-
Notifications
You must be signed in to change notification settings - Fork 4.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore(acme): standardize redis configuration (#12300)
* chore(acme): standarize redis configuration ACME right now has new config structure that reuses common redis connection configuration. With introduction of new fields for redis configuration the old ones should still be available to user up until kong 4.0 version. KAG-3388 * chore(acme): update warn message Co-authored-by: Vinicius Mignot <vinicius.mignot@gmail.com> --------- Co-authored-by: Vinicius Mignot <vinicius.mignot@gmail.com>
- Loading branch information
Showing
16 changed files
with
656 additions
and
41 deletions.
There are no files selected for viewing
3 changes: 3 additions & 0 deletions
3
changelog/unreleased/kong/standardize-redis-conifguration-acme.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
message: "**ACME**: Standardize redis configuration across plugins. The redis configuration right now follows common schema that is shared across other plugins." | ||
type: deprecation | ||
scope: Plugin |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
local function adapter(config_to_update) | ||
if config_to_update.storage == "redis" then | ||
config_to_update.storage_config.redis = { | ||
host = config_to_update.storage_config.redis.host, | ||
port = config_to_update.storage_config.redis.port, | ||
auth = config_to_update.storage_config.redis.password, | ||
database = config_to_update.storage_config.redis.database, | ||
ssl = config_to_update.storage_config.redis.ssl, | ||
ssl_verify = config_to_update.storage_config.redis.ssl_verify, | ||
ssl_server_name = config_to_update.storage_config.redis.server_name, | ||
namespace = config_to_update.storage_config.redis.extra_options.namespace, | ||
scan_count = config_to_update.storage_config.redis.extra_options.scan_count | ||
} | ||
|
||
return true | ||
end | ||
|
||
return false | ||
end | ||
|
||
return { | ||
adapter = adapter | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
return { | ||
postgres = { | ||
up = [[ | ||
DO $$ | ||
BEGIN | ||
UPDATE plugins | ||
SET config = | ||
config | ||
#- '{storage_config,redis}' | ||
|| jsonb_build_object( | ||
'storage_config', | ||
(config -> 'storage_config') - 'redis' | ||
|| jsonb_build_object( | ||
'redis', | ||
jsonb_build_object( | ||
'host', config #> '{storage_config, redis, host}', | ||
'port', config #> '{storage_config, redis, port}', | ||
'password', config #> '{storage_config, redis, auth}', | ||
'username', config #> '{storage_config, redis, username}', | ||
'ssl', config #> '{storage_config, redis, ssl}', | ||
'ssl_verify', config #> '{storage_config, redis, ssl_verify}', | ||
'server_name', config #> '{storage_config, redis, ssl_server_name}', | ||
'timeout', config #> '{storage_config, redis, timeout}', | ||
'database', config #> '{storage_config, redis, database}' | ||
) || jsonb_build_object( | ||
'extra_options', | ||
jsonb_build_object( | ||
'scan_count', config #> '{storage_config, redis, scan_count}', | ||
'namespace', config #> '{storage_config, redis, namespace}' | ||
) | ||
) | ||
) | ||
) | ||
WHERE name = 'acme'; | ||
EXCEPTION WHEN UNDEFINED_COLUMN OR UNDEFINED_TABLE THEN | ||
-- Do nothing, accept existing state | ||
END$$; | ||
]], | ||
}, | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,4 +2,5 @@ return { | |
"000_base_acme", | ||
"001_280_to_300", | ||
"002_320_to_330", | ||
"003_350_to_360", | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
local redis_config_adapter = require "kong.plugins.acme.storage.config_adapters.redis" | ||
|
||
local function load_adapters() | ||
local adapters_mapping = { | ||
redis = redis_config_adapter | ||
} | ||
|
||
local function identity(config) | ||
return config | ||
end | ||
|
||
local default_value_mt = { __index = function() return identity end } | ||
|
||
setmetatable(adapters_mapping, default_value_mt) | ||
|
||
return adapters_mapping | ||
end | ||
|
||
local adapters = load_adapters() | ||
|
||
local function adapt_config(storage_type, storage_config) | ||
local adapter_fn = adapters[storage_type] | ||
return adapter_fn(storage_config[storage_type]) | ||
end | ||
|
||
return { | ||
adapt_config = adapt_config | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
local function redis_config_adapter(conf) | ||
return { | ||
host = conf.host, | ||
port = conf.port, | ||
database = conf.database, | ||
auth = conf.password or conf.auth, -- allow conf.auth until 4.0 version | ||
ssl = conf.ssl, | ||
ssl_verify = conf.ssl_verify, | ||
ssl_server_name = conf.server_name or conf.ssl_server_name, -- allow conf.ssl_server_name until 4.0 version | ||
|
||
namespace = conf.extra_options.namespace or conf.namespace, -- allow conf.namespace until 4.0 version | ||
scan_count = conf.extra_options.scan_count or conf.scan_count, -- allow conf.scan_count until 4.0 version | ||
} | ||
end | ||
|
||
return redis_config_adapter |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
local typedefs = require "kong.db.schema.typedefs" | ||
local DEFAULT_TIMEOUT = 2000 | ||
|
||
return { | ||
config_schema = { | ||
type = "record", | ||
fields = { | ||
{ host = typedefs.host }, | ||
{ port = typedefs.port }, | ||
{ timeout = typedefs.timeout { default = DEFAULT_TIMEOUT } }, | ||
{ username = { description = "Username to use for Redis connections. If undefined, ACL authentication won't be performed. This requires Redis v6.0.0+. To be compatible with Redis v5.x.y, you can set it to `default`.", type = "string", | ||
referenceable = true | ||
} }, | ||
{ password = { description = "Password to use for Redis connections. If undefined, no AUTH commands are sent to Redis.", type = "string", | ||
encrypted = true, | ||
referenceable = true, | ||
len_min = 0 | ||
} }, | ||
{ database = { description = "Database to use for the Redis connection when using the `redis` strategy", type = "integer", | ||
default = 0 | ||
} }, | ||
{ ssl = { description = "If set to true, uses SSL to connect to Redis.", | ||
type = "boolean", | ||
required = false, | ||
default = false | ||
} }, | ||
{ ssl_verify = { description = "If set to true, verifies the validity of the server SSL certificate. If setting this parameter, also configure `lua_ssl_trusted_certificate` in `kong.conf` to specify the CA (or server) certificate used by your Redis server. You may also need to configure `lua_ssl_verify_depth` accordingly.", | ||
type = "boolean", | ||
required = false, | ||
default = false | ||
} }, | ||
{ server_name = typedefs.sni { required = false } } | ||
}, | ||
entity_checks = { | ||
{ mutually_required = { "host", "port" }, }, | ||
}, | ||
} | ||
} |
Oops, something went wrong.