From f014d1f1644b22b6ccefa5b033e647cbbe6e233f Mon Sep 17 00:00:00 2001 From: leslie <59061168+leslie-tsang@users.noreply.github.com> Date: Fri, 5 Nov 2021 09:27:38 +0800 Subject: [PATCH 01/15] fix: add handler for invalid basic auth header values (#5419) (cherry picked from commit eab5606426bb775358469191aa78c2a7d9cebba9) --- apisix/plugins/basic-auth.lua | 13 +++++++- t/plugin/basic-auth.t | 57 +++++++++++++++++++++++++++++------ 2 files changed, 60 insertions(+), 10 deletions(-) diff --git a/apisix/plugins/basic-auth.lua b/apisix/plugins/basic-auth.lua index 1df25daefa86..5e780566310e 100644 --- a/apisix/plugins/basic-auth.lua +++ b/apisix/plugins/basic-auth.lua @@ -80,12 +80,23 @@ local function extract_auth_header(authorization) return nil, err end + if not m then + return nil, "Invalid authorization header format" + end + local decoded = ngx.decode_base64(m[1]) + if not decoded then + return nil, "Failed to decode authentication header: " .. m[1] + end + local res res, err = ngx_re.split(decoded, ":") if err then - return nil, "split authorization err:" .. err + return nil, "Split authorization err:" .. err + end + if #res < 2 then + return nil, "Split authorization err: invalid decoded data: " .. decoded end obj.username = ngx.re.gsub(res[1], "\\s+", "", "jo") diff --git a/t/plugin/basic-auth.t b/t/plugin/basic-auth.t index 79078b1aeb49..a780f3b618f8 100644 --- a/t/plugin/basic-auth.t +++ b/t/plugin/basic-auth.t @@ -163,7 +163,46 @@ GET /hello -=== TEST 6: verify, invalid username +=== TEST 6: verify, invalid basic authorization header +--- request +GET /hello +--- more_headers +Authorization: Bad_header YmFyOmJhcgo= +--- error_code: 401 +--- response_body +{"message":"Invalid authorization header format"} +--- no_error_log +[error] + + + +=== TEST 7: verify, invalid authorization value (bad base64 str) +--- request +GET /hello +--- more_headers +Authorization: Basic aca_a +--- error_code: 401 +--- response_body +{"message":"Failed to decode authentication header: aca_a"} +--- no_error_log +[error] + + + +=== TEST 8: verify, invalid authorization value (no password) +--- request +GET /hello +--- more_headers +Authorization: Basic YmFy +--- error_code: 401 +--- response_body +{"message":"Split authorization err: invalid decoded data: bar"} +--- no_error_log +[error] + + + +=== TEST 9: verify, invalid username --- request GET /hello --- more_headers @@ -176,7 +215,7 @@ Authorization: Basic YmFyOmJhcgo= -=== TEST 7: verify, invalid password +=== TEST 10: verify, invalid password --- request GET /hello --- more_headers @@ -189,7 +228,7 @@ Authorization: Basic Zm9vOmZvbwo= -=== TEST 8: verify +=== TEST 11: verify --- request GET /hello --- more_headers @@ -203,7 +242,7 @@ find consumer foo -=== TEST 9: invalid schema, only one field `username` +=== TEST 12: invalid schema, only one field `username` --- config location /t { content_by_lua_block { @@ -234,7 +273,7 @@ GET /t -=== TEST 10: invalid schema, not field given +=== TEST 13: invalid schema, not field given --- config location /t { content_by_lua_block { @@ -264,7 +303,7 @@ qr/\{"error_msg":"invalid plugins configuration: failed to check the configurati -=== TEST 11: invalid schema, not a table +=== TEST 14: invalid schema, not a table --- config location /t { content_by_lua_block { @@ -293,7 +332,7 @@ GET /t -=== TEST 12: get the default schema +=== TEST 15: get the default schema --- config location /t { content_by_lua_block { @@ -315,7 +354,7 @@ GET /t -=== TEST 13: get the schema by schema_type +=== TEST 16: get the schema by schema_type --- config location /t { content_by_lua_block { @@ -337,7 +376,7 @@ GET /t -=== TEST 14: get the schema by error schema_type +=== TEST 17: get the schema by error schema_type --- config location /t { content_by_lua_block { From 0b057b4cd158acd6c0df8978bcd0038d7620b67a Mon Sep 17 00:00:00 2001 From: tzssangglass Date: Thu, 4 Nov 2021 20:56:19 -0500 Subject: [PATCH 02/15] fix(traffix-split): multiple rules with multiple weighted_upstreams under each rule cause upstream_key duplicate (#5414) (cherry picked from commit 043cde3a36680bcf0319862cfc1b0bc28b295355) --- apisix/plugins/traffic-split.lua | 12 +- t/plugin/traffic-split5.t | 313 +++++++++++++++++++++++++++++++ 2 files changed, 324 insertions(+), 1 deletion(-) create mode 100644 t/plugin/traffic-split5.t diff --git a/apisix/plugins/traffic-split.lua b/apisix/plugins/traffic-split.lua index de6d57048240..028cc97f5538 100644 --- a/apisix/plugins/traffic-split.lua +++ b/apisix/plugins/traffic-split.lua @@ -24,6 +24,7 @@ local pairs = pairs local ipairs = ipairs local type = type local table_insert = table.insert +local tostring = tostring local lrucache = core.lrucache.new({ ttl = 0, count = 512 @@ -187,7 +188,10 @@ local function set_upstream(upstream_info, ctx) local matched_route = ctx.matched_route up_conf.parent = matched_route local upstream_key = up_conf.type .. "#route_" .. - matched_route.value.id .. "_" ..upstream_info.vid + matched_route.value.id .. "_" .. upstream_info.vid + if upstream_info.node_tid then + upstream_key = upstream_key .. "_" .. upstream_info.node_tid + end core.log.info("upstream_key: ", upstream_key) upstream.set(ctx, upstream_key, ctx.conf_version, up_conf) @@ -203,6 +207,12 @@ local function new_rr_obj(weighted_upstreams) elseif upstream_obj.upstream then -- Add a virtual id field to uniquely identify the upstream key. upstream_obj.upstream.vid = i + -- Get the table id of the nodes as part of the upstream_key, + -- avoid upstream_key duplicate because vid is the same in the loop + -- when multiple rules with multiple weighted_upstreams under each rule. + -- see https://github.com/apache/apisix/issues/5276 + local node_tid = tostring(upstream_obj.upstream.nodes):sub(#"table: " + 1) + upstream_obj.upstream.node_tid = node_tid server_list[upstream_obj.upstream] = upstream_obj.weight else -- If the upstream object has only the weight value, it means diff --git a/t/plugin/traffic-split5.t b/t/plugin/traffic-split5.t new file mode 100644 index 000000000000..9e01ac8f69d8 --- /dev/null +++ b/t/plugin/traffic-split5.t @@ -0,0 +1,313 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +use t::APISIX 'no_plan'; + +repeat_each(1); +log_level('info'); +no_root_location(); +no_shuffle(); + +add_block_preprocessor(sub { + my ($block) = @_; + + if (!$block->request) { + $block->set_value("request", "GET /t"); + } + + if (!$block->error_log && !$block->no_error_log) { + $block->set_value("no_error_log", "[error]"); + } + + my $http_config = $block->http_config // <<_EOC_; + # fake server, only for test + server { + listen 1970; + location / { + content_by_lua_block { + ngx.say(1970) + } + } + } + + server { + listen 1971; + location / { + content_by_lua_block { + ngx.say(1971) + } + } + } + + server { + listen 1972; + location / { + content_by_lua_block { + ngx.say(1972) + } + } + } + + server { + listen 1973; + location / { + content_by_lua_block { + ngx.say(1973) + } + } + } + + server { + listen 1974; + location / { + content_by_lua_block { + ngx.say(1974) + } + } + } +_EOC_ + + $block->set_value("http_config", $http_config); +}); + +run_tests(); + +__DATA__ + +=== TEST 1: set upstream(multiple rules, multiple nodes under each weighted_upstreams) and add route +--- config + location /t { + content_by_lua_block { + local json = require("toolkit.json") + local t = require("lib.test_admin").test + local data = { + uri = "/hello", + plugins = { + ["traffic-split"] = { + rules = { + { + match = { { + vars = { { "arg_id", "==", "1" } } + } }, + weighted_upstreams = { + { + upstream = { + name = "upstream_A", + type = "roundrobin", + nodes = { + ["127.0.0.1:1970"] = 1, + ["127.0.0.1:1971"] = 1 + } + }, + weight = 1 + } + } + }, + { + match = { { + vars = { { "arg_id", "==", "2" } } + } }, + weighted_upstreams = { + { + upstream = { + name = "upstream_B", + type = "roundrobin", + nodes = { + ["127.0.0.1:1972"] = 1, + ["127.0.0.1:1973"] = 1 + } + }, + weight = 1 + } + } + } + } + } + }, + upstream = { + type = "roundrobin", + nodes = { + ["127.0.0.1:1974"] = 1 + } + } + } + local code, body = t('/apisix/admin/routes/1', + ngx.HTTP_PUT, + json.encode(data) + ) + if code >= 300 then + ngx.status = code + end + ngx.say(body) + } + } +--- request +GET /t +--- response_body +passed +--- no_error_log +[error] + + + +=== TEST 2: hit different weighted_upstreams by rules +--- config + location /t { + content_by_lua_block { + local http = require "resty.http" + local httpc = http.new() + + local uri = "http://127.0.0.1:" .. ngx.var.server_port .. "/hello" + local res, err = httpc:request_uri(uri) + local port = tonumber(res.body) + if port ~= 1974 then + ngx.status = ngx.HTTP_INTERNAL_SERVER_ERROR + ngx.say("failed while no arg_id") + return + end + + uri = "http://127.0.0.1:" .. ngx.var.server_port .. "/hello?id=1" + res, err = httpc:request_uri(uri) + port = tonumber(res.body) + if port ~= 1970 and port ~= 1971 then + ngx.status = ngx.HTTP_INTERNAL_SERVER_ERROR + ngx.say("failed while arg_id = 1") + return + end + + uri = "http://127.0.0.1:" .. ngx.var.server_port .. "/hello?id=2" + res, err = httpc:request_uri(uri) + port = tonumber(res.body) + if port ~= 1972 and port ~= 1973 then + ngx.status = ngx.HTTP_INTERNAL_SERVER_ERROR + ngx.say("failed while arg_id = 2") + return + end + + ngx.say("passed") + } + } +--- response_body +passed + + + +=== TEST 3: set upstream(multiple rules, multiple nodes with different weight under each weighted_upstreams) and add route +--- config + location /t { + content_by_lua_block { + local json = require("toolkit.json") + local t = require("lib.test_admin").test + local data = { + uri = "/hello", + plugins = { + ["traffic-split"] = { + rules = { + { + match = { { + vars = { { "arg_id", "==", "1" } } + } }, + weighted_upstreams = { + { + upstream = { + name = "upstream_A", + type = "roundrobin", + nodes = { + ["127.0.0.1:1970"] = 2, + ["127.0.0.1:1971"] = 1 + } + }, + weight = 1 + } + } + }, + { + match = { { + vars = { { "arg_id", "==", "2" } } + } }, + weighted_upstreams = { + { + upstream = { + name = "upstream_B", + type = "roundrobin", + nodes = { + ["127.0.0.1:1972"] = 2, + ["127.0.0.1:1973"] = 1 + } + }, + weight = 1 + } + } + } + } + } + }, + upstream = { + type = "roundrobin", + nodes = { + ["127.0.0.1:1974"] = 1 + } + } + } + local code, body = t('/apisix/admin/routes/1', + ngx.HTTP_PUT, + json.encode(data) + ) + if code >= 300 then + ngx.status = code + end + ngx.say(body) + } + } +--- request +GET /t +--- response_body +passed +--- no_error_log +[error] + + + +=== TEST 4: pick different nodes by weight +--- config + location /t { + content_by_lua_block { + local http = require "resty.http" + local httpc = http.new() + + local uri = "http://127.0.0.1:" .. ngx.var.server_port .. "/hello?id=1" + local ports = {} + local res, err + for i = 1, 3 do + res, err = httpc:request_uri(uri) + local port = tonumber(res.body) + ports[i] = port + end + table.sort(ports) + + local uri = "http://127.0.0.1:" .. ngx.var.server_port .. "/hello?id=2" + for i = 4, 6 do + res, err = httpc:request_uri(uri) + local port = tonumber(res.body) + ports[i] = port + end + table.sort(ports) + + ngx.say(table.concat(ports, ", ")) + } + } +--- response_body +1970, 1970, 1971, 1972, 1972, 1973 From fdce7d453f4db092e283b192cdc083700d3e595e Mon Sep 17 00:00:00 2001 From: tzssangglass Date: Sun, 7 Nov 2021 20:52:09 -0600 Subject: [PATCH 03/15] fix(admin): modify boolean parameters with PATCH (#5434) (cherry picked from commit cd29ba3be7e4f57e9f348838fef8242c662772d5) --- apisix/admin/init.lua | 2 +- apisix/admin/routes.lua | 2 +- t/admin/routes3.t | 82 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 84 insertions(+), 2 deletions(-) diff --git a/apisix/admin/init.lua b/apisix/admin/init.lua index e142c9dc369a..5621ac139bf5 100644 --- a/apisix/admin/init.lua +++ b/apisix/admin/init.lua @@ -157,7 +157,7 @@ local function run() if req_body then local data, err = core.json.decode(req_body) - if not data then + if err then core.log.error("invalid request body: ", req_body, " err: ", err) core.response.exit(400, {error_msg = "invalid request body: " .. err, req_body = req_body}) diff --git a/apisix/admin/routes.lua b/apisix/admin/routes.lua index bed0524e8384..c3705d4ad476 100644 --- a/apisix/admin/routes.lua +++ b/apisix/admin/routes.lua @@ -247,7 +247,7 @@ function _M.patch(id, conf, sub_path, args) return 400, {error_msg = "missing route id"} end - if not conf then + if conf == nil then return 400, {error_msg = "missing new configuration"} end diff --git a/t/admin/routes3.t b/t/admin/routes3.t index 6f0b13fc417e..02fbc8711ba0 100644 --- a/t/admin/routes3.t +++ b/t/admin/routes3.t @@ -700,3 +700,85 @@ passed } --- response_body passed + + + +=== TEST 20: set route(id: 1, parameters with boolean values) +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/routes/1', + ngx.HTTP_PUT, + [[{ + "uri": "/index.html", + "enable_websocket": true, + "upstream": { + "type": "roundrobin", + "nodes": { + "127.0.0.1:8080":1 + } + } + }]]) + + ngx.say(body) + } + } +--- response_body +passed + + + +=== TEST 21: patch route(modify the boolean value of parameters to false) +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/routes/1/enable_websocket', + ngx.HTTP_PATCH, + 'false', + [[{ + "node": { + "value": { + "enable_websocket": false + }, + "key": "/apisix/routes/1" + }, + "action": "compareAndSwap" + }]] + ) + + ngx.status = code + ngx.say(body) + } + } +--- response_body +passed + + + +=== TEST 22: patch route(modify the boolean value of parameters to true) +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/routes/1/enable_websocket', + ngx.HTTP_PATCH, + 'true', + [[{ + "node": { + "value": { + "enable_websocket": true + }, + "key": "/apisix/routes/1" + }, + "action": "compareAndSwap" + }]] + ) + + ngx.status = code + ngx.say(body) + } + } +--- response_body +passed From a7219f781727c9a6fad58f3099123c86c0712564 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=BD=97=E6=B3=BD=E8=BD=A9?= Date: Tue, 9 Nov 2021 09:16:31 +0800 Subject: [PATCH 04/15] change: log insensitive consumer info only (#5445) (cherry picked from commit cc6caa974ca30873a8f6193407d7b65f32a36390) --- apisix/utils/log-util.lua | 9 +++- t/plugin/http-logger-log-format.t | 69 +++++++++++++++++++++++++++++++ 2 files changed, 77 insertions(+), 1 deletion(-) diff --git a/apisix/utils/log-util.lua b/apisix/utils/log-util.lua index 361d9b264c21..cf3fc22f1c3b 100644 --- a/apisix/utils/log-util.lua +++ b/apisix/utils/log-util.lua @@ -84,6 +84,13 @@ local function get_full_log(ngx, conf) service_id = var.host end + local consumer + if ctx.consumer then + consumer = { + username = ctx.consumer.username + } + end + local log = { request = { url = url, @@ -105,7 +112,7 @@ local function get_full_log(ngx, conf) upstream = var.upstream_addr, service_id = service_id, route_id = route_id, - consumer = ctx.consumer, + consumer = consumer, client_ip = core.request.get_remote_client_ip(ngx.ctx.api_ctx), start_time = ngx.req.start_time() * 1000, latency = (ngx.now() - ngx.req.start_time()) * 1000 diff --git a/t/plugin/http-logger-log-format.t b/t/plugin/http-logger-log-format.t index 703418b464f4..07978f5c197d 100644 --- a/t/plugin/http-logger-log-format.t +++ b/t/plugin/http-logger-log-format.t @@ -364,3 +364,72 @@ GET /t passed --- no_error_log [error] + + + +=== TEST 12: check default log format +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/consumers/jack', + ngx.HTTP_PUT, + [[{ + "username": "jack", + "plugins": { + "key-auth": { + "key": "auth-one" + } + } + }]] + ) + + local code, body = t('/apisix/admin/routes/1', + ngx.HTTP_PUT, + [[{ + "plugins": { + "http-logger": { + "uri": "http://127.0.0.1:1982/log", + "batch_max_size": 1, + "max_retry_count": 1, + "retry_delay": 2, + "buffer_duration": 2, + "inactive_timeout": 2 + }, + "key-auth": {} + }, + "upstream": { + "nodes": { + "127.0.0.1:1982": 1 + }, + "type": "roundrobin" + }, + "uri": "/hello" + }]] + ) + + if code >= 300 then + ngx.status = code + end + ngx.say(body) + } + } +--- request +GET /t +--- response_body +passed +--- no_error_log +[error] + + + +=== TEST 13: hit +--- request +GET /hello +--- more_headers +apikey: auth-one +--- grep_error_log eval +qr/request log: \{.+\}/ +--- grep_error_log_out eval +qr/\Q{"client_ip":"127.0.0.1","consumer":{"username":"jack"},"latency":\E[^,]+\Q,"request":{"headers":{"apikey":"auth-one","connection":"close","host":"localhost"},"method":"GET","querystring":{},"size":\E\d+\Q,"uri":"\/hello","url":"http:\/\/localhost:1984\/hello"},"response":{"headers":{"connection":"close","content-length":"\E\d+\Q","content-type":"text\/plain","server":"\E[^"]+\Q"},"size":\E\d+\Q,"status":200},"route_id":"1","server":{"hostname":"\E[^"]+\Q","version":"\E[^"]+\Q"},"service_id":"","start_time":\E\d+\Q,"upstream":"127.0.0.1:1982"}\E/ +--- wait: 0.5 From 530b7edfddcc81abbee3016531c8bef06fc9fc01 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=BD=97=E6=B3=BD=E8=BD=A9?= Date: Tue, 9 Nov 2021 16:21:27 +0800 Subject: [PATCH 05/15] fix: prevent being hacked by untrusted request_uri (#5458) Thanks to Marcin Niemiec for the report. Signed-off-by: spacewander (cherry picked from commit 9fc38330e82ce46e2aaabceef7d61708c91782db) --- apisix/core/ctx.lua | 8 +++++++- apisix/init.lua | 6 ++++++ t/plugin/uri-blocker.t | 36 ++++++++++++++++++++++++++++++++++++ 3 files changed, 49 insertions(+), 1 deletion(-) diff --git a/apisix/core/ctx.lua b/apisix/core/ctx.lua index dc4c4460e7cb..872a8f608f3c 100644 --- a/apisix/core/ctx.lua +++ b/apisix/core/ctx.lua @@ -119,6 +119,12 @@ do end } + local no_cacheable_var_names = { + -- var.args should not be cached as it can be changed via set_uri_args + args = true, + is_args = true, + } + local ngx_var_names = { upstream_scheme = true, upstream_host = true, @@ -210,7 +216,7 @@ do val = get_var(key, t._request) end - if val ~= nil then + if val ~= nil and not no_cacheable_var_names[key] then t._cache[key] = val end diff --git a/apisix/init.lua b/apisix/init.lua index 181233dbfd12..a4a0fdd11105 100644 --- a/apisix/init.lua +++ b/apisix/init.lua @@ -367,6 +367,12 @@ function _M.http_access_phase() end end + -- To prevent being hacked by untrusted request_uri, here we + -- record the normalized but not rewritten uri as request_uri, + -- the original request_uri can be accessed via var.real_request_uri + api_ctx.var.real_request_uri = api_ctx.var.request_uri + api_ctx.var.request_uri = api_ctx.var.uri .. api_ctx.var.is_args .. (api_ctx.var.args or "") + if router.api.has_route_not_under_apisix() or core.string.has_prefix(uri, "/apisix/") then diff --git a/t/plugin/uri-blocker.t b/t/plugin/uri-blocker.t index 0d0bce8a36f5..2aee13e537e2 100644 --- a/t/plugin/uri-blocker.t +++ b/t/plugin/uri-blocker.t @@ -485,3 +485,39 @@ GET /hello?aa=1 {"error_msg":"access is not allowed"} --- no_error_log [error] + + + +=== TEST 21: add block rule with anchor +--- config +location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/routes/1', + ngx.HTTP_PUT, + [[{ + "plugins": { + "uri-blocker": { + "block_rules": ["^/internal/"] + } + }, + "uri": "/internal/*" + }]]) + + if code >= 300 then + ngx.status = code + end + ngx.print(body) + } +} +--- request +GET /t + + + +=== TEST 22: can't bypass with url without normalization +--- request +GET /./internal/x?aa=1 +--- error_code: 403 +--- no_error_log +[error] From acfd824f4e20e34ab4da2aeecbf132016db7eb59 Mon Sep 17 00:00:00 2001 From: tzssangglass Date: Wed, 10 Nov 2021 01:48:05 -0600 Subject: [PATCH 06/15] fix(hmac-auth): check if the X-HMAC-ALGORITHM header is missing (#5467) (cherry picked from commit 1514fe48c349534a88fda669ac2ecda8ee31f27c) --- apisix/plugins/hmac-auth.lua | 4 +++ t/plugin/hmac-auth.t | 49 +++++++++++++++++++++++------------- 2 files changed, 36 insertions(+), 17 deletions(-) diff --git a/apisix/plugins/hmac-auth.lua b/apisix/plugins/hmac-auth.lua index 35a11bd24a81..73cb947d3c03 100644 --- a/apisix/plugins/hmac-auth.lua +++ b/apisix/plugins/hmac-auth.lua @@ -291,6 +291,10 @@ local function validate(ctx, params) return nil, {message = "access key or signature missing"} end + if not params.algorithm then + return nil, {message = "algorithm missing"} + end + local consumer, err = get_consumer(params.access_key) if err then return nil, err diff --git a/t/plugin/hmac-auth.t b/t/plugin/hmac-auth.t index cc029db86d6b..4de139b39e71 100644 --- a/t/plugin/hmac-auth.t +++ b/t/plugin/hmac-auth.t @@ -241,7 +241,22 @@ GET /hello -=== TEST 8: verify: invalid access key +=== TEST 8: verify, missing algorithm +--- request +GET /hello +--- more_headers +X-HMAC-SIGNATURE: asdf +Date: Thu, 24 Sep 2020 06:39:52 GMT +X-HMAC-ACCESS-KEY: my-access-key +--- error_code: 401 +--- response_body +{"message":"algorithm missing"} +--- no_error_log +[error] + + + +=== TEST 9: verify: invalid access key --- request GET /hello --- more_headers @@ -257,7 +272,7 @@ X-HMAC-ACCESS-KEY: sdf -=== TEST 9: verify: invalid algorithm +=== TEST 10: verify: invalid algorithm --- request GET /hello --- more_headers @@ -273,7 +288,7 @@ X-HMAC-ACCESS-KEY: my-access-key -=== TEST 10: verify: Clock skew exceeded +=== TEST 11: verify: Clock skew exceeded --- request GET /hello --- more_headers @@ -289,7 +304,7 @@ X-HMAC-ACCESS-KEY: my-access-key -=== TEST 11: verify: missing Date +=== TEST 12: verify: missing Date --- request GET /hello --- more_headers @@ -304,7 +319,7 @@ X-HMAC-ACCESS-KEY: my-access-key -=== TEST 12: verify: Invalid GMT format time +=== TEST 13: verify: Invalid GMT format time --- request GET /hello --- more_headers @@ -320,7 +335,7 @@ X-HMAC-ACCESS-KEY: my-access-key -=== TEST 13: verify: ok +=== TEST 14: verify: ok --- config location /t { content_by_lua_block { @@ -381,7 +396,7 @@ passed -=== TEST 14: add consumer with 0 clock skew +=== TEST 15: add consumer with 0 clock skew --- config location /t { content_by_lua_block { @@ -429,7 +444,7 @@ passed -=== TEST 15: verify: invalid signature +=== TEST 16: verify: invalid signature --- request GET /hello --- more_headers @@ -445,7 +460,7 @@ X-HMAC-ACCESS-KEY: my-access-key3 -=== TEST 16: add consumer with 1 clock skew +=== TEST 17: add consumer with 1 clock skew --- config location /t { content_by_lua_block { @@ -493,7 +508,7 @@ passed -=== TEST 17: verify: Invalid GMT format time +=== TEST 18: verify: Invalid GMT format time --- config location /t { content_by_lua_block { @@ -548,7 +563,7 @@ qr/\{"message":"Clock skew exceeded"\}/ -=== TEST 18: verify: put ok +=== TEST 19: verify: put ok --- config location /t { content_by_lua_block { @@ -613,7 +628,7 @@ passed -=== TEST 19: verify: put ok (pass auth data by header `Authorization`) +=== TEST 20: verify: put ok (pass auth data by header `Authorization`) --- config location /t { content_by_lua_block { @@ -677,7 +692,7 @@ passed -=== TEST 20: hit route without auth info +=== TEST 21: hit route without auth info --- request GET /hello --- error_code: 401 @@ -688,7 +703,7 @@ GET /hello -=== TEST 21: add consumer with signed_headers +=== TEST 22: add consumer with signed_headers --- config location /t { content_by_lua_block { @@ -737,7 +752,7 @@ passed -=== TEST 22: verify with invalid signed header +=== TEST 23: verify with invalid signed header --- config location /t { content_by_lua_block { @@ -790,7 +805,7 @@ qr/\{"message":"Invalid signed header x-custom-header-c"\}/ -=== TEST 23: verify ok with signed headers +=== TEST 24: verify ok with signed headers --- config location /t { content_by_lua_block { @@ -847,7 +862,7 @@ passed -=== TEST 24: add consumer with plugin hmac-auth - empty configuration +=== TEST 25: add consumer with plugin hmac-auth - empty configuration --- config location /t { content_by_lua_block { From f66dcb11bb622e18093a7d43e2fbdc84d454ea67 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=BD=97=E6=B3=BD=E8=BD=A9?= Date: Thu, 11 Nov 2021 09:27:58 +0800 Subject: [PATCH 07/15] fix(upstream): load imbalance when it's referred by multiple routes (#5462) (cherry picked from commit f06f6cc0e8e41875bf105cf2c18457339002df53) --- apisix/upstream.lua | 2 +- t/node/least_conn2.t | 109 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 110 insertions(+), 1 deletion(-) create mode 100644 t/node/least_conn2.t diff --git a/apisix/upstream.lua b/apisix/upstream.lua index 8c4919a179df..4e23fbffa986 100644 --- a/apisix/upstream.lua +++ b/apisix/upstream.lua @@ -273,7 +273,7 @@ function _M.set_by_route(route, api_ctx) end set_directly(api_ctx, up_conf.type .. "#upstream_" .. tostring(up_conf), - api_ctx.conf_version, up_conf) + tostring(up_conf), up_conf) local nodes_count = up_conf.nodes and #up_conf.nodes or 0 if nodes_count == 0 then diff --git a/t/node/least_conn2.t b/t/node/least_conn2.t new file mode 100644 index 000000000000..1141ab5fee05 --- /dev/null +++ b/t/node/least_conn2.t @@ -0,0 +1,109 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +use t::APISIX 'no_plan'; + +repeat_each(2); +log_level('info'); +no_root_location(); +worker_connections(1024); +no_shuffle(); + +add_block_preprocessor(sub { + my ($block) = @_; + + if (!$block->request) { + $block->set_value("request", "GET /t"); + } + + if ((!defined $block->error_log) && (!defined $block->no_error_log)) { + $block->set_value("no_error_log", "[error]"); + } +}); + +run_tests(); + +__DATA__ + +=== TEST 1: upstream across multiple routes should not share the same version +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/upstreams/1', + ngx.HTTP_PUT, + [[{ + "type": "least_conn", + "nodes": { + "127.0.0.1:1980": 3, + "0.0.0.0:1980": 2 + } + }]] + ) + assert(code < 300, body) + local code, body = t('/apisix/admin/routes/1', + ngx.HTTP_PUT, + [[{ + "host": "1.com", + "uri": "/mysleep", + "upstream_id": "1" + }]] + ) + assert(code < 300, body) + local code, body = t('/apisix/admin/routes/2', + ngx.HTTP_PUT, + [[{ + "host": "2.com", + "uri": "/mysleep", + "upstream_id": "1" + }]] + ) + assert(code < 300, body) + } + } + + + +=== TEST 2: hit +--- config + location /t { + content_by_lua_block { + local http = require "resty.http" + local uri = "http://127.0.0.1:" .. ngx.var.server_port + .. "/mysleep?seconds=0.1" + + local t = {} + for i = 1, 2 do + local th = assert(ngx.thread.spawn(function(i) + local httpc = http.new() + local res, err = httpc:request_uri(uri, {headers = {Host = i..".com"}}) + if not res then + ngx.log(ngx.ERR, err) + return + end + end, i)) + table.insert(t, th) + end + for i, th in ipairs(t) do + ngx.thread.wait(th) + end + } + } +--- grep_error_log eval +qr/proxy request to \S+ while connecting to upstream/ +--- grep_error_log_out +proxy request to 127.0.0.1:1980 while connecting to upstream +proxy request to 0.0.0.0:1980 while connecting to upstream From a65fc6e6c8f5cde2b63ee60f4a66bd6f17cea9d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=BD=97=E6=B3=BD=E8=BD=A9?= Date: Thu, 11 Nov 2021 11:25:36 +0800 Subject: [PATCH 08/15] fix(batch-requests): correct the client ip in the pipeline (#5476) (cherry picked from commit 0aa97c30f7741eeeb341eed0795c3bd0ef1b7556) Signed-off-by: tzssangglass --- apisix/cli/ops.lua | 20 ++++++++ apisix/plugins/batch-requests.lua | 6 +++ docs/en/latest/plugins/batch-requests.md | 9 +++- docs/zh/latest/plugins/batch-requests.md | 9 +++- t/cli/test_validate_config.sh | 63 ++++++++++++++++++++++++ t/plugin/batch-requests.t | 15 ++++++ t/plugin/batch-requests2.t | 7 +++ 7 files changed, 127 insertions(+), 2 deletions(-) diff --git a/apisix/cli/ops.lua b/apisix/cli/ops.lua index ebacd3bc3d85..c1f2c169d85c 100644 --- a/apisix/cli/ops.lua +++ b/apisix/cli/ops.lua @@ -416,6 +416,26 @@ Please modify "admin_key" in conf/config.yaml . util.die("missing apisix.proxy_cache for plugin proxy-cache\n") end + if enabled_plugins["batch-requests"] then + local pass_real_client_ip = false + local real_ip_from = yaml_conf.nginx_config.http.real_ip_from + -- the real_ip_from is enabled by default, we just need to make sure it's + -- not disabled by the users + if real_ip_from then + for _, ip in ipairs(real_ip_from) do + -- TODO: handle cidr + if ip == "127.0.0.1" or ip == "0.0.0.0/0" then + pass_real_client_ip = true + end + end + end + + if not pass_real_client_ip then + util.die("missing '127.0.0.1' in the nginx_config.http.real_ip_from for plugin " .. + "batch-requests\n") + end + end + local ports_to_check = {} -- listen in admin use a separate port, support specific IP, compatible with the original style diff --git a/apisix/plugins/batch-requests.lua b/apisix/plugins/batch-requests.lua index 73c129f9c630..71a37524d42f 100644 --- a/apisix/plugins/batch-requests.lua +++ b/apisix/plugins/batch-requests.lua @@ -162,6 +162,10 @@ end local function set_common_header(data) + local local_conf = core.config.local_conf() + local real_ip_hdr = core.table.try_read_attr(local_conf, "nginx_config", "http", + "real_ip_header") + local outer_headers = core.request.headers(nil) for i,req in ipairs(data.pipeline) do for k, v in pairs(data.headers) do @@ -179,6 +183,8 @@ local function set_common_header(data) end end end + + req.headers[real_ip_hdr] = core.request.get_remote_client_ip() end end diff --git a/docs/en/latest/plugins/batch-requests.md b/docs/en/latest/plugins/batch-requests.md index dff9d41f8a31..7e258eb29f75 100644 --- a/docs/en/latest/plugins/batch-requests.md +++ b/docs/en/latest/plugins/batch-requests.md @@ -51,7 +51,14 @@ You may need to use [interceptors](../plugin-interceptors.md) to protect it. ## How To Enable -Default enabled +Enable the batch-requests plugin in the `config.yaml`: + +``` +# Add this in config.yaml +plugins: + - ... # plugin you need + - batch-requests +``` ## How To Configure diff --git a/docs/zh/latest/plugins/batch-requests.md b/docs/zh/latest/plugins/batch-requests.md index 325ab5050f41..538ac8e79bce 100644 --- a/docs/zh/latest/plugins/batch-requests.md +++ b/docs/zh/latest/plugins/batch-requests.md @@ -57,7 +57,14 @@ title: batch-requests ## 如何启用 -本插件默认启用。 +你需要在 `config.yaml` 里面启用 batch-requests 插件: + +``` +# 加到 config.yaml +plugins: + - ... # plugin you need + - batch-requests +``` ## 如何配置 diff --git a/t/cli/test_validate_config.sh b/t/cli/test_validate_config.sh index 96f6bf24b5b9..8b562d236915 100755 --- a/t/cli/test_validate_config.sh +++ b/t/cli/test_validate_config.sh @@ -89,3 +89,66 @@ fi git checkout conf/config-default.yaml echo "passed: allow configuring node_listen as a number in the default config" + +# apisix test +git checkout conf/config.yaml + +out=$(./bin/apisix test 2>&1 || true) +if ! echo "$out" | grep "configuration test is successful"; then + echo "failed: configuration test should be successful" + exit 1 +fi + +echo "pass: apisix test" + +./bin/apisix start +sleep 1 # wait for apisix starts + +# set invalid configuration +echo ' +nginx_config: + main_configuration_snippet: | + notexist on; +' > conf/config.yaml + +# apisix restart +out=$(./bin/apisix restart 2>&1 || true) +if ! (echo "$out" | grep "\[emerg\] unknown directive \"notexist\"") && ! (echo "$out" | grep "APISIX is running"); then + echo "failed: should restart failed when configuration invalid" + exit 1 +fi + +echo "passed: apisix restart" + +# apisix test - failure scenario +out=$(./bin/apisix test 2>&1 || true) +if ! echo "$out" | grep "configuration test failed"; then + echo "failed: should test failed when configuration invalid" + exit 1 +fi + +# apisix test failure should not affect apisix stop +out=$(./bin/apisix stop 2>&1 || true) +if echo "$out" | grep "\[emerg\] unknown directive \"notexist\""; then + echo "failed: `apisix test` failure should not affect `apisix stop`" + exit 1 +fi + +echo "passed: apisix test(failure scenario)" + +echo ' +plugins: +- batch-requests +nginx_config: + http: + real_ip_from: + - "127.0.0.2" +' > conf/config.yaml + +out=$(make init 2>&1 || true) +if ! echo "$out" | grep "missing '127.0.0.1' in the nginx_config.http.real_ip_from for plugin batch-requests"; then + echo "failed: should check the realip configuration for batch-requests" + exit 1 +fi + +echo "passed: check the realip configuration for batch-requests" diff --git a/t/plugin/batch-requests.t b/t/plugin/batch-requests.t index e341b87669e0..415369ea76fd 100644 --- a/t/plugin/batch-requests.t +++ b/t/plugin/batch-requests.t @@ -21,6 +21,17 @@ no_long_string(); no_root_location(); log_level("debug"); +add_block_preprocessor(sub { + my ($block) = @_; + + my $extra_yaml_config = <<_EOC_; +plugins: + - batch-requests +_EOC_ + + $block->set_value("extra_yaml_config", $extra_yaml_config); +}); + run_tests; __DATA__ @@ -67,6 +78,7 @@ __DATA__ "status": 200, "body":"B", "headers": { + "Client-IP": "127.0.0.1", "Base-Header": "base", "Base-Query": "base_query", "X-Res": "B", @@ -80,6 +92,7 @@ __DATA__ "status": 201, "body":"C", "headers": { + "Client-IP-From-Hdr": "127.0.0.1", "Base-Header": "base", "Base-Query": "base_query", "X-Res": "C", @@ -111,6 +124,7 @@ __DATA__ location = /b { content_by_lua_block { ngx.status = 200 + ngx.header["Client-IP"] = ngx.var.remote_addr ngx.header["Base-Header"] = ngx.req.get_headers()["Base-Header"] ngx.header["Base-Query"] = ngx.var.arg_base ngx.header["X-Header1"] = ngx.req.get_headers()["Header1"] @@ -124,6 +138,7 @@ __DATA__ location = /c { content_by_lua_block { ngx.status = 201 + ngx.header["Client-IP-From-Hdr"] = ngx.req.get_headers()["X-Real-IP"] ngx.header["Base-Header"] = ngx.req.get_headers()["Base-Header"] ngx.header["Base-Query"] = ngx.var.arg_base ngx.header["X-Res"] = "C" diff --git a/t/plugin/batch-requests2.t b/t/plugin/batch-requests2.t index 046dfe335c4f..ba578c47c9a4 100644 --- a/t/plugin/batch-requests2.t +++ b/t/plugin/batch-requests2.t @@ -30,6 +30,13 @@ add_block_preprocessor(sub { if (!$block->no_error_log && !$block->error_log) { $block->set_value("no_error_log", "[error]\n[alert]"); } + + my $extra_yaml_config = <<_EOC_; +plugins: + - batch-requests +_EOC_ + + $block->set_value("extra_yaml_config", $extra_yaml_config); }); run_tests; From 9362ddf0f7f912ef57605dcfec58e847a122fc1f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=BD=97=E6=B3=BD=E8=BD=A9?= Date: Sun, 14 Nov 2021 15:08:55 +0800 Subject: [PATCH 09/15] fix: response.set_header can remove header like request.set_header (#5499) Signed-off-by: spacewander (cherry picked from commit 6c5108ff3896b96e1bf0a0a68fd2e7a9aadc1162) --- apisix/core/response.lua | 4 +++- t/core/response.t | 21 +++++++++++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/apisix/core/response.lua b/apisix/core/response.lua index 92cd069e3e51..45be70f2c2bb 100644 --- a/apisix/core/response.lua +++ b/apisix/core/response.lua @@ -100,7 +100,9 @@ local function set_header(append, ...) if count == 1 then local headers = select(1, ...) if type(headers) ~= "table" then - error("should be a table if only one argument", 2) + -- response.set_header(name, nil) + ngx_header[headers] = nil + return end for k, v in pairs(headers) do diff --git a/t/core/response.t b/t/core/response.t index eb8eda8b28e4..ed7856be2a9d 100644 --- a/t/core/response.t +++ b/t/core/response.t @@ -142,3 +142,24 @@ aaa: bbb, bbb ccc: ddd --- no_error_log [error] + + + +=== TEST 7: delete header +--- config + location = /t { + access_by_lua_block { + local core = require("apisix.core") + core.response.set_header("aaa", "bbb") + core.response.set_header("aaa", nil) + core.response.exit(200, "done\n") + } + } +--- request +GET /t +--- response_body +done +--- response_headers +aaa: +--- no_error_log +[error] From 4e69985b2aec3d0464da9d95a609b2e55337a722 Mon Sep 17 00:00:00 2001 From: tzssangglass Date: Mon, 15 Nov 2021 14:07:34 +0800 Subject: [PATCH 10/15] feat: release 2.10.2 (#5508) (cherry picked from commit d13e7f7f0b3f6001cb634598e533a23658927285) Signed-off-by: tzssangglass --- CHANGELOG.md | 21 +++++++ apisix/core/version.lua | 2 +- docs/en/latest/config.json | 2 +- docs/en/latest/how-to-build.md | 55 ++++++++++++++---- docs/zh/latest/CHANGELOG.md | 21 +++++++ docs/zh/latest/config.json | 2 +- docs/zh/latest/how-to-build.md | 61 +++++++++++++++----- rockspec/apisix-2.10.2-0.rockspec | 95 +++++++++++++++++++++++++++++++ 8 files changed, 233 insertions(+), 26 deletions(-) create mode 100644 rockspec/apisix-2.10.2-0.rockspec diff --git a/CHANGELOG.md b/CHANGELOG.md index 790a4b19e437..fdcfb887e4a2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -23,6 +23,7 @@ title: Changelog ## Table of Contents +- [2.10.2](#2102) - [2.10.1](#2101) - [2.10.0](#2100) - [2.9.0](#290) @@ -47,6 +48,26 @@ title: Changelog - [0.7.0](#070) - [0.6.0](#060) +## 2.10.2 + +### Bugfix + +- fix: response.set_header should remove header like request.set_header [#5499](https://github.com/apache/apisix/pull/5499) +- fix(batch-requests): correct the client ip in the pipeline [#5476](https://github.com/apache/apisix/pull/5476) +- fix(upstream): load imbalance when it's referred by multiple routes [#5462](https://github.com/apache/apisix/pull/5462) +- fix(hmac-auth): check if the X-HMAC-ALGORITHM header is missing [#5467](https://github.com/apache/apisix/pull/5467) +- fix: prevent being hacked by untrusted request_uri [#5458](https://github.com/apache/apisix/pull/5458) +- fix(admin): modify boolean parameters with PATCH [#5434](https://github.com/apache/apisix/pull/5432) +- fix(auth-ldap): add handler for invalid basic auth header values [#5432](https://github.com/apache/apisix/pull/5432) +- fix(traffic-split): multiple rules with multiple weighted_upstreams under each rule cause upstream_key duplicate [#5414](https://github.com/apache/apisix/pull/5414) +- fix: add handler for invalid basic auth header values [#5419](https://github.com/apache/apisix/pull/5419) +- fix: ldap deps in install-dependencies.sh [#5385](https://github.com/apache/apisix/pull/5385) +- fix(request-validation): correct rejected_message to rejected_msg [#5355](https://github.com/apache/apisix/pull/5355) + +### Change + +- change: log insensitive consumer info only [#5445](https://github.com/apache/apisix/pull/5445) + ## 2.10.1 ### Bugfix diff --git a/apisix/core/version.lua b/apisix/core/version.lua index 350f101bf90b..1761fb51937a 100644 --- a/apisix/core/version.lua +++ b/apisix/core/version.lua @@ -15,5 +15,5 @@ -- limitations under the License. -- return { - VERSION = "2.10.1" + VERSION = "2.10.2" } diff --git a/docs/en/latest/config.json b/docs/en/latest/config.json index f813028e3428..3c2105b38915 100644 --- a/docs/en/latest/config.json +++ b/docs/en/latest/config.json @@ -1,5 +1,5 @@ { - "version": "2.10.1", + "version": "2.10.2", "sidebar": [ { "type": "category", diff --git a/docs/en/latest/how-to-build.md b/docs/en/latest/how-to-build.md index d3de81708349..ff8ea580198b 100644 --- a/docs/en/latest/how-to-build.md +++ b/docs/en/latest/how-to-build.md @@ -29,14 +29,36 @@ Before installing Apache APISIX, please install dependencies according to the op ## Step 2: Install Apache APISIX -You can install Apache APISIX via RPM package, Docker, Helm Chart, and source release package. Please choose one from the following options. +You can install Apache APISIX via RPM Repository, RPM package, Docker, Helm Chart, and source release package. Please choose one from the following options. + +### Installation via RPM Repository(CentOS 7) + +This installation method is suitable for CentOS 7. For now, the Apache APISIX RPM repository for CentOS 7 is already supported. Please run the following commands to install the repository and Apache APISIX. + +```shell +sudo yum-config-manager --add-repo https://repos.apiseven.com/packages/centos/apache-apisix.repo +# View the information of the latest apisix package +sudo yum info -y apisix + +# Will show the existing apisix packages +sudo yum --showduplicates list apisix + +# Will install the latest apisix package +sudo yum install apisix +``` + +If the official OpenResty repository is not installed yet, the following command will help you automatically install both the repositories of OpenResty and Apache APISIX. + +```shell +sudo yum install -y https://repos.apiseven.com/packages/centos/apache-apisix-repo-1.0-1.noarch.rpm +``` ### Installation via RPM Package(CentOS 7) This installation method is suitable for CentOS 7, please run the following command to install Apache APISIX. ```shell -sudo yum install -y https://github.com/apache/apisix/releases/download/2.10.1/apisix-2.10.1-0.el7.x86_64.rpm +sudo yum install -y https://repos.apiseven.com/packages/centos/7/x86_64/apisix-2.10.2-0.el7.x86_64.rpm ``` ### Installation via Docker @@ -49,16 +71,16 @@ Please refer to: [Installing Apache APISIX with Helm Chart](https://github.com/a ### Installation via Source Release Package -1. Create a directory named `apisix-2.10.1`. +1. Create a directory named `apisix-2.10.2`. ```shell - mkdir apisix-2.10.1 + mkdir apisix-2.10.2 ``` 2. Download Apache APISIX Release source package. ```shell - wget https://downloads.apache.org/apisix/2.10.1/apache-apisix-2.10.1-src.tgz + wget https://downloads.apache.org/apisix/2.10.2/apache-apisix-2.10.2-src.tgz ``` You can also download the Apache APISIX Release source package from the Apache APISIX website. The [Apache APISIX Official Website - Download Page](https://apisix.apache.org/downloads/) also provides source packages for Apache APISIX, APISIX Dashboard and APISIX Ingress Controller. @@ -66,16 +88,18 @@ Please refer to: [Installing Apache APISIX with Helm Chart](https://github.com/a 3. Unzip the Apache APISIX Release source package. ```shell - tar zxvf apache-apisix-2.10.1-src.tgz -C apisix-2.10.1 + tar zxvf apache-apisix-2.10.2-src.tgz -C apisix-2.10.2 ``` 4. Install the runtime dependent Lua libraries. ```shell - # Switch to the apisix-2.10.1 directory - cd apisix-2.10.1 + # Switch to the apisix-2.10.2 directory + cd apisix-2.10.2 # Create dependencies make deps + # Install apisix command + make install ``` ## Step 3: Manage Apache APISIX Server @@ -91,6 +115,15 @@ Run the following command to initialize the NGINX configuration file and etcd. apisix init ``` +### Test configuration file + +Run the following command to test the configuration file. APISIX will generate `nginx.conf` from `config.yaml` and check whether the syntax of `nginx.conf` is correct. + +```shell +# generate `nginx.conf` from `config.yaml` and test it +apisix test +``` + ### Start Apache APISIX Run the following command to start Apache APISIX. @@ -145,7 +178,7 @@ apisix help git clone https://github.com/iresty/test-nginx.git ``` -4. Load the test-nginx library with the `prove` command in `perl` and run the test case set in the `/t` directory. +4. Here are two ways of running tests: - Append the current directory to the perl module directory: `export PERL5LIB=.:$PERL5LIB`, then run `make test` command. @@ -171,7 +204,7 @@ apisix help The solution to the `Error unknown directive "lua_package_path" in /API_ASPIX/apisix/t/servroot/conf/nginx.conf` error is as shown below. -Ensure that Openresty is set to the default NGINX, and export the path as follows: +Ensure that OpenResty is set to the default NGINX, and export the path as follows: * `export PATH=/usr/local/openresty/nginx/sbin:$PATH` * Linux default installation path: @@ -187,6 +220,8 @@ Run the specified test case using the following command. prove -Itest-nginx/lib -r t/plugin/openid-connect.t ``` +For more details on the test cases, see the [testing framwork](https://github.com/apache/apisix/blob/master/docs/en/latest/internal/testing-framework.md). + ## Step 5: Update Admin API token to Protect Apache APISIX You need to modify the Admin API key to protect Apache APISIX. diff --git a/docs/zh/latest/CHANGELOG.md b/docs/zh/latest/CHANGELOG.md index 4d683c8f8c4f..10c3790039ac 100644 --- a/docs/zh/latest/CHANGELOG.md +++ b/docs/zh/latest/CHANGELOG.md @@ -23,6 +23,7 @@ title: CHANGELOG ## Table of Contents +- [2.10.2](#2102) - [2.10.1](#2101) - [2.10.0](#2100) - [2.9.0](#290) @@ -47,6 +48,26 @@ title: CHANGELOG - [0.7.0](#070) - [0.6.0](#060) +## 2.10.2 + +### Bugfix + +- 更正 response.set_header 行为,与 request.set_header 保持一致 [#5499](https://github.com/apache/apisix/pull/5499) +- 修复 batch-requests 插件中 client ip 的问题 [#5476](https://github.com/apache/apisix/pull/5476) +- 修复 upstream 被多条 routes 绑定时,负载不平衡的问题 [#5462](https://github.com/apache/apisix/pull/5462) +- hmac-auth 插件检查是否缺少 X-HMAC-ALGORITHM header [#5467](https://github.com/apache/apisix/pull/5467) +- 防止不可信的 request_uri [#5458](https://github.com/apache/apisix/pull/5458) +- 修复用 PATCH 方法修改 boolean 参数的问题 [#5434](https://github.com/apache/apisix/pull/5432) +- auth-ldap 插件处理无效的 Authorization header [#5432](https://github.com/apache/apisix/pull/5432) +- 修复 traffic-split 插件 upstream_key 重复的问题 [#5414](https://github.com/apache/apisix/pull/5414) +- basic-auth 插件处理无效的 Authorization header [#5419](https://github.com/apache/apisix/pull/5419) +- 修复 install-dependencies.sh 中的依赖 [#5385](https://github.com/apache/apisix/pull/5385) +- 更正 request-validation 插件的 rejected_message 为 rejected_msg [#5355](https://github.com/apache/apisix/pull/5355) + +### Change + +- 只记录不敏感的 consumer 信息 [#5445](https://github.com/apache/apisix/pull/5445) + ## 2.10.1 ### Bugfix diff --git a/docs/zh/latest/config.json b/docs/zh/latest/config.json index fa9c34a2c651..2479f81a0058 100644 --- a/docs/zh/latest/config.json +++ b/docs/zh/latest/config.json @@ -1,5 +1,5 @@ { - "version": "2.10.1", + "version": "2.10.2", "sidebar": [ { "type": "category", diff --git a/docs/zh/latest/how-to-build.md b/docs/zh/latest/how-to-build.md index 63aedbddf553..738f73793f0a 100644 --- a/docs/zh/latest/how-to-build.md +++ b/docs/zh/latest/how-to-build.md @@ -29,14 +29,36 @@ Apache APISIX 的运行环境需要依赖 NGINX 和 etcd,所以在安装 Apach ## 步骤2:安装 Apache APISIX -你可以通过 RPM 包、Docker、Helm Chart、源码包等多种方式来安装 Apache APISIX。请在以下选项中选择其中一种执行。 +你可以通过 RPM 仓库、RPM 包、Docker、Helm Chart、源码包等多种方式来安装 Apache APISIX。请在以下选项中选择其中一种执行。 + +### 通过 RPM 仓库安装(CentOS 7) + +这种安装方式适用于 CentOS 7 操作系统。Apache APISIX 已经支持适用于 CentOS 7 的 RPM 仓库。请运行以下命令安装 RPM 仓库和 Apache APISIX。 + +```shell +sudo yum-config-manager --add-repo https://repos.apiseven.com/packages/centos/apache-apisix.repo +# View the information of the latest apisix package +sudo yum info -y apisix + +# Will show the existing apisix packages +sudo yum --showduplicates list apisix + +# Will install the latest apisix package +sudo yum install apisix +``` + +如果尚未安装 OpenResty 的官方 RPM 仓库,以下命令可以帮助您自动安装 OpenResty 和 Apache APISIX 的 RPM 仓库。 + +```shell +sudo yum install -y https://repos.apiseven.com/packages/centos/apache-apisix-repo-1.0-1.noarch.rpm +``` ### 通过 RPM 包安装(CentOS 7) 这种安装方式适用于 CentOS 7 操作系统,请运行以下命令安装 Apache APISIX。 ```shell -sudo yum install -y https://github.com/apache/apisix/releases/download/2.10.1/apisix-2.10.1-0.el7.x86_64.rpm +sudo yum install -y https://repos.apiseven.com/packages/centos/7/x86_64/apisix-2.10.2-0.el7.x86_64.rpm ``` ### 通过 Docker 安装 @@ -49,16 +71,16 @@ sudo yum install -y https://github.com/apache/apisix/releases/download/2.10.1/ap ### 通过源码包安装 -1. 创建一个名为 `apisix-2.10.1` 的目录。 +1. 创建一个名为 `apisix-2.10.2` 的目录。 ```shell - mkdir apisix-2.10.1 + mkdir apisix-2.10.2 ``` 2. 下载 Apache APISIX Release 源码包: ```shell - wget https://downloads.apache.org/apisix/2.10.1/apache-apisix-2.10.1-src.tgz + wget https://downloads.apache.org/apisix/2.10.2/apache-apisix-2.10.2-src.tgz ``` 您也可以通过 Apache APISIX 官网下载 Apache APISIX Release 源码包。 Apache APISIX 官网也提供了 Apache APISIX、APISIX Dashboard 和 APISIX Ingress Controller 的源码包,详情请参考[Apache APISIX 官网-下载页](https://apisix.apache.org/zh/downloads)。 @@ -66,16 +88,18 @@ sudo yum install -y https://github.com/apache/apisix/releases/download/2.10.1/ap 3. 解压 Apache APISIX Release 源码包: ```shell - tar zxvf apache-apisix-2.10.1-src.tgz -C apisix-2.10.1 + tar zxvf apache-apisix-2.10.2-src.tgz -C apisix-2.10.2 ``` 4. 安装运行时依赖的 Lua 库: ```shell - # 切换到 apisix-2.10.1 目录 - cd apisix-2.10.1 - # 创建依赖 - make deps + # 切换到 apisix-2.10.2 目录 + cd apisix-2.10.2 + # 安装依赖 + LUAROCKS_SERVER=https://luarocks.cn make deps + # 安装 apisix 命令 + make install ``` ## 步骤3:管理 Apache APISIX 服务 @@ -91,13 +115,22 @@ sudo yum install -y https://github.com/apache/apisix/releases/download/2.10.1/ap apisix init ``` +### 测试配置文件 + +运行以下命令测试配置文件。 APISIX 将根据 `config.yaml` 生成 `nginx.conf` ,并检查 `nginx.conf` 的语法是否正确。 + +```shell +# generate `nginx.conf` from `config.yaml` and test it +apisix test +``` + ### 启动 Apache APISIX 运行以下命令启动 Apache APISIX。 ```shell # start Apache APISIX server -apisix run +apisix start ``` ### 停止运行 Apache APISIX @@ -143,7 +176,7 @@ apisix help git clone https://github.com/iresty/test-nginx.git ``` -4. 通过 `perl` 的 `prove` 命令来加载 test-nginx 的库,并运行 `/t` 目录下的测试案例集: +4. 有两种方法运行测试: - 追加当前目录到perl模块目录: `export PERL5LIB=.:$PERL5LIB`,然后运行 `make test` 命令。 @@ -169,7 +202,7 @@ apisix help 出现`Error unknown directive "lua_package_path" in /API_ASPIX/apisix/t/servroot/conf/nginx.conf` 报错的解决方法如下: -确保将 Openresty 设置为默认的 NGINX,并按如下所示导出路径: +确保将 OpenResty 设置为默认的 NGINX,并按如下所示导出路径: * `export PATH=/usr/local/openresty/nginx/sbin:$PATH` * Linux 默认安装路径: @@ -185,6 +218,8 @@ apisix help prove -Itest-nginx/lib -r t/plugin/openid-connect.t ``` +关于测试用例的更多细节,参见[测试框架](https://github.com/apache/apisix/blob/master/docs/en/latest/internal/testing-framework.md) + ## 步骤5:修改 Admin API key 您需要修改 Admin API 的 key,以保护 Apache APISIX。 diff --git a/rockspec/apisix-2.10.2-0.rockspec b/rockspec/apisix-2.10.2-0.rockspec new file mode 100644 index 000000000000..9f443aeebdb7 --- /dev/null +++ b/rockspec/apisix-2.10.2-0.rockspec @@ -0,0 +1,95 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one or more +-- contributor license agreements. See the NOTICE file distributed with +-- this work for additional information regarding copyright ownership. +-- The ASF licenses this file to You under the Apache License, Version 2.0 +-- (the "License"); you may not use this file except in compliance with +-- the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. +-- + +package = "apisix" +version = "2.10.2-0" +supported_platforms = {"linux", "macosx"} + +source = { + url = "git://github.com/apache/apisix", + branch = "2.10.2", +} + +description = { + summary = "Apache APISIX is a cloud-native microservices API gateway, delivering the ultimate performance, security, open source and scalable platform for all your APIs and microservices.", + homepage = "https://github.com/apache/apisix", + license = "Apache License 2.0", +} + +dependencies = { + "lua-resty-ctxdump = 0.1-0", + "lua-resty-dns-client = 5.2.0", + "lua-resty-template = 2.0", + "lua-resty-etcd = 1.5.4", + "api7-lua-resty-http = 0.2.0", + "lua-resty-balancer = 0.04", + "lua-resty-ngxvar = 0.5.2", + "lua-resty-jit-uuid = 0.0.7", + "lua-resty-healthcheck-api7 = 2.2.0", + "lua-resty-jwt = 0.2.0", + "lua-resty-hmac-ffi = 0.05", + "lua-resty-cookie = 0.1.0", + "lua-resty-session = 2.24", + "opentracing-openresty = 0.1", + "lua-resty-radixtree = 2.8.1", + "lua-protobuf = 0.3.3", + "lua-resty-openidc = 1.7.2-1", + "luafilesystem = 1.7.0-2", + "api7-lua-tinyyaml = 0.3.0", + "nginx-lua-prometheus = 0.20210206", + "jsonschema = 0.9.5", + "lua-resty-ipmatcher = 0.6.1", + "lua-resty-kafka = 0.07", + "lua-resty-logger-socket = 2.0-0", + "skywalking-nginx-lua = 0.4-1", + "base64 = 1.5-2", + "binaryheap = 0.4", + "dkjson = 2.5-2", + "resty-redis-cluster = 1.02-4", + "lua-resty-expr = 1.3.1", + "graphql = 0.0.2", + "argparse = 0.7.1-1", + "luasocket = 3.0rc1-2", + "luasec = 0.9-1", + "lua-resty-consul = 0.3-2", + "penlight = 1.9.2-1", + "ext-plugin-proto = 0.3.0", + "casbin = 1.26.0", + "api7-snowflake = 2.0-1", + "inspect == 3.1.1", +} + +build = { + type = "make", + build_variables = { + CFLAGS="$(CFLAGS)", + LIBFLAG="$(LIBFLAG)", + LUA_LIBDIR="$(LUA_LIBDIR)", + LUA_BINDIR="$(LUA_BINDIR)", + LUA_INCDIR="$(LUA_INCDIR)", + LUA="$(LUA)", + OPENSSL_INCDIR="$(OPENSSL_INCDIR)", + OPENSSL_LIBDIR="$(OPENSSL_LIBDIR)", + }, + install_variables = { + INST_PREFIX="$(PREFIX)", + INST_BINDIR="$(BINDIR)", + INST_LIBDIR="$(LIBDIR)", + INST_LUADIR="$(LUADIR)", + INST_CONFDIR="$(CONFDIR)", + }, +} From 2b6a6500ae156b49486f97e6acb858b74218c729 Mon Sep 17 00:00:00 2001 From: tzssangglass Date: Mon, 15 Nov 2021 15:35:42 +0800 Subject: [PATCH 11/15] ci: run CI on PR to release/** branch (#5509) (cherry picked from commit 5b7209902874b6b9b84463783aaefebb5bd0ecdd) Signed-off-by: tzssangglass --- .github/workflows/build.yml | 2 +- .github/workflows/centos7-ci.yml | 2 +- .github/workflows/chaos.yml | 3 +-- .github/workflows/code-lint.yml | 2 +- .github/workflows/doc-lint.yml | 2 +- .github/workflows/fuzzing-ci.yaml | 6 ++---- .github/workflows/license-checker.yml | 6 ++---- 7 files changed, 9 insertions(+), 14 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 9081512dad4c..0ea9817b0ba2 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -6,7 +6,7 @@ on: paths-ignore: - 'docs/**' pull_request: - branches: [master] + branches: [master, 'release/**'] paths-ignore: - 'docs/**' diff --git a/.github/workflows/centos7-ci.yml b/.github/workflows/centos7-ci.yml index be94a7eb0215..be5f4305361e 100644 --- a/.github/workflows/centos7-ci.yml +++ b/.github/workflows/centos7-ci.yml @@ -6,7 +6,7 @@ on: paths-ignore: - 'docs/**' pull_request: - branches: [master] + branches: [master, 'release/**'] paths-ignore: - 'docs/**' diff --git a/.github/workflows/chaos.yml b/.github/workflows/chaos.yml index 99f639d0c363..8a428dc2efb9 100644 --- a/.github/workflows/chaos.yml +++ b/.github/workflows/chaos.yml @@ -2,8 +2,7 @@ name: Chaos Test on: pull_request: - branches: - - master + branches: [master, 'release/**'] paths-ignore: - 'docs/**' diff --git a/.github/workflows/code-lint.yml b/.github/workflows/code-lint.yml index be995b460c75..b1eb572b8833 100644 --- a/.github/workflows/code-lint.yml +++ b/.github/workflows/code-lint.yml @@ -2,7 +2,7 @@ name: Code Lint on: pull_request: - branches: [master] + branches: [master, 'release/**'] paths-ignore: - 'docs/**' diff --git a/.github/workflows/doc-lint.yml b/.github/workflows/doc-lint.yml index 5aa9d8440c9a..ed519371cce9 100644 --- a/.github/workflows/doc-lint.yml +++ b/.github/workflows/doc-lint.yml @@ -2,7 +2,7 @@ name: Doc Lint on: pull_request: - branches: [master] + branches: [master, 'release/**'] paths: - '**/*.md' diff --git a/.github/workflows/fuzzing-ci.yaml b/.github/workflows/fuzzing-ci.yaml index 71eaf8b5f2a7..20d393f899cd 100644 --- a/.github/workflows/fuzzing-ci.yaml +++ b/.github/workflows/fuzzing-ci.yaml @@ -2,13 +2,11 @@ name: fuzzing on: push: - branches: - - master + branches: [master, 'release/**'] paths-ignore: - 'docs/**' pull_request: - branches: - - master + branches: [master, 'release/**'] paths-ignore: - 'docs/**' diff --git a/.github/workflows/license-checker.yml b/.github/workflows/license-checker.yml index 586c7a908fcc..a404bfc314db 100644 --- a/.github/workflows/license-checker.yml +++ b/.github/workflows/license-checker.yml @@ -20,11 +20,9 @@ name: License checker on: push: - branches: - - master + branches: [master, 'release/**'] pull_request: - branches: - - master + branches: [master, 'release/**'] jobs: check-license: From c6a409cc1752601449ecb4c2f2236ebfef1c949b Mon Sep 17 00:00:00 2001 From: tzssangglass Date: Mon, 15 Nov 2021 02:27:32 -0600 Subject: [PATCH 12/15] chore: remove ldap on release 2.10.2 (#5516) (cherry picked from commit cc43b9fc1bf9be14c05d36415f83cdd189d0a7f5) --- CHANGELOG.md | 2 -- docs/zh/latest/CHANGELOG.md | 2 -- 2 files changed, 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fdcfb887e4a2..8c865379d724 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -58,10 +58,8 @@ title: Changelog - fix(hmac-auth): check if the X-HMAC-ALGORITHM header is missing [#5467](https://github.com/apache/apisix/pull/5467) - fix: prevent being hacked by untrusted request_uri [#5458](https://github.com/apache/apisix/pull/5458) - fix(admin): modify boolean parameters with PATCH [#5434](https://github.com/apache/apisix/pull/5432) -- fix(auth-ldap): add handler for invalid basic auth header values [#5432](https://github.com/apache/apisix/pull/5432) - fix(traffic-split): multiple rules with multiple weighted_upstreams under each rule cause upstream_key duplicate [#5414](https://github.com/apache/apisix/pull/5414) - fix: add handler for invalid basic auth header values [#5419](https://github.com/apache/apisix/pull/5419) -- fix: ldap deps in install-dependencies.sh [#5385](https://github.com/apache/apisix/pull/5385) - fix(request-validation): correct rejected_message to rejected_msg [#5355](https://github.com/apache/apisix/pull/5355) ### Change diff --git a/docs/zh/latest/CHANGELOG.md b/docs/zh/latest/CHANGELOG.md index 10c3790039ac..44e981b45552 100644 --- a/docs/zh/latest/CHANGELOG.md +++ b/docs/zh/latest/CHANGELOG.md @@ -58,10 +58,8 @@ title: CHANGELOG - hmac-auth 插件检查是否缺少 X-HMAC-ALGORITHM header [#5467](https://github.com/apache/apisix/pull/5467) - 防止不可信的 request_uri [#5458](https://github.com/apache/apisix/pull/5458) - 修复用 PATCH 方法修改 boolean 参数的问题 [#5434](https://github.com/apache/apisix/pull/5432) -- auth-ldap 插件处理无效的 Authorization header [#5432](https://github.com/apache/apisix/pull/5432) - 修复 traffic-split 插件 upstream_key 重复的问题 [#5414](https://github.com/apache/apisix/pull/5414) - basic-auth 插件处理无效的 Authorization header [#5419](https://github.com/apache/apisix/pull/5419) -- 修复 install-dependencies.sh 中的依赖 [#5385](https://github.com/apache/apisix/pull/5385) - 更正 request-validation 插件的 rejected_message 为 rejected_msg [#5355](https://github.com/apache/apisix/pull/5355) ### Change From 07b6213b40127814c97ada3af5d8190f3205f792 Mon Sep 17 00:00:00 2001 From: tzssangglass Date: Mon, 15 Nov 2021 18:17:39 +0800 Subject: [PATCH 13/15] specify the kafka image version Signed-off-by: tzssangglass --- ci/install-ext-services-via-docker.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ci/install-ext-services-via-docker.sh b/ci/install-ext-services-via-docker.sh index 612d0b7136fe..0bdc3ef028bc 100755 --- a/ci/install-ext-services-via-docker.sh +++ b/ci/install-ext-services-via-docker.sh @@ -24,8 +24,8 @@ docker run --rm -itd -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=123456 -p 8090: docker network create kafka-net --driver bridge docker run --name zookeeper-server1 -d -p 2181:2181 --network kafka-net -e ALLOW_ANONYMOUS_LOGIN=yes bitnami/zookeeper:3.6.0 docker run --name zookeeper-server2 -d -p 12181:2181 --network kafka-net -e ALLOW_ANONYMOUS_LOGIN=yes bitnami/zookeeper:3.6.0 -docker run --name kafka-server1 -d --network kafka-net -e ALLOW_PLAINTEXT_LISTENER=yes -e KAFKA_CFG_ZOOKEEPER_CONNECT=zookeeper-server1:2181 -e KAFKA_CFG_ADVERTISED_LISTENERS=PLAINTEXT://127.0.0.1:9092 -p 9092:9092 -e KAFKA_CFG_AUTO_CREATE_TOPICS_ENABLE=true bitnami/kafka:latest -docker run --name kafka-server2 -d --network kafka-net -e ALLOW_PLAINTEXT_LISTENER=yes -e KAFKA_CFG_ZOOKEEPER_CONNECT=zookeeper-server2:2181 -e KAFKA_CFG_ADVERTISED_LISTENERS=PLAINTEXT://127.0.0.1:9092 -p 19092:9092 -e KAFKA_CFG_AUTO_CREATE_TOPICS_ENABLE=true bitnami/kafka:latest +docker run --name kafka-server1 -d --network kafka-net -e ALLOW_PLAINTEXT_LISTENER=yes -e KAFKA_CFG_ZOOKEEPER_CONNECT=zookeeper-server1:2181 -e KAFKA_CFG_ADVERTISED_LISTENERS=PLAINTEXT://127.0.0.1:9092 -p 9092:9092 -e KAFKA_CFG_AUTO_CREATE_TOPICS_ENABLE=true bitnami/kafka:2.8.1 +docker run --name kafka-server2 -d --network kafka-net -e ALLOW_PLAINTEXT_LISTENER=yes -e KAFKA_CFG_ZOOKEEPER_CONNECT=zookeeper-server2:2181 -e KAFKA_CFG_ADVERTISED_LISTENERS=PLAINTEXT://127.0.0.1:9092 -p 19092:9092 -e KAFKA_CFG_AUTO_CREATE_TOPICS_ENABLE=true bitnami/kafka:2.8.1 docker run --name eureka -d -p 8761:8761 --env ENVIRONMENT=apisix --env spring.application.name=apisix-eureka --env server.port=8761 --env eureka.instance.ip-address=127.0.0.1 --env eureka.client.registerWithEureka=true --env eureka.client.fetchRegistry=false --env eureka.client.serviceUrl.defaultZone=http://127.0.0.1:8761/eureka/ bitinit/eureka sleep 5 docker exec -i kafka-server1 /opt/bitnami/kafka/bin/kafka-topics.sh --create --zookeeper zookeeper-server1:2181 --replication-factor 1 --partitions 1 --topic test2 From 7007138c9216b068442d05a86d641218ccc58e9e Mon Sep 17 00:00:00 2001 From: tzssangglass Date: Mon, 15 Nov 2021 19:18:18 +0800 Subject: [PATCH 14/15] remove test configuration Signed-off-by: tzssangglass --- t/cli/test_validate_config.sh | 27 --------------------------- 1 file changed, 27 deletions(-) diff --git a/t/cli/test_validate_config.sh b/t/cli/test_validate_config.sh index 8b562d236915..2128998825b6 100755 --- a/t/cli/test_validate_config.sh +++ b/t/cli/test_validate_config.sh @@ -90,17 +90,6 @@ git checkout conf/config-default.yaml echo "passed: allow configuring node_listen as a number in the default config" -# apisix test -git checkout conf/config.yaml - -out=$(./bin/apisix test 2>&1 || true) -if ! echo "$out" | grep "configuration test is successful"; then - echo "failed: configuration test should be successful" - exit 1 -fi - -echo "pass: apisix test" - ./bin/apisix start sleep 1 # wait for apisix starts @@ -120,22 +109,6 @@ fi echo "passed: apisix restart" -# apisix test - failure scenario -out=$(./bin/apisix test 2>&1 || true) -if ! echo "$out" | grep "configuration test failed"; then - echo "failed: should test failed when configuration invalid" - exit 1 -fi - -# apisix test failure should not affect apisix stop -out=$(./bin/apisix stop 2>&1 || true) -if echo "$out" | grep "\[emerg\] unknown directive \"notexist\""; then - echo "failed: `apisix test` failure should not affect `apisix stop`" - exit 1 -fi - -echo "passed: apisix test(failure scenario)" - echo ' plugins: - batch-requests From b8a4898d1f83410ec8ed1edaf1b89a07e8a69010 Mon Sep 17 00:00:00 2001 From: tzssangglass Date: Mon, 15 Nov 2021 19:34:57 -0600 Subject: [PATCH 15/15] chore: remove unnecessary backport PR in CHANGELOG.md (#5519) (cherry picked from commit 718eb4b21efb2e640939f864441c5e84b7c46cad) --- CHANGELOG.md | 1 - docs/zh/latest/CHANGELOG.md | 1 - 2 files changed, 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8c865379d724..752cb0e9f806 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -60,7 +60,6 @@ title: Changelog - fix(admin): modify boolean parameters with PATCH [#5434](https://github.com/apache/apisix/pull/5432) - fix(traffic-split): multiple rules with multiple weighted_upstreams under each rule cause upstream_key duplicate [#5414](https://github.com/apache/apisix/pull/5414) - fix: add handler for invalid basic auth header values [#5419](https://github.com/apache/apisix/pull/5419) -- fix(request-validation): correct rejected_message to rejected_msg [#5355](https://github.com/apache/apisix/pull/5355) ### Change diff --git a/docs/zh/latest/CHANGELOG.md b/docs/zh/latest/CHANGELOG.md index 44e981b45552..031cd233ec22 100644 --- a/docs/zh/latest/CHANGELOG.md +++ b/docs/zh/latest/CHANGELOG.md @@ -60,7 +60,6 @@ title: CHANGELOG - 修复用 PATCH 方法修改 boolean 参数的问题 [#5434](https://github.com/apache/apisix/pull/5432) - 修复 traffic-split 插件 upstream_key 重复的问题 [#5414](https://github.com/apache/apisix/pull/5414) - basic-auth 插件处理无效的 Authorization header [#5419](https://github.com/apache/apisix/pull/5419) -- 更正 request-validation 插件的 rejected_message 为 rejected_msg [#5355](https://github.com/apache/apisix/pull/5355) ### Change