New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(refactor) plugins to remove dependencies to kong.tools and use more PDK #3845
Conversation
42e7340
to
8174bf7
Compare
) | ||
end, | ||
}, { __index = function(_, generator) | ||
kong.log.err("Invalid generator: " .. generator) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This extra metatable that's added for error-checking only is effectively dead code, because the schema guarantees that conf.generator
is always valid. I think we could remove this and make generators
a simple table.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(I realize this was in the original code already, just noticed that and thought we could clean it up)
kong/plugins/hmac-auth/access.lua
Outdated
@@ -28,6 +24,7 @@ local DIGEST = "digest" | |||
local SIGNATURE_NOT_VALID = "HMAC signature cannot be verified" | |||
local SIGNATURE_NOT_SAME = "HMAC signature does not match" | |||
|
|||
|
|||
local new_tab |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
new_tab can be removed and replaced by kong.table.new
kong/plugins/hmac-auth/access.lua
Outdated
-- parse the header to retrieve hamc parameters | ||
if authorization_header then | ||
local iterator, iter_err = ngx_gmatch(authorization_header, "\\s*[Hh]mac\\s*username=\"(.+)\",\\s*algorithm=\"(.+)\",\\s*headers=\"(.+)\",\\s*signature=\"(.+)\"") | ||
local iterator, iter_err = re_gmatch(authorization_header, | ||
"\\s*[Hh]mac\\s*username=\"(.+)\",\\s*algorithm=\"(.+)\",\\s*headers=\"(.+)\",\\s*signature=\"(.+)\"") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you can reduce the line by breaking this long string into shorter ones connected by ..
(don't worry, the compiler's constant-subexpression-elimination will make it into a single string)
kong/plugins/hmac-auth/access.lua
Outdated
local signature_2 = ngx_decode_base64(hmac_params.signature) | ||
|
||
local function validate_signature(hmac_params) | ||
local signature_1 = create_hash(ngx.var.request_uri, hmac_params) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's unfortunate we still need to rely on ngx.var.request_uri
here, but I guess it's because we don't have an exact equivalent in the PDK, right? Would this be our best shot sticking to the current PDK API?
local function get_path_and_query()
local p = ngx.request.get_path()
local q = ngx.request.get_raw_query()
return (q ~= "") and (p .. "?" .. q) or p
end
(which is inefficient because get_path
strips the query from ngx.var.request_uri
and then this adds it back, I know.)
Is this pattern common enough to warrant a kong.request.get_path_and_query
function? (The aws-lambda plugin does the same as the above, but that's mostly for backwards compat with the "request_uri" info being forwarded)
local ctx = ngx.ctx | ||
if ctx.delay_response and not ctx.delayed_response then | ||
ctx.delayed_response = { | ||
local shared_ctx = kong.ctx.shared |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The whole delayed_response logic (and flush function) can be replaced by kong.response.exit
, which takes care of it. It is possible to just do
if content then
return kong.response.exit(status, content, {
["Content-Type"] = conf.content_type
})
end
instead of this whole block, also removing the flush
function above.
end | ||
|
||
|
||
local function get_timestamps(now) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Copying these functions multiple times inside the same plugin feels wrong. If the idea is to move them out of kong.tools.*
and into the plugin, then maybe create a timestamps
utility module inside the plugin for them?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Only two times. Is that the threshold, when to make a new library and modification to rocks.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can get back to just using kong.tools.timestamp
module.
local fmt = string.format | ||
|
||
|
||
local NULL_UUID = "00000000-0000-0000-0000-000000000000" | ||
local log_err = kong and kong.log.err or function(...) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this here because of tests where kong
is not available? If that's the case, I'd rather just populate kong.log.err
in the test case before testing this module instead of leaking ngx.log
here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the delayed_response in request-termination is the biggest issue (unless I missed something there that makes that code necessary.)
7e7efbf
to
44830e1
Compare
44830e1
to
f427b25
Compare
ffe251b
to
b16b0d3
Compare
kong/plugins/acl/handler.lua
Outdated
ngx_log(ngx_error, "[acl plugin] Cannot identify the consumer, add an ", | ||
"authentication plugin to use the ACL plugin") | ||
return responses.send_HTTP_FORBIDDEN("You cannot consume this service") | ||
kong.log.err("Cannot identify the consumer, add an authentication " .. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is still preferred to use the variadic form of this function, (,
instead of ..
).
end | ||
|
||
return re_find(str, uuid_regex, 'ioj') ~= nil | ||
end |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why are we duplicating is_valid_uuid
? This is a blocker. The scope of this work is not to get rid of kong.tools.utils
.
kong/plugins/jwt/asn_sequence.lua
Outdated
return input | ||
end | ||
|
||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Such vendor files ideally should be left untouched and are not subject to our coding style, as pulling fixes from upstream becomes harder.
kong/plugins/ldap-auth/handler.lua
Outdated
LdapAuthHandler.PRIORITY = 1002 | ||
LdapAuthHandler.VERSION = "0.1.0" | ||
LdapAuthHandler.VERSION = "0.1.1" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All of these massive updates warrant increasing the second digit (e.g. 0.2.0
) in all of these plugins, instead of the patch digit.
…uest-termination plugin
b16b0d3
to
0ad4aa3
Compare
Summary
This contains changes to following plugins and their test suite? This is rebased on @hishamhm's https://github.com/Kong/kong/tree/feat/plugins-update-new-apis branch (#3844) which should be merged and REVIEWed before this.
Also contains a small fix to a typo on key-auth plugin.