You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by sp...@apache.org on 2022/06/14 01:28:43 UTC
[apisix] branch master updated: chore: validate etcd conf strictly (#7245)
This is an automated email from the ASF dual-hosted git repository.
spacewander pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git
The following commit(s) were added to refs/heads/master by this push:
new fc0dc15fc chore: validate etcd conf strictly (#7245)
fc0dc15fc is described below
commit fc0dc15fcc430fe255cceab007e33ee03ce7025b
Author: 罗泽轩 <sp...@gmail.com>
AuthorDate: Tue Jun 14 09:28:37 2022 +0800
chore: validate etcd conf strictly (#7245)
Signed-off-by: spacewander <sp...@gmail.com>
---
.github/workflows/chaos.yml | 3 +-
apisix/cli/schema.lua | 14 +++++++-
t/chaos/utils/Dockerfile | 75 +++++++++++++++++++++++++++++++++++++++++++
t/cli/test_validate_config.sh | 27 ++++++++++++++++
4 files changed, 116 insertions(+), 3 deletions(-)
diff --git a/.github/workflows/chaos.yml b/.github/workflows/chaos.yml
index 677b6150d..20b45f602 100644
--- a/.github/workflows/chaos.yml
+++ b/.github/workflows/chaos.yml
@@ -40,9 +40,8 @@ jobs:
- name: Creating minikube cluster
run: |
bash ./t/chaos/utils/setup_chaos_utils.sh start_minikube
- wget https://raw.githubusercontent.com/apache/apisix-docker/master/alpine-local/Dockerfile
mkdir logs
- docker build -t apache/apisix:alpine-local --build-arg APISIX_PATH=. -f Dockerfile .
+ docker build -t apache/apisix:alpine-local --build-arg APISIX_PATH=. -f ./t/chaos/utils/Dockerfile .
minikube cache add apache/apisix:alpine-local -v 7 --alsologtostderr
- name: Print cluster information
diff --git a/apisix/cli/schema.lua b/apisix/cli/schema.lua
index 8c7a87321..7afece3ab 100644
--- a/apisix/cli/schema.lua
+++ b/apisix/cli/schema.lua
@@ -212,8 +212,20 @@ local config_schema = {
type = "string",
},
}
+ },
+ prefix = {
+ type = "string",
+ pattern = [[^/[^/]+$]]
+ },
+ host = {
+ type = "array",
+ items = {
+ type = "string",
+ pattern = [[^https?://]]
+ }
}
- }
+ },
+ required = {"prefix", "host"}
},
wasm = {
type = "object",
diff --git a/t/chaos/utils/Dockerfile b/t/chaos/utils/Dockerfile
new file mode 100644
index 000000000..700108283
--- /dev/null
+++ b/t/chaos/utils/Dockerfile
@@ -0,0 +1,75 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+ARG ENABLE_PROXY=false
+
+FROM openresty/openresty:1.19.3.2-alpine-fat AS production-stage
+
+ARG ENABLE_PROXY
+ARG APISIX_PATH
+COPY $APISIX_PATH ./apisix
+RUN set -x \
+ && (test "${ENABLE_PROXY}" != "true" || /bin/sed -i 's,http://dl-cdn.alpinelinux.org,https://mirrors.aliyun.com,g' /etc/apk/repositories) \
+ && apk add --no-cache --virtual .builddeps \
+ automake \
+ autoconf \
+ libtool \
+ pkgconfig \
+ cmake \
+ git \
+ openldap-dev \
+ pcre-dev \
+ && cd apisix \
+ && git config --global url.https://github.com/.insteadOf git://github.com/ \
+ && make deps \
+ && cp -v bin/apisix /usr/bin/ \
+ && mv ../apisix /usr/local/apisix \
+ && apk del .builddeps build-base make unzip
+
+FROM alpine:3.13 AS last-stage
+
+ARG ENABLE_PROXY
+# add runtime for Apache APISIX
+RUN set -x \
+ && (test "${ENABLE_PROXY}" != "true" || /bin/sed -i 's,http://dl-cdn.alpinelinux.org,https://mirrors.aliyun.com,g' /etc/apk/repositories) \
+ && apk add --no-cache \
+ bash \
+ curl \
+ libstdc++ \
+ openldap \
+ pcre \
+ tzdata
+
+WORKDIR /usr/local/apisix
+
+COPY --from=production-stage /usr/local/openresty/ /usr/local/openresty/
+COPY --from=production-stage /usr/local/apisix/ /usr/local/apisix/
+COPY --from=production-stage /usr/bin/apisix /usr/bin/apisix
+
+# forward request and error logs to docker log collector
+RUN mkdir -p logs && touch logs/access.log && touch logs/error.log \
+ && ln -sf /dev/stdout /usr/local/apisix/logs/access.log \
+ && ln -sf /dev/stderr /usr/local/apisix/logs/error.log
+
+ENV PATH=$PATH:/usr/local/openresty/luajit/bin:/usr/local/openresty/nginx/sbin:/usr/local/openresty/bin
+
+EXPOSE 9080 9443
+
+CMD ["sh", "-c", "/usr/bin/apisix init && /usr/bin/apisix init_etcd && /usr/local/openresty/bin/openresty -p /usr/local/apisix -g 'daemon off;'"]
+
+STOPSIGNAL SIGQUIT
+
diff --git a/t/cli/test_validate_config.sh b/t/cli/test_validate_config.sh
index 164d530fe..216f1d9fb 100755
--- a/t/cli/test_validate_config.sh
+++ b/t/cli/test_validate_config.sh
@@ -202,3 +202,30 @@ if echo "$out" | grep "missing loopback or unspecified in the nginx_config.http.
fi
echo "passed: check the realip configuration for batch-requests"
+
+echo '
+etcd:
+ host:
+ - 127.0.0.1
+' > conf/config.yaml
+
+out=$(make init 2>&1 || true)
+if ! echo "$out" | grep 'property "host" validation failed'; then
+ echo "failed: should check etcd schema during init"
+ exit 1
+fi
+
+echo '
+etcd:
+ prefix: "/apisix/"
+ host:
+ - https://127.0.0.1
+' > conf/config.yaml
+
+out=$(make init 2>&1 || true)
+if ! echo "$out" | grep 'property "prefix" validation failed'; then
+ echo "failed: should check etcd schema during init"
+ exit 1
+fi
+
+echo "passed: check etcd schema during init"