feat(vault): vault lua module, integration with jwt-auth authentication plugin

conf/config-default.yaml

@@ -284,15 +284,15 @@ etcd:
 # HashiCorp Vault storage backend for sensitive data retrieval. The config shows an example of what APISIX expects if you
 # wish to integrate Vault for secret (sensetive string, public private keys etc.) retrieval. APISIX communicates with Vault
 # server HTTP APIs. By default, APISIX doesn't need this configuration.
-vault:
-  host: "http://0.0.0.0:8200" # The host address where the vault server is running.
-  timeout: 10                   # request timeout 30 seconds
-  prefix: kv/apisix             # APISIX supports vault kv engine v1, where sensitive data are being stored
-                                # and retrieved through vault HTTP APIs. enabling a prefix allows you to better enforcement of
-                                # policies, generate limited scoped tokens and tightly control the data that can be accessed
-                                # from APISIX.
+# vault:
+#   host: "http://0.0.0.0:8200"   # The host address where the vault server is running.
+#   timeout: 10                   # request timeout 30 seconds
+#   token: root                   # Authentication token to access Vault HTTP APIs
+#   prefix: kv/apisix             # APISIX supports vault kv engine v1, where sensitive data are being stored
+                                  # and retrieved through vault HTTP APIs. enabling a prefix allows you to better enforcement of
+                                  # policies, generate limited scoped tokens and tightly control the data that can be accessed
+                                  # from APISIX.
 
-  token: root                   # Authentication token to access Vault HTTP APIs
 
 #discovery:                       # service discovery center
 #  dns:

t/plugin/jwt-auth-vault.t

@@ -101,23 +101,8 @@ ok
                             "vault":{}
                         }
                     }
-                }]],
-                [[{
-                    "node": {
-                        "value": {
-                            "username": "jack",
-                            "plugins": {
-                                "jwt-auth": {
-                                    "key": "key-hs256",
-                                    "algorithm": "HS256",
-                                    "vault":{}
-                                }
-                            }
-                        }
-                    },
-                    "action": "set"
                 }]]
-                )
+            )
 
             if code >= 300 then
                 ngx.status = code
@@ -163,6 +148,13 @@ passed
 
 
 === TEST 4: sign a jwt and access/verify /secure-endpoint, fails as no secret entry into vault
+--- yaml_config
+vault:
+  host: "http://0.0.0.0:8200"
+  timeout: 10
+  prefix: kv/apisix
+  token: root
+#END
 --- config
     location /t {
         content_by_lua_block {
@@ -206,6 +198,13 @@ Success! Data written to: kv/apisix/consumer/jack/jwt-auth
 
 
 === TEST 6: sign a HS256 jwt and access/verify /secure-endpoint
+--- yaml_config
+vault:
+  host: "http://0.0.0.0:8200"
+  timeout: 10
+  prefix: kv/apisix
+  token: root
+#END
 --- config
     location /t {
         content_by_lua_block {
@@ -273,6 +272,13 @@ passed
 
 
 === TEST 9: sign a jwt with with rsa keypair and access /secure-endpoint
+--- yaml_config
+vault:
+  host: "http://0.0.0.0:8200"
+  timeout: 10
+  prefix: kv/apisix
+  token: root
+#END
 --- config
     location /t {
         content_by_lua_block {
@@ -341,6 +347,13 @@ passed
 
 
 === TEST 12: sign a jwt with with rsa keypair and access /secure-endpoint
+--- yaml_config
+vault:
+  host: "http://0.0.0.0:8200"
+  timeout: 10
+  prefix: kv/apisix
+  token: root
+#END
 --- config
     location /t {
         content_by_lua_block {