodes: + "127.0.0.1:1980": 1 + type: roundrobin +#END +--- request +GET /hello +--- error_code: 403 diff --git a/t/config-center-yaml/route.t b/t/config-center-yaml/route.t index 81a37d1bf150..ba6c137e9867 100644 --- a/t/config-center-yaml/route.t +++ b/t/config-center-yaml/route.t @@ -102,22 +102,104 @@ hello world -=== TEST 4: stream route +=== TEST 4: route with bad plugin --- yaml_config eval: $::yaml_config --- apisix_yaml -stream_routes: - - server_addr: 127.0.0.1 - server_port: 1985 +routes: + - + id: 1 + uri: /hello + plugins: + proxy-rewrite: + uri: 1 + upstream: + nodes: + "127.0.0.1:1980": 1 + type: roundrobin +#END +--- request +GET /hello +--- error_code: 404 +--- error_log +property "uri" validation failed + + + +=== TEST 5: ignore unknown plugin +--- yaml_config eval: $::yaml_config +--- apisix_yaml +routes: + - id: 1 + uri: /hello + plugins: + x-rewrite: + uri: 1 upstream: - nodes: - "127.0.0.1:1995": 1 - type: roundrobin + nodes: + "127.0.0.1:1980": 1 + type: roundrobin #END ---- stream_enable ---- stream_request eval -mmm ---- stream_response +--- request +GET /hello +--- response_body hello world --- no_error_log [error] + + + +=== TEST 6: route with bad plugin, radixtree_host_uri +--- yaml_config +apisix: + node_listen: 1984 + config_center: yaml + enable_admin: false + router: + http: "radixtree_host_uri" +--- apisix_yaml +routes: + - + id: 1 + uri: /hello + plugins: + proxy-rewrite: + uri: 1 + upstream: + nodes: + "127.0.0.1:1980": 1 + type: roundrobin +#END +--- request +GET /hello +--- error_code: 404 +--- error_log +property "uri" validation failed + + + +=== TEST 7: fix route with default value +--- yaml_config +apisix: + node_listen: 1984 + config_center: yaml + enable_admin: false + router: + http: "radixtree_host_uri" +--- apisix_yaml +routes: + - + id: 1 + uri: /hello + plugins: + uri-blocker: + block_rules: + - /h* + upstream: + nodes: + "127.0.0.1:1980": 1 + type: roundrobin +#END +--- request +GET /hello +--- error_code: 403 diff --git a/t/config-center-yaml/stream-route.t b/t/config-center-yaml/stream-route.t new file mode 100644 index 000000000000..204679783ea4 --- /dev/null +++ b/t/config-center-yaml/stream-route.t @@ -0,0 +1,102 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +use t::APISIX 'no_plan'; + +repeat_each(1); +log_level('info'); +no_root_location(); +no_shuffle(); + +add_block_preprocessor(sub { + my ($block) = @_; + + my $yaml_config = $block->yaml_config // <<_EOC_; +apisix: + node_listen: 1984 + config_center: yaml + enable_admin: false +_EOC_ + + $block->set_value("yaml_config", $yaml_config); + + $block->set_value("stream_enable", 1); + + if (!$block->stream_request) { + $block->set_value("stream_request", "mmm"); + } + + if (!$block->error_log && !$block->no_error_log) { + $block->set_value("no_error_log", "[error]\n[alert]"); + } +}); + +run_tests(); + +__DATA__ + + +=== TEST 1: sanity +--- apisix_yaml +stream_routes: + - server_addr: 127.0.0.1 + server_port: 1985 + id: 1 + upstream: + nodes: + "127.0.0.1:1995": 1 + type: roundrobin +#END +--- stream_response +hello world + + + +=== TEST 2: rule with bad plugin +--- apisix_yaml +stream_routes: + - server_addr: 127.0.0.1 + server_port: 1985 + id: 1 + plugins: + mqtt-proxy: + uri: 1 + upstream: + nodes: + "127.0.0.1:1995": 1 + type: roundrobin +#END +--- error_log eval +qr/property "\w+" is required/ + + + +=== TEST 3: ignore unknown plugin +--- apisix_yaml +stream_routes: + - server_addr: 127.0.0.1 + server_port: 1985 + id: 1 + plugins: + x-rewrite: + uri: 1 + upstream: + nodes: + "127.0.0.1:1995": 1 + type: roundrobin +#END +--- stream_response +hello world diff --git a/t/core/etcd-sync.t b/t/core/etcd-sync.t index 65a8bcaecf27..af4260ea1f66 100644 --- a/t/core/etcd-sync.t +++ b/t/core/etcd-sync.t @@ -154,3 +154,41 @@ GET /t prev_index not update --- no_error_log [error] + + + +=== TEST 4: bad plugin configuration (validated via incremental sync) +--- config + location /t { + content_by_lua_block { + local core = require("apisix.core") + + assert(core.etcd.set("/global_rules/etcdsync", + {id = 1, plugins = { ["proxy-rewrite"] = { uri = 1 }}} + )) + -- wait for sync + ngx.sleep(0.6) + } + } +--- request +GET /t +--- error_log +property "uri" validation failed + + + +=== TEST 5: bad plugin configuration (validated via full sync) +--- config + location /t { + content_by_lua_block { + local core = require("apisix.core") + -- wait for full sync finish + ngx.sleep(0.6) + + assert(core.etcd.delete("/global_rules/etcdsync")) + } + } +--- request +GET /t +--- error_log +property "uri" validation failed diff --git a/t/plugin/openid-connect.t b/t/plugin/openid-connect.t index bc15ca750b00..d2d251bd26fd 100644 --- a/t/plugin/openid-connect.t +++ b/t/plugin/openid-connect.t @@ -127,7 +127,7 @@ done "client_secret": "60Op4HFM0I8ajz0WdiStAbziZ-VFQttXuxixHHs2R7r7-CW8GR79l-mmLqMhc-Sa", "discovery": "http://127.0.0.1:1980/.well-known/openid-configuration", "redirect_uri": "https://iresty.com", - "ssl_verify": "no", + "ssl_verify": false, "timeout": 10000, "scope": "apisix" } @@ -228,7 +228,7 @@ true "client_secret": "60Op4HFM0I8ajz0WdiStAbziZ-VFQttXuxixHHs2R7r7-CW8GR79l-mmLqMhc-Sa", "discovery": "https://samples.auth0.com/.well-known/openid-configuration", "redirect_uri": "https://iresty.com", - "ssl_verify": "no", + "ssl_verify": false, "timeout": 10000, "bearer_only": true, "scope": "apisix" @@ -318,7 +318,7 @@ hnrbED3Dpsl9JXAx90MYsIWp51hBxJSE/EPVK8WF/sjHK1xQbEuDfEECAwEAAQ== "client_secret": "60Op4HFM0I8ajz0WdiStAbziZ-VFQttXuxixHHs2R7r7-CW8GR79l-mmLqMhc-Sa", "discovery": "https://samples.auth0.com/.well-known/openid-configuration", "redirect_uri": "https://iresty.com", - "ssl_verify": "no", + "ssl_verify": false, "timeout": 10000, "bearer_only": true, "scope": "apisix", @@ -460,7 +460,7 @@ jwt signature verification failed "client_secret": "d1ec69e9-55d2-4109-a3ea-befa071579d5", "discovery": "http://127.0.0.1:8090/auth/realms/University/.well-known/openid-configuration", "redirect_uri": "http://localhost:3000", - "ssl_verify": "no", + "ssl_verify": false, "timeout": 10000, "bearer_only": true, "realm": "University", From 0e00766d7e30c3b723d938a07a63639f30a2bc69 Mon Sep 17 00:00:00 2001 From: spacewander Date: Fri, 27 Nov 2020 16:36:17 +0800 Subject: [PATCH 2/3] tweak test expect for new jsonschema lib --- t/admin/health-check.t | 2 +- t/plugin/api-breaker.t | 2 +- t/plugin/basic-auth.t | 54 +++++++++++++++++++++++++++++++++++------- t/plugin/hmac-auth.t | 36 +++++++++++++++++++++++----- 4 files changed, 77 insertions(+), 17 deletions(-) diff --git a/t/admin/health-check.t b/t/admin/health-check.t index 698d69d11b92..54905bcd458f 100644 --- a/t/admin/health-check.t +++ b/t/admin/health-check.t @@ -288,7 +288,7 @@ GET /t GET /t --- error_code: 400 --- response_body -{"error_msg":"invalid configuration: property \"upstream\" validation failed: property \"checks\" validation failed: property \"active\" validation failed: property \"healthy\" validation failed: property \"http_statuses\" validation failed: expected unique items but items 2 and 1 are equal"} +{"error_msg":"invalid configuration: property \"upstream\" validation failed: property \"checks\" validation failed: property \"active\" validation failed: property \"healthy\" validation failed: property \"http_statuses\" validation failed: expected unique items but items 1 and 2 are equal"} --- no_error_log [error] diff --git a/t/plugin/api-breaker.t b/t/plugin/api-breaker.t index 9b5ff4eff329..c9142cf39fed 100644 --- a/t/plugin/api-breaker.t +++ b/t/plugin/api-breaker.t @@ -309,7 +309,7 @@ GET /t GET /t --- error_code: 400 --- response_body -{"error_msg":"failed to check the configuration of plugin api-breaker err: property \"healthy\" validation failed: property \"http_statuses\" validation failed: expected unique items but items 2 and 1 are equal"} +{"error_msg":"failed to check the configuration of plugin api-breaker err: property \"healthy\" validation failed: property \"http_statuses\" validation failed: expected unique items but items 1 and 2 are equal"} --- no_error_log [error] diff --git a/t/plugin/basic-auth.t b/t/plugin/basic-auth.t index ebdf78112048..50ff775aa235 100644 --- a/t/plugin/basic-auth.t +++ b/t/plugin/basic-auth.t @@ -291,29 +291,65 @@ GET /t === TEST 12: get the default schema ---- request -GET /apisix/admin/schema/plugins/basic-auth ---- response_body +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/schema/plugins/basic-auth', + ngx.HTTP_GET, + nil, + [[ {"properties":{"disable":{"type":"boolean"}},"title":"work with route or service object","additionalProperties":false,"type":"object"} + ]] + ) + ngx.status = code + } + } +--- request +GET /t --- no_error_log [error] === TEST 13: get the schema by schema_type ---- request -GET /apisix/admin/schema/plugins/basic-auth?schema_type=consumer ---- response_body +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/schema/plugins/basic-auth?schema_type=consumer', + ngx.HTTP_GET, + nil, + [[ {"title":"work with consumer object","additionalProperties":false,"required":["username","password"],"properties":{"username":{"type":"string"},"password":{"type":"string"}},"type":"object"} + ]] + ) + ngx.status = code + } + } +--- request +GET /t --- no_error_log [error] === TEST 14: get the schema by error schema_type ---- request -GET /apisix/admin/schema/plugins/basic-auth?schema_type=consumer123123 ---- response_body +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/schema/plugins/basic-auth?schema_type=consumer123123', + ngx.HTTP_GET, + nil, + [[ {"properties":{"disable":{"type":"boolean"}},"title":"work with route or service object","additionalProperties":false,"type":"object"} + ]] + ) + ngx.status = code + } + } +--- request +GET /t --- no_error_log [error] diff --git a/t/plugin/hmac-auth.t b/t/plugin/hmac-auth.t index e6fe620a8e9e..a8c77e3f5311 100644 --- a/t/plugin/hmac-auth.t +++ b/t/plugin/hmac-auth.t @@ -1259,10 +1259,22 @@ x-real-ip: 127.0.0.1 === TEST 32: get the default schema ---- request -GET /apisix/admin/schema/plugins/hmac-auth ---- response_body +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/schema/plugins/hmac-auth', + ngx.HTTP_GET, + nil, + [[ {"properties":{"disable":{"type":"boolean"}},"title":"work with route or service object","additionalProperties":false,"type":"object"} + ]] + ) + ngx.status = code + } + } +--- request +GET /t --- no_error_log [error] @@ -1279,10 +1291,22 @@ GET /apisix/admin/schema/plugins/hmac-auth?schema_type=consumer === TEST 34: get the schema by error schema_type ---- request -GET /apisix/admin/schema/plugins/hmac-auth?schema_type=consumer123123 ---- response_body +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/schema/plugins/hmac-auth?schema_type=consumer123123', + ngx.HTTP_GET, + nil, + [[ {"properties":{"disable":{"type":"boolean"}},"title":"work with route or service object","additionalProperties":false,"type":"object"} + ]] + ) + ngx.status = code + } + } +--- request +GET /t --- no_error_log [error] From 4aa3fe5f28d895a7e0d432d158e9040d931907ba Mon Sep 17 00:00:00 2001 From: spacewander Date: Fri, 27 Nov 2020 20:04:16 +0800 Subject: [PATCH 3/3] style --- apisix/core/config_etcd.lua | 2 +- apisix/plugin.lua | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/apisix/core/config_etcd.lua b/apisix/core/config_etcd.lua index 34b6ac9f33c9..ee69b3477bfc 100644 --- a/apisix/core/config_etcd.lua +++ b/apisix/core/config_etcd.lua @@ -268,7 +268,7 @@ local function sync_data(self) data_valid, err = self.checker(item.value) if not data_valid then log.error("failed to check item data of [", self.key, - "] err:", err, " ,val: ", json.delay_encode(item.value)) + "] err:", err, " ,val: ", json.delay_encode(item.value)) end end diff --git a/apisix/plugin.lua b/apisix/plugin.lua index 3b895e41b213..c681265e8bff 100644 --- a/apisix/plugin.lua +++ b/apisix/plugin.lua @@ -500,7 +500,7 @@ end local function check_schema(plugins_conf, schema_type, skip_disabled_plugin) for name, plugin_conf in pairs(plugins_conf) do - core.log.info("check plugin scheme, name: ", name, ", configurations: ", + core.log.info("check plugin schema, name: ", name, ", configurations: ", core.json.delay_encode(plugin_conf, true)) if type(plugin_conf) ~= "table" then return false, "invalid plugin conf " .. @@ -540,7 +540,7 @@ _M.check_schema = check_schema local function stream_check_schema(plugins_conf, schema_type, skip_disabled_plugin) for name, plugin_conf in pairs(plugins_conf) do - core.log.info("check stream plugin scheme, name: ", name, + core.log.info("check stream plugin schema, name: ", name, ": ", core.json.delay_encode(plugin_conf, true)) if type(plugin_conf) ~= "table" then return false, "invalid plugin conf " ..