Merge branch 'upstream/master' into github/master

* upstream/master: (70 commits)
  fix(workflow): enhance schema check (apache#9782)
  docs: add chinese documentation for loki-logger (apache#9687)
  chore(update): stand-alone text (apache#9736)
  docs: add Secret chinese document to Admin API (apache#9522)
  fix(log-rotate): can not keep max files when using custom name (apache#9749)
  docs: fix typo and added useful information (apache#8900)
  docs: explain in more details for the batch-requests plugin (apache#9629)
  docs: update `apisix` section in `config-default.yaml` (apache#9611)
  chore: add missing `report_interval` option for `skywalking` plugin in `config-default.yaml` (apache#9662)
  refactor(jwt-auth): remove unused parameter (apache#9716)
  change(request-id): remove snowflake algorithm (apache#9715)
  fix test case (apache#9706)
  docs: add correct link for openresty arm64 repo (apache#9713)
  fix: get the correct revision (apache#9635)
  fix(body-transformer): xml2lua: replace empty table with empty string (apache#9669)
  feat(prometheus): allow user configure DEFAULT_BUCKETS (apache#9673)
  docs: add example for timeout (apache#9708)
  docs: replace some urls that point to github with relative paths (apache#9684)
  docs: update Debian Installation Guide (apache#9680)
  docs: update how to install apisix on debian (apache#9693)
  ...

.github/workflows/fips.yml

@@ -32,6 +32,7 @@ jobs:
           # all SSL related core tests are covered by below two lists.
           - t/admin/ssl* t/admin/schema.t t/admin/upstream.t t/config-center-yaml/ssl.t t/core/etcd-mtls.t t/core/config_etcd.t t/deployment/conf_server.t t/misc/patch.t
           - t/node/grpc-proxy-unary.t t/node/upstream-keepalive-pool.t t/node/upstream-websocket.t t/node/client-mtls.t t/node/upstream-mtls.t t/pubsub/kafka.t t/router/radixtree-sni2.t t/router/multi-ssl-certs.t t/router/radixtree-sni.t t/stream-node/mtls.t t/stream-node/tls.t t/stream-node/upstream-tls.t t/stream-node/sni.t
+          - t/fips
 
     runs-on: ${{ matrix.platform }}
     timeout-minutes: 90
@@ -83,6 +84,9 @@ jobs:
           if [[ $test_dir =~ 't/plugin' ]]; then
             echo "type=plugin" >>$GITHUB_OUTPUT
           fi
+          if [[ $test_dir =~ 't/fips' ]]; then
+            echo "type=plugin" >>$GITHUB_OUTPUT
+          fi
           if [[ $test_dir =~ 't/admin' ]]; then
             echo "type=first" >>$GITHUB_OUTPUT
           fi

.github/workflows/redhat-ci.yaml

@@ -0,0 +1,157 @@
+name: CI Redhat UBI - Daily
+
+on:
+  schedule:
+    - cron: "0 0 * * *"
+  pull_request:
+    branches: [master]
+    paths-ignore:
+      - 'docs/**'
+      - '**/*.md'
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref == 'refs/heads/master' && github.run_number || github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+jobs:
+  test_apisix:
+    name: run ci on redhat ubi
+    runs-on: ubuntu-20.04
+    timeout-minutes: 90
+    strategy:
+      fail-fast: false
+      matrix:
+        test_dir:
+          - t/plugin/[a-k]*
+          - t/plugin/[l-z]*
+          - t/admin t/cli t/config-center-yaml t/control t/core t/debug t/deployment t/discovery t/error_page t/misc
+          - t/node t/pubsub t/router t/script t/secret t/stream-node t/utils t/wasm t/xds-library
+
+    steps:
+    - name: Check out code
+      uses: actions/checkout@v3.2.0
+      with:
+        submodules: recursive
+
+    - name: Cache deps
+      uses: actions/cache@v3
+      env:
+        cache-name: cache-deps
+      with:
+        path: deps
+        key: ${{ runner.os }}-${{ env.cache-name }}-ubi8.6-${{ hashFiles('rockspec/apisix-master-0.rockspec') }}
+
+    - name: Extract branch name
+      if: ${{ startsWith(github.ref, 'refs/heads/release/') }}
+      id: branch_env
+      shell: bash
+      run: |
+        echo "version=${GITHUB_REF##*/}" >>$GITHUB_OUTPUT
+
+    - name: Extract test type
+      shell: bash
+      id: test_env
+      run: |
+        test_dir="${{ matrix.test_dir }}"
+        if [[ $test_dir =~ 't/plugin' ]]; then
+          echo "type=plugin" >>$GITHUB_OUTPUT
+        fi
+        if [[ $test_dir =~ 't/admin ' ]]; then
+          echo "type=first" >>$GITHUB_OUTPUT
+        fi
+        if [[ $test_dir =~ ' t/xds-library' ]]; then
+          echo "type=last" >>$GITHUB_OUTPUT
+        fi
+
+    - name: Free disk space
+      run: |
+        bash ./ci/free_disk_space.sh
+
+    - name: Linux launch common services
+      run: |
+        make ci-env-up project_compose_ci=ci/pod/docker-compose.common.yml
+        sudo ./ci/init-common-test-service.sh
+
+    - name: Build rpm package
+      if: ${{ startsWith(github.ref, 'refs/heads/release/') }}
+      run: |
+        export VERSION=${{ steps.branch_env.outputs.version }}
+        sudo gem install --no-document fpm
+        git clone --depth 1 https://github.com/api7/apisix-build-tools.git
+
+        # move codes under build tool
+        mkdir ./apisix-build-tools/apisix
+        for dir in `ls|grep -v "^apisix-build-tools$"`;do cp -r $dir ./apisix-build-tools/apisix/;done
+
+        cd apisix-build-tools
+        make package type=rpm app=apisix version=${VERSION} checkout=release/${VERSION} image_base=ubi image_tag=8.6 local_code_path=./apisix
+        cd ..
+        rm -rf $(ls -1 --ignore=apisix-build-tools --ignore=t --ignore=utils --ignore=ci --ignore=Makefile --ignore=rockspec)
+
+    - name: Build xDS library
+      if: steps.test_env.outputs.type == 'last'
+      run: |
+        cd t/xds-library
+        go build -o libxds.so -buildmode=c-shared main.go export.go
+
+    - name: Run redhat docker and mapping apisix into container
+      env:
+        TEST_FILE_SUB_DIR: ${{ matrix.test_dir }}
+      run: |
+        docker run -itd -v ${{ github.workspace }}:/apisix --env TEST_FILE_SUB_DIR="$TEST_FILE_SUB_DIR" --name ubiInstance --net="host" --dns 8.8.8.8 --dns-search apache.org registry.access.redhat.com/ubi8/ubi:8.6 /bin/bash
+
+    - name: Cache images
+      id: cache-images
+      uses: actions/cache@v3
+      env:
+        cache-name: cache-apisix-docker-images
+      with:
+        path: docker-images-backup
+        key: ${{ runner.os }}-${{ env.cache-name }}-${{ steps.test_env.outputs.type }}-${{ hashFiles(format('./ci/pod/docker-compose.{0}.yml', steps.test_env.outputs.type )) }}
+
+    - if: ${{ steps.cache-images.outputs.cache-hit == 'true' }}
+      name: Load saved docker images
+      run: |
+        if [[ -f docker-images-backup/apisix-images.tar ]]; then
+          [[ ${{ steps.test_env.outputs.type }} != first ]] && sudo ./ci/init-${{ steps.test_env.outputs.type }}-test-service.sh before
+          docker load --input docker-images-backup/apisix-images.tar
+          rm docker-images-backup/apisix-images.tar
+          make ci-env-up project_compose_ci=ci/pod/docker-compose.${{ steps.test_env.outputs.type }}.yml
+          echo "loaded docker images"
+          if [[ ${{ steps.test_env.outputs.type }} != first ]]; then
+            sudo ./ci/init-${{ steps.test_env.outputs.type }}-test-service.sh after
+          fi
+        fi
+    - if: ${{ steps.cache-images.outputs.cache-hit != 'true' }}
+      name: Linux launch services
+      run: |
+        [[ ${{ steps.test_env.outputs.type }} != first ]] && sudo ./ci/init-${{ steps.test_env.outputs.type }}-test-service.sh before
+        [[ ${{ steps.test_env.outputs.type }} == plugin ]] && ./ci/pod/openfunction/build-function-image.sh
+        make ci-env-up project_compose_ci=ci/pod/docker-compose.${{ steps.test_env.outputs.type }}.yml
+        [[ ${{ steps.test_env.outputs.type }} != first ]] && sudo ./ci/init-${{ steps.test_env.outputs.type }}-test-service.sh after
+        echo "Linux launch services, done."
+
+    - name: Install dependencies
+      run: |
+        docker exec ubiInstance bash -c "cd apisix && chmod +x ./ci/redhat-ci.sh && ./ci/redhat-ci.sh install_dependencies"
+
+    - name: Install rpm package
+      if: ${{ startsWith(github.ref, 'refs/heads/release/') }}
+      run: |
+        docker exec ubiInstance bash -c "cd apisix && rpm -iv --prefix=/apisix ./apisix-build-tools/output/apisix-${{ steps.branch_env.outputs.version }}-0.ubi8.6.x86_64.rpm"
+        # Dependencies are attached with rpm, so revert `make deps`
+        docker exec ubiInstance bash -c "cd apisix && rm -rf deps"
+        docker exec ubiInstance bash -c "cd apisix && mv usr/bin . && mv usr/local/apisix/* ."
+
+    - name: Run test cases
+      run: |
+        docker exec ubiInstance bash -c "cd apisix && chmod +x ./ci/redhat-ci.sh && ./ci/redhat-ci.sh run_case"
+
+    - if: ${{ steps.cache-images.outputs.cache-hit != 'true' }}
+      name: Save docker images
+      run: |
+        echo "start backing up, $(date)"
+        bash ./ci/backup-docker-images.sh ${{ steps.test_env.outputs.type }}
+        echo "backup done, $(date)"

CHANGELOG.md

@@ -24,6 +24,7 @@ title: Changelog
 ## Table of Contents
 
 - [3.3.0](#330)
+- [3.2.1](#321)
 - [3.2.0](#320)
 - [3.1.0](#310)
 - [3.0.0](#300)
@@ -103,6 +104,12 @@ title: Changelog
 - Ensure `batch-requests` plugin read trailer headers if existed: [#9289](https://github.com/apache/apisix/pull/9289)
 - Ensure `proxy-rewrite` should set `ngx.var.uri`: [#9309](https://github.com/apache/apisix/pull/9309)
 
+## 3.2.1
+
+**This is an LTS maintenance release and you can see the CHANGELOG in `release/3.2` branch.**
+
+[https://github.com/apache/apisix/blob/release/3.2/CHANGELOG.md#321](https://github.com/apache/apisix/blob/release/3.2/CHANGELOG.md#321)
+
 ## 3.2.0
 
 ### Change

Makefile

@@ -349,9 +349,6 @@ install: runtime
 	$(ENV_INSTALL) -d $(ENV_INST_LUADIR)/apisix/plugins/serverless
 	$(ENV_INSTALL) apisix/plugins/serverless/*.lua $(ENV_INST_LUADIR)/apisix/plugins/serverless/
 
-	$(ENV_INSTALL) -d $(ENV_INST_LUADIR)/apisix/plugins/slslog
-	$(ENV_INSTALL) apisix/plugins/slslog/*.lua $(ENV_INST_LUADIR)/apisix/plugins/slslog/
-
 	$(ENV_INSTALL) -d $(ENV_INST_LUADIR)/apisix/plugins/syslog
 	$(ENV_INSTALL) apisix/plugins/syslog/*.lua $(ENV_INST_LUADIR)/apisix/plugins/syslog/
 

README.md

@@ -130,7 +130,7 @@ A/B testing, canary release, blue-green deployment, limit rate, defense against
   - [Dashboard](https://github.com/apache/apisix-dashboard)
   - Version Control: Supports rollbacks of operations.
   - CLI: start\stop\reload APISIX through the command line.
-  - [Stand-Alone](docs/en/latest/deployment-modes.md#stand-alone): Supports to load route rules from local YAML file, it is more friendly such as under the kubernetes(k8s).
+  - [Standalone](docs/en/latest/deployment-modes.md#standalone): Supports to load route rules from local YAML file, it is more friendly such as under the kubernetes(k8s).
   - [Global Rule](docs/en/latest/terminology/global-rule.md): Allows to run any plugin for all request, eg: limit rate, IP filter etc.
   - High performance: The single-core QPS reaches 18k with an average delay of fewer than 0.2 milliseconds.
   - [Fault Injection](docs/en/latest/plugins/fault-injection.md)

apisix/admin/init.lua

@@ -56,8 +56,8 @@ local resources = {
     stream_routes   = require("apisix.admin.stream_routes"),
     plugin_metadata = require("apisix.admin.plugin_metadata"),
     plugin_configs  = require("apisix.admin.plugin_config"),
-    consumer_groups  = require("apisix.admin.consumer_group"),
-    secrets             = require("apisix.admin.secrets"),
+    consumer_groups = require("apisix.admin.consumer_group"),
+    secrets         = require("apisix.admin.secrets"),
 }
 
 
@@ -104,6 +104,22 @@ local function check_token(ctx)
     return true
 end
 
+-- Set the `apictx` variable and check admin api token, if the check fails, the current
+-- request will be interrupted and an error response will be returned.
+--
+-- NOTE: This is a higher wrapper for `check_token` function.
+local function set_ctx_and_check_token()
+    local api_ctx = {}
+    core.ctx.set_vars_meta(api_ctx)
+    ngx.ctx.api_ctx = api_ctx
+
+    local ok, err = check_token(api_ctx)
+    if not ok then
+        core.log.warn("failed to check token: ", err)
+        core.response.exit(401, { error_msg = "failed to check token" })
+    end
+end
+
 
 local function strip_etcd_resp(data)
     if type(data) == "table"
@@ -142,15 +158,7 @@ end
 
 
 local function run()
-    local api_ctx = {}
-    core.ctx.set_vars_meta(api_ctx)
-    ngx.ctx.api_ctx = api_ctx
-
-    local ok, err = check_token(api_ctx)
-    if not ok then
-        core.log.warn("failed to check token: ", err)
-        core.response.exit(401, {error_msg = "failed to check token"})
-    end
+    set_ctx_and_check_token()
 
     local uri_segs = core.utils.split_uri(ngx.var.uri)
     core.log.info("uri: ", core.json.delay_encode(uri_segs))
@@ -176,7 +184,7 @@ local function run()
 
     local resource = resources[seg_res]
     if not resource then
-        core.response.exit(404, {error_msg = "not found"})
+        core.response.exit(404, {error_msg = "Unsupported resource type: ".. seg_res})
     end
 
     local method = str_lower(get_method())
@@ -244,31 +252,25 @@ end
 
 
 local function get_plugins_list()
-    local api_ctx = {}
-    core.ctx.set_vars_meta(api_ctx)
-    ngx.ctx.api_ctx = api_ctx
-
-    local ok, err = check_token(api_ctx)
-    if not ok then
-        core.log.warn("failed to check token: ", err)
-        core.response.exit(401, {error_msg = "failed to check token"})
-    end
+    set_ctx_and_check_token()
 
     local plugins = resources.plugins.get_plugins_list()
     core.response.exit(200, plugins)
 end
 
+-- Handle unsupported request methods for the virtual "reload" plugin
+local function unsupported_methods_reload_plugin()
+    set_ctx_and_check_token()
 
-local function post_reload_plugins()
-    local api_ctx = {}
-    core.ctx.set_vars_meta(api_ctx)
-    ngx.ctx.api_ctx = api_ctx
+    core.response.exit(405, {
+        error_msg = "please use PUT method to reload the plugins, "
+                    .. get_method() .. " method is not allowed."
+    })
+end
 
-    local ok, err = check_token(api_ctx)
-    if not ok then
-        core.log.warn("failed to check token: ", err)
-        core.response.exit(401, {error_msg = "failed to check token"})
-    end
+
+local function post_reload_plugins()
+    set_ctx_and_check_token()
 
     local success, err = events.post(reload_event, get_method(), ngx_time())
     if not success then
@@ -386,6 +388,12 @@ local uri_route = {
         methods = {"PUT"},
         handler = post_reload_plugins,
     },
+    -- Handle methods other than "PUT" on "/plugin/reload" to inform user
+    {
+        paths = reload_event,
+        methods = { "GET", "POST", "DELETE", "PATCH" },
+        handler = unsupported_methods_reload_plugin,
+    },
 }
 
 

apisix/admin/resource.lua

@@ -279,8 +279,8 @@ function _M:patch(id, conf, sub_path, args)
     local typ = nil
     if self.name == "secrets" then
         local uri_segs = core.utils.split_uri(sub_path)
-        if #uri_segs < 2 then
-            return 400, {error_msg = "no secret id and/or sub path in uri"}
+        if #uri_segs < 1 then
+            return 400, {error_msg = "no secret id"}
         end
         typ = id
         id = uri_segs[1]

apisix/cli/ops.lua

@@ -58,7 +58,7 @@ local function help()
     print([[
 Usage: apisix [action] <argument>
 
-help:       show this message, then exit
+help:       print the apisix cli help message
 init:       initialize the local nginx.conf
 init_etcd:  initialize the data of etcd
 start:      start the apisix server

apisix/cli/snippet.lua

@@ -28,6 +28,9 @@ upstream apisix_conf_backend {
         local conf_server = require("apisix.conf_server")
         conf_server.balancer()
     }
+    keepalive 320;
+    keepalive_requests 1000;
+    keepalive_timeout 60s;
 }
 
 {% if trusted_ca_cert then %}