diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 613b9ed69216..483e48ae2748 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -78,7 +78,7 @@ jobs: tar zxvf ${{ steps.branch_env.outputs.fullname }} - name: Linux Get dependencies - run: sudo apt install -y cpanminus build-essential libncurses5-dev libreadline-dev libssl-dev perl libpcre3 libpcre3-dev + run: sudo apt install -y cpanminus build-essential libncurses5-dev libreadline-dev libssl-dev perl libpcre3 libpcre3-dev libldap2-dev - name: Linux Before install run: sudo ./ci/${{ matrix.os_name }}_runner.sh before_install diff --git a/.github/workflows/cli.yml b/.github/workflows/cli.yml index 6a3341770b9d..bc8ad8c36229 100644 --- a/.github/workflows/cli.yml +++ b/.github/workflows/cli.yml @@ -65,7 +65,7 @@ jobs: key: ${{ runner.os }}-${{ env.cache-name }}-${{ matrix.job_name }}-${{ hashFiles('rockspec/apisix-master-0.rockspec') }} - name: Linux Get dependencies - run: sudo apt install -y cpanminus build-essential libncurses5-dev libreadline-dev libssl-dev perl libpcre3 libpcre3-dev + run: sudo apt install -y cpanminus build-essential libncurses5-dev libreadline-dev libssl-dev perl libpcre3 libpcre3-dev libldap2-dev - name: Linux Before install run: sudo ./ci/${{ matrix.job_name }}_runner.sh before_install diff --git a/.github/workflows/fuzzing-ci.yaml b/.github/workflows/fuzzing-ci.yaml index 71eaf8b5f2a7..4fb223a5967e 100644 --- a/.github/workflows/fuzzing-ci.yaml +++ b/.github/workflows/fuzzing-ci.yaml @@ -52,7 +52,7 @@ jobs: sudo apt-get -y install software-properties-common sudo add-apt-repository -y "deb http://openresty.org/package/ubuntu $(lsb_release -sc) main" sudo apt-get update - sudo apt-get install -y git openresty curl openresty-openssl111-dev unzip make gcc + sudo apt-get install -y git openresty curl openresty-openssl111-dev unzip make gcc libldap2-dev ./utils/linux-install-luarocks.sh make deps diff --git a/apisix/plugins/ldap-auth.lua b/apisix/plugins/ldap-auth.lua new file mode 100644 index 000000000000..6318523654d6 --- /dev/null +++ b/apisix/plugins/ldap-auth.lua @@ -0,0 +1,160 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one or more +-- contributor license agreements. See the NOTICE file distributed with +-- this work for additional information regarding copyright ownership. +-- The ASF licenses this file to You under the Apache License, Version 2.0 +-- (the "License"); you may not use this file except in compliance with +-- the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. +-- +local core = require("apisix.core") +local ngx = ngx +local ngx_re = require("ngx.re") +local ipairs = ipairs +local consumer_mod = require("apisix.consumer") +local lualdap = require("lualdap") + +local lrucache = core.lrucache.new({ + ttl = 300, count = 512 +}) + +local schema = { + type = "object", + title = "work with route or service object", + properties = { + base_dn = { type = "string" }, + ldap_uri = { type = "string" }, + use_tls = { type = "boolean" }, + uid = { type = "string" } + }, + required = {"base_dn","ldap_uri"}, +} + +local consumer_schema = { + type = "object", + title = "work with consumer object", + properties = { + user_dn = { type = "string" }, + }, + required = {"user_dn"}, +} + +local plugin_name = "ldap-auth" + +local _M = { + version = 0.1, + priority = 2540, + type = 'auth', + name = plugin_name, + schema = schema, + consumer_schema = consumer_schema +} + +function _M.check_schema(conf, schema_type) + local ok, err + if schema_type == core.schema.TYPE_CONSUMER then + ok, err = core.schema.check(consumer_schema, conf) + else + ok, err = core.schema.check(schema, conf) + end + + return ok, err +end + +local create_consumer_cache +do + local consumer_names = {} + + function create_consumer_cache(consumers) + core.table.clear(consumer_names) + + for _, consumer in ipairs(consumers.nodes) do + core.log.info("consumer node: ", core.json.delay_encode(consumer)) + consumer_names[consumer.auth_conf.user_dn] = consumer + end + + return consumer_names + end + +end -- do + +local function extract_auth_header(authorization) + local obj = { username = "", password = "" } + + local m, err = ngx.re.match(authorization, "Basic\\s(.+)", "jo") + if err then + -- error authorization + return nil, err + end + + local decoded = ngx.decode_base64(m[1]) + + if not decoded then + return nil, "failed to decode authentication header: " .. m[1] + end + + local res + res, err = ngx_re.split(decoded, ":") + if err then + return nil, "split authorization err:" .. err + end + if #res < 2 then + return nil, "split authorization err: invalid decoded data: " .. decoded + end + + obj.username = ngx.re.gsub(res[1], "\\s+", "", "jo") + obj.password = ngx.re.gsub(res[2], "\\s+", "", "jo") + + return obj, nil +end + +function _M.rewrite(conf, ctx) + core.log.info("plugin rewrite phase, conf: ", core.json.delay_encode(conf)) + + -- 1. extract authorization from header + local auth_header = core.request.header(ctx, "Authorization") + if not auth_header then + core.response.set_header("WWW-Authenticate", "Basic realm='.'") + return 401, { message = "Missing authorization in request" } + end + + local user, err = extract_auth_header(auth_header) + if err then + return 401, { message = err } + end + + -- 2. try authenticate the user against the ldap server + local uid = "cn" + if conf.uid then + uid = conf.uid + end + local userdn = uid .. "=" .. user.username .. "," .. conf.base_dn + local ld = lualdap.open_simple (conf.ldap_uri, userdn, user.password, conf.use_tls) + if not ld then + return 401, { message = "Invalid user authorization" } + end + + -- 3. Retrieve consumer for authorization plugin + local consumer_conf = consumer_mod.plugin(plugin_name) + if not consumer_conf then + return 401, {message = "Missing related consumer"} + end + local consumers = lrucache("consumers_key", consumer_conf.conf_version, + create_consumer_cache, consumer_conf) + local consumer = consumers[userdn] + if not consumer then + return 401, {message = "Invalid API key in request"} + end + consumer_mod.attach_consumer(ctx, consumer, consumer_conf) + + core.log.info("hit basic-auth access") +end + +return _M diff --git a/ci/centos7-ci.sh b/ci/centos7-ci.sh index 19bdf1821cfa..744bed77c543 100755 --- a/ci/centos7-ci.sh +++ b/ci/centos7-ci.sh @@ -23,7 +23,7 @@ install_dependencies() { # install development tools yum install -y wget tar gcc automake autoconf libtool make unzip \ - curl git which sudo + curl git which sudo openldap-devel # install openresty to make apisix's rpm test work yum install -y yum-utils && yum-config-manager --add-repo https://openresty.org/package/centos/openresty.repo diff --git a/ci/install-ext-services-via-docker.sh b/ci/install-ext-services-via-docker.sh index 14aa9ee5ce70..498853b6dbd7 100755 --- a/ci/install-ext-services-via-docker.sh +++ b/ci/install-ext-services-via-docker.sh @@ -38,6 +38,9 @@ docker run --rm --name skywalking -d -p 1234:1234 -p 11800:11800 -p 12800:12800 docker run --rm --name consul_1 -d -p 8500:8500 consul:1.7 consul agent -server -bootstrap-expect=1 -client 0.0.0.0 -log-level info -data-dir=/consul/data docker run --rm --name consul_2 -d -p 8600:8500 consul:1.7 consul agent -server -bootstrap-expect=1 -client 0.0.0.0 -log-level info -data-dir=/consul/data +# start openldap server +docker run -d --rm --name openldap -p 1389:1389 -p 1636:1636 --env LDAP_ADMIN_USERNAME=admin --env LDAP_ADMIN_PASSWORD=adminpassword --env LDAP_USERS=user01,user02 --env LDAP_PASSWORDS=password1,password2 bitnami/openldap:latest + # start nacos server docker network rm nacos_net docker network create nacos_net diff --git a/conf/config-default.yaml b/conf/config-default.yaml index 5232a28f7a1d..7e45007d5ab1 100644 --- a/conf/config-default.yaml +++ b/conf/config-default.yaml @@ -312,6 +312,7 @@ plugins: # plugin list (sorted by priority) - openid-connect # priority: 2599 - authz-casbin # priority: 2560 - wolf-rbac # priority: 2555 + - ldap-auth # priority: 2540 - hmac-auth # priority: 2530 - basic-auth # priority: 2520 - jwt-auth # priority: 2510 diff --git a/docs/en/latest/config.json b/docs/en/latest/config.json index 33cf914ff83f..904583330e5a 100644 --- a/docs/en/latest/config.json +++ b/docs/en/latest/config.json @@ -66,7 +66,8 @@ "plugins/wolf-rbac", "plugins/openid-connect", "plugins/hmac-auth", - "plugins/authz-casbin" + "plugins/authz-casbin", + "plugins/ldap-auth" ] }, { diff --git a/docs/en/latest/install-dependencies.md b/docs/en/latest/install-dependencies.md index f638a1eec9cd..46353f0c63e5 100644 --- a/docs/en/latest/install-dependencies.md +++ b/docs/en/latest/install-dependencies.md @@ -58,7 +58,7 @@ sudo yum install yum-utils sudo yum-config-manager --add-repo https://openresty.org/package/centos/openresty.repo # install OpenResty and some compilation tools -sudo yum install -y openresty curl git gcc openresty-openssl111-devel unzip pcre pcre-devel +sudo yum install -y openresty curl git gcc openresty-openssl111-devel unzip pcre pcre-devel libldap2-dev # install LuaRocks curl https://raw.githubusercontent.com/apache/apisix/master/utils/linux-install-luarocks.sh -sL | bash - @@ -81,7 +81,7 @@ tar -xvf etcd-v3.4.13-linux-amd64.tar.gz && \ sudo cp -a etcd etcdctl /usr/bin/ # install OpenResty and some compilation tools -sudo yum install -y openresty curl git gcc openresty-openssl111-devel pcre pcre-devel +sudo yum install -y openresty curl git gcc openresty-openssl111-devel pcre pcre-devel libldap2-dev # install LuaRocks curl https://raw.githubusercontent.com/apache/apisix/master/utils/linux-install-luarocks.sh -sL | bash - @@ -107,7 +107,7 @@ tar -xvf etcd-v3.4.13-linux-amd64.tar.gz && \ sudo cp -a etcd etcdctl /usr/bin/ # install OpenResty and some compilation tools -sudo apt-get install -y git openresty curl openresty-openssl111-dev make gcc libpcre3 libpcre3-dev +sudo apt-get install -y git openresty curl openresty-openssl111-dev make gcc libpcre3 libpcre3-dev libldap2-dev # install LuaRocks curl https://raw.githubusercontent.com/apache/apisix/master/utils/linux-install-luarocks.sh -sL | bash - @@ -138,7 +138,7 @@ tar -xvf etcd-v3.4.13-linux-amd64.tar.gz && \ sudo cp -a etcd etcdctl /usr/bin/ # install OpenResty and some compilation tools -sudo apt-get install -y git openresty curl make openresty-openssl111-dev libpcre3 libpcre3-dev +sudo apt-get install -y git openresty curl make openresty-openssl111-dev libpcre3 libpcre3-dev libldap2-dev # install LuaRocks curl https://raw.githubusercontent.com/apache/apisix/master/utils/linux-install-luarocks.sh -sL | bash - @@ -151,7 +151,7 @@ nohup etcd & ```shell # install OpenResty, etcd and some compilation tools -brew install openresty/brew/openresty luarocks lua@5.1 etcd curl git pcre +brew install openresty/brew/openresty luarocks lua@5.1 etcd curl git pcre openldap # start etcd server brew services start etcd diff --git a/docs/en/latest/plugins/ldap-auth.md b/docs/en/latest/plugins/ldap-auth.md new file mode 100644 index 000000000000..50d98f5ab69c --- /dev/null +++ b/docs/en/latest/plugins/ldap-auth.md @@ -0,0 +1,147 @@ +--- +title: ldap-auth +--- + + + +## Summary + +- [**Name**](#name) +- [**Attributes**](#attributes) +- [**How To Enable**](#how-to-enable) +- [**Test Plugin**](#test-plugin) +- [**Disable Plugin**](#disable-plugin) + +## Name + +`ldap-auth` is an authentication plugin that can works with `consumer`. Add Ldap Authentication to a `service` or `route`. + +The `consumer` then authenticate against the Ldap server using Basic authentication. + +For more information on Basic authentication, refer to [Wiki](https://en.wikipedia.org/wiki/Basic_access_authentication) for more information. + +This authentication plugin use [lualdap](https://lualdap.github.io/lualdap/) plugin to connect against the ldap server + +## Attributes + +| Name | Type | Requirement | Default | Valid | Description | +| -------- | ------ | ----------- | ------- | ----- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| base_dn | string | required | | | the base dn of the `ldap` server (example : `ou=users,dc=example,dc=org`) | +| ldap_uri | string | required | | | the uri of the ldap server | +| use_tls | boolean | optional | `true` | | Boolean flag indicating if Transport Layer Security (TLS) should be used. | +| uid | string | optional | `cn` | | the `uid` attribute | + +## How To Enable + +### 1. set a consumer and config the value of the `ldap-auth` option + +```shell +curl http://127.0.0.1:9080/apisix/admin/consumers -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d ' +{ + "username": "foo", + "plugins": { + "ldap-auth": { + "user_dn": "cn=user01,ou=users,dc=example,dc=org" + } + } +}' +``` + +### 2. add a Route or add a Service, and enable the `ldap-auth` plugin + +```shell +curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d ' +{ + "methods": ["GET"], + "uri": "/hello", + "plugins": { + "ldap-auth": { + "base_dn": "ou=users,dc=example,dc=org", + "ldap_uri": "localhost:1389", + "uid": "cn" + }, + }, + "upstream": { + "type": "roundrobin", + "nodes": { + "127.0.0.1:1980": 1 + } + } +}' +``` + +## Test Plugin + +- missing Authorization header + +```shell +$ curl -i http://127.0.0.1:9080/hello +HTTP/1.1 401 Unauthorized +... +{"message":"Missing authorization in request"} +``` + +- user is not exists: + +```shell +$ curl -i -uuser:password1 http://127.0.0.1:9080/hello +HTTP/1.1 401 Unauthorized +... +{"message":"Invalid user key in authorization"} +``` + +- password is invalid: + +```shell +$ curl -i -uuser01:passwordfalse http://127.0.0.1:9080/hello +HTTP/1.1 401 Unauthorized +... +{"message":"Password is error"} +``` + +- success: + +```shell +$ curl -i -uuser01:password1 http://127.0.0.1:9080/hello +HTTP/1.1 200 OK +... +hello, world +``` + +## Disable Plugin + +When you want to disable the `ldap-auth` plugin, it is very simple, + you can delete the corresponding json configuration in the plugin configuration, + no need to restart the service, it will take effect immediately: + +```shell +$ curl http://127.0.0.1:2379/apisix/admin/routes/1 -X PUT -d value=' +{ + "methods": ["GET"], + "uri": "/hello", + "plugins": {}, + "upstream": { + "type": "roundrobin", + "nodes": { + "127.0.0.1:1980": 1 + } + } +}' +``` diff --git a/rockspec/apisix-master-0.rockspec b/rockspec/apisix-master-0.rockspec index e8ca0cfdb8c4..cb8569b3a580 100644 --- a/rockspec/apisix-master-0.rockspec +++ b/rockspec/apisix-master-0.rockspec @@ -71,6 +71,7 @@ dependencies = { "casbin = 1.26.0", "api7-snowflake = 2.0-1", "inspect == 3.1.1", + "lualdap = 1.2.6-1", } build = { diff --git a/t/admin/plugins.t b/t/admin/plugins.t index 57a33bc159c2..b0d5d8f82c23 100644 --- a/t/admin/plugins.t +++ b/t/admin/plugins.t @@ -40,7 +40,7 @@ __DATA__ --- request GET /apisix/admin/plugins/list --- response_body_like eval -qr/\["real-ip","client-control","ext-plugin-pre-req","zipkin","request-id","fault-injection","serverless-pre-function","batch-requests","cors","ip-restriction","ua-restriction","referer-restriction","uri-blocker","request-validation","openid-connect","authz-casbin","wolf-rbac","hmac-auth","basic-auth","jwt-auth","key-auth","consumer-restriction","authz-keycloak","proxy-mirror","proxy-cache","proxy-rewrite","api-breaker","limit-conn","limit-count","limit-req","gzip","server-info","traffic-split","redirect","response-rewrite","grpc-transcode","prometheus","echo","http-logger","sls-logger","tcp-logger","kafka-logger","syslog","udp-logger","example-plugin","serverless-post-function","ext-plugin-post-req"\]/ +qr/\["real-ip","client-control","ext-plugin-pre-req","zipkin","request-id","fault-injection","serverless-pre-function","batch-requests","cors","ip-restriction","ua-restriction","referer-restriction","uri-blocker","request-validation","openid-connect","authz-casbin","wolf-rbac","ldap-auth","hmac-auth","basic-auth","jwt-auth","key-auth","consumer-restriction","authz-keycloak","proxy-mirror","proxy-cache","proxy-rewrite","api-breaker","limit-conn","limit-count","limit-req","gzip","server-info","traffic-split","redirect","response-rewrite","grpc-transcode","prometheus","echo","http-logger","sls-logger","tcp-logger","kafka-logger","syslog","udp-logger","example-plugin","serverless-post-function","ext-plugin-post-req"\]/ --- no_error_log [error] @@ -232,7 +232,7 @@ qr/\{"metadata_schema":\{"properties":\{"ikey":\{"minimum":0,"type":"number"\}," } } --- response_body eval -qr/\[\{"name":"wolf-rbac","priority":2555\},\{"name":"hmac-auth","priority":2530\},\{"name":"basic-auth","priority":2520\},\{"name":"jwt-auth","priority":2510\},\{"name":"key-auth","priority":2500\}\]/ +qr/\[\{"name":"wolf-rbac","priority":2555\},\{"name":"ldap-auth","priority":2540\},\{"name":"hmac-auth","priority":2530\},\{"name":"basic-auth","priority":2520\},\{"name":"jwt-auth","priority":2510\},\{"name":"key-auth","priority":2500\}\]/ --- no_error_log [error] diff --git a/t/plugin/ldap-auth.t b/t/plugin/ldap-auth.t new file mode 100644 index 000000000000..8232d9b5bd35 --- /dev/null +++ b/t/plugin/ldap-auth.t @@ -0,0 +1,311 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +use t::APISIX 'no_plan'; + +repeat_each(2); +no_long_string(); +no_root_location(); +no_shuffle(); +add_block_preprocessor(sub { + my ($block) = @_; + + if (!$block->request) { + $block->set_value("request", "GET /t"); + } + + if ((!defined $block->error_log) && (!defined $block->no_error_log)) { + $block->set_value("no_error_log", "[error]"); + } +}); + +run_tests(); + + +__DATA__ + +=== TEST 1: sanity +--- config + location /t { + content_by_lua_block { + local core = require("apisix.core") + local plugin = require("apisix.plugins.ldap-auth") + local ok, err = plugin.check_schema({user_dn = 'foo'}, core.schema.TYPE_CONSUMER) + if not ok then + ngx.say(err) + end + + ngx.say("done") + } + } +--- response_body +done + + + +=== TEST 2: wrong type of string +--- config + location /t { + content_by_lua_block { + local plugin = require("apisix.plugins.ldap-auth") + local ok, err = plugin.check_schema({base_dn = 123, ldap_uri = "127.0.0.1:1389"}) + if not ok then + ngx.say(err) + end + + ngx.say("done") + } + } +--- response_body_like eval +qr/wrong type: expected string, got number +done +/ + + + +=== TEST 3: add consumer with username and plugins +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/consumers', + ngx.HTTP_PUT, + [[{ + "username": "user01", + "plugins": { + "ldap-auth": { + "user_dn": "cn=user01,ou=users,dc=example,dc=org" + } + } + }]], + [[{ + "node": { + "value": { + "username": "user01", + "plugins": { + "ldap-auth": { + "user_dn": "cn=user01,ou=users,dc=example,dc=org" + } + } + } + }, + "action": "set" + }]] + ) + + ngx.status = code + ngx.say(body) + } + } +--- response_body +passed + + + +=== TEST 4: enable basic auth plugin using admin api +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/routes/1', + ngx.HTTP_PUT, + [[{ + "plugins": { + "ldap-auth": { + "base_dn": "ou=users,dc=example,dc=org", + "ldap_uri": "127.0.0.1:1389", + "uid": "cn" + } + }, + "upstream": { + "nodes": { + "127.0.0.1:1980": 1 + }, + "type": "roundrobin" + }, + "uri": "/hello" + }]] + ) + + if code >= 300 then + ngx.status = code + end + ngx.say(body) + } + } +--- response_body +passed + + + +=== TEST 5: verify, missing authorization +--- request +GET /hello +--- error_code: 401 +--- response_body +{"message":"Missing authorization in request"} + + + +=== TEST 6: verify, invalid password +--- request +GET /hello +--- more_headers +Authorization: Basic Zm9vOmZvbwo= +--- error_code: 401 +--- response_body +{"message":"Invalid user authorization"} + + + +=== TEST 7: verify +--- request +GET /hello +--- more_headers +Authorization: Basic dXNlcjAxOnBhc3N3b3JkMQ== +--- response_body +hello world +--- error_log +find consumer user01 + + + +=== TEST 8: enable basic auth plugin using admin api +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/routes/1', + ngx.HTTP_PUT, + [[{ + "plugins": { + "ldap-auth": { + "base_dn": "ou=users,dc=example,dc=org", + "ldap_uri": "127.0.0.1:1389", + "uid": "cn" + } + }, + "upstream": { + "nodes": { + "127.0.0.1:1980": 1 + }, + "type": "roundrobin" + }, + "uri": "/hello" + }]] + ) + + if code >= 300 then + ngx.status = code + end + ngx.say(body) + } + } +--- response_body +passed + + + +=== TEST 9: verify +--- request +GET /hello +--- more_headers +Authorization: Basic dXNlcjAxOnBhc3N3b3JkMQ== +--- response_body +hello world +--- error_log +find consumer user01 + + + +=== TEST 10: invalid schema +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + for _, case in ipairs({ + {}, + "blah" + }) do + local code, body = t('/apisix/admin/consumers', + ngx.HTTP_PUT, + { + username = "foo", + plugins = { + ["ldap-auth"] = case + } + } + ) + ngx.print(body) + end + } + } +--- response_body +{"error_msg":"invalid plugins configuration: failed to check the configuration of plugin ldap-auth err: property \"user_dn\" is required"} +{"error_msg":"invalid plugins configuration: invalid plugin conf \"blah\" for plugin [ldap-auth]"} + + + +=== TEST 11: get the default schema +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/schema/plugins/ldap-auth', + ngx.HTTP_GET, + nil, + [[ +{"title":"work with route or service object","required":["base_dn","ldap_uri"],"properties":{"base_dn":{"type":"string"},"ldap_uri":{"type":"string"},"use_tls":{"type":"boolean"},"disable":{"type":"boolean"},"uid":{"type":"string"}},"type":"object"} + ]] + ) + ngx.status = code + } + } + + + +=== TEST 12: get the schema by schema_type +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/schema/plugins/ldap-auth?schema_type=consumer', + ngx.HTTP_GET, + nil, + [[ +{"title":"work with consumer object","required":["user_dn"],"properties":{"user_dn":{"type":"string"}},"type":"object"} + ]] + ) + ngx.status = code + } + } + + + +=== TEST 13: get the schema by error schema_type +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/schema/plugins/ldap-auth?schema_type=consumer123123', + ngx.HTTP_GET, + nil, + [[ +{"title":"work with route or service object","required":["base_dn","ldap_uri"],"properties":{"base_dn":{"type":"string"},"ldap_uri":{"type":"string"},"use_tls":{"type":"boolean"},"disable":{"type":"boolean"},"uid":{"type":"string"}},"type":"object"} ]] + ) + ngx.status = code + } + } \ No newline at end of file diff --git a/utils/linux-install-openresty.sh b/utils/linux-install-openresty.sh index 57b6c51368a0..3a6eaea3ba71 100755 --- a/utils/linux-install-openresty.sh +++ b/utils/linux-install-openresty.sh @@ -40,4 +40,4 @@ else openresty="openresty-debug=$OPENRESTY_VERSION*" fi -sudo apt-get install "$openresty" lua5.1 liblua5.1-0-dev openresty-openssl111-debug-dev +sudo apt-get install "$openresty" lua5.1 liblua5.1-0-dev openresty-openssl111-debug-dev libldap2-dev