You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by sp...@apache.org on 2022/06/20 06:13:54 UTC
[apisix] 01/07: chore: validate etcd conf strictly (#7245)
This is an automated email from the ASF dual-hosted git repository.
spacewander pushed a commit to branch release/2.13
in repository https://gitbox.apache.org/repos/asf/apisix.git
commit 67021314906a7d678912134c66ab47e1444eaf71
Author: 罗泽轩 <sp...@gmail.com>
AuthorDate: Tue Jun 14 09:28:37 2022 +0800
chore: validate etcd conf strictly (#7245)
Signed-off-by: spacewander <sp...@gmail.com>
---
.github/workflows/chaos.yml | 3 +-
apisix/cli/schema.lua | 14 +++++++-
t/chaos/utils/Dockerfile | 75 +++++++++++++++++++++++++++++++++++++++++++
t/cli/test_validate_config.sh | 27 ++++++++++++++++
4 files changed, 116 insertions(+), 3 deletions(-)
diff --git a/.github/workflows/chaos.yml b/.github/workflows/chaos.yml
index 678033763..94445df47 100644
--- a/.github/workflows/chaos.yml
+++ b/.github/workflows/chaos.yml
@@ -37,9 +37,8 @@ jobs:
- name: Creating minikube cluster
run: |
bash ./t/chaos/utils/setup_chaos_utils.sh start_minikube
- wget https://raw.githubusercontent.com/apache/apisix-docker/master/alpine-local/Dockerfile
mkdir logs
- docker build -t apache/apisix:alpine-local --build-arg APISIX_PATH=. -f Dockerfile .
+ docker build -t apache/apisix:alpine-local --build-arg APISIX_PATH=. -f ./t/chaos/utils/Dockerfile .
minikube cache add apache/apisix:alpine-local -v 7 --alsologtostderr
- name: Print cluster information
diff --git a/apisix/cli/schema.lua b/apisix/cli/schema.lua
index e47907456..e44f0be63 100644
--- a/apisix/cli/schema.lua
+++ b/apisix/cli/schema.lua
@@ -212,8 +212,20 @@ local config_schema = {
type = "string",
},
}
+ },
+ prefix = {
+ type = "string",
+ pattern = [[^/[^/]+$]]
+ },
+ host = {
+ type = "array",
+ items = {
+ type = "string",
+ pattern = [[^https?://]]
+ }
}
- }
+ },
+ required = {"prefix", "host"}
},
wasm = {
type = "object",
diff --git a/t/chaos/utils/Dockerfile b/t/chaos/utils/Dockerfile
new file mode 100644
index 000000000..700108283
--- /dev/null
+++ b/t/chaos/utils/Dockerfile
@@ -0,0 +1,75 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+ARG ENABLE_PROXY=false
+
+FROM openresty/openresty:1.19.3.2-alpine-fat AS production-stage
+
+ARG ENABLE_PROXY
+ARG APISIX_PATH
+COPY $APISIX_PATH ./apisix
+RUN set -x \
+ && (test "${ENABLE_PROXY}" != "true" || /bin/sed -i 's,http://dl-cdn.alpinelinux.org,https://mirrors.aliyun.com,g' /etc/apk/repositories) \
+ && apk add --no-cache --virtual .builddeps \
+ automake \
+ autoconf \
+ libtool \
+ pkgconfig \
+ cmake \
+ git \
+ openldap-dev \
+ pcre-dev \
+ && cd apisix \
+ && git config --global url.https://github.com/.insteadOf git://github.com/ \
+ && make deps \
+ && cp -v bin/apisix /usr/bin/ \
+ && mv ../apisix /usr/local/apisix \
+ && apk del .builddeps build-base make unzip
+
+FROM alpine:3.13 AS last-stage
+
+ARG ENABLE_PROXY
+# add runtime for Apache APISIX
+RUN set -x \
+ && (test "${ENABLE_PROXY}" != "true" || /bin/sed -i 's,http://dl-cdn.alpinelinux.org,https://mirrors.aliyun.com,g' /etc/apk/repositories) \
+ && apk add --no-cache \
+ bash \
+ curl \
+ libstdc++ \
+ openldap \
+ pcre \
+ tzdata
+
+WORKDIR /usr/local/apisix
+
+COPY --from=production-stage /usr/local/openresty/ /usr/local/openresty/
+COPY --from=production-stage /usr/local/apisix/ /usr/local/apisix/
+COPY --from=production-stage /usr/bin/apisix /usr/bin/apisix
+
+# forward request and error logs to docker log collector
+RUN mkdir -p logs && touch logs/access.log && touch logs/error.log \
+ && ln -sf /dev/stdout /usr/local/apisix/logs/access.log \
+ && ln -sf /dev/stderr /usr/local/apisix/logs/error.log
+
+ENV PATH=$PATH:/usr/local/openresty/luajit/bin:/usr/local/openresty/nginx/sbin:/usr/local/openresty/bin
+
+EXPOSE 9080 9443
+
+CMD ["sh", "-c", "/usr/bin/apisix init && /usr/bin/apisix init_etcd && /usr/local/openresty/bin/openresty -p /usr/local/apisix -g 'daemon off;'"]
+
+STOPSIGNAL SIGQUIT
+
diff --git a/t/cli/test_validate_config.sh b/t/cli/test_validate_config.sh
index 42cd2be4f..3310f472b 100755
--- a/t/cli/test_validate_config.sh
+++ b/t/cli/test_validate_config.sh
@@ -177,3 +177,30 @@ if ! echo "$out" | grep "missing '127.0.0.1' in the nginx_config.http.real_ip_fr
fi
echo "passed: check the realip configuration for batch-requests"
+
+echo '
+etcd:
+ host:
+ - 127.0.0.1
+' > conf/config.yaml
+
+out=$(make init 2>&1 || true)
+if ! echo "$out" | grep 'property "host" validation failed'; then
+ echo "failed: should check etcd schema during init"
+ exit 1
+fi
+
+echo '
+etcd:
+ prefix: "/apisix/"
+ host:
+ - https://127.0.0.1
+' > conf/config.yaml
+
+out=$(make init 2>&1 || true)
+if ! echo "$out" | grep 'property "prefix" validation failed'; then
+ echo "failed: should check etcd schema during init"
+ exit 1
+fi
+
+echo "passed: check etcd schema during init"