You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/12/23 06:47:30 UTC
[GitHub] [apisix] spacewander commented on a diff in pull request #8558: feat: limit-count plugin with redis cluster support tls/ssl
spacewander commented on code in PR #8558:
URL: https://github.com/apache/apisix/pull/8558#discussion_r1056057979
##########
t/plugin/limit-count-redis-cluster.t:
##########
@@ -384,3 +384,170 @@ GET /hello
hello world
--- error_log
connection refused
+
+
+
+=== TEST 12: set route, use error type for redis_cluster_ssl and redis_cluster_ssl_verify
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local code, body = t('/apisix/admin/routes/1',
+ ngx.HTTP_PUT,
+ [[{
+ "plugins": {
+ "limit-count": {
+ "count": 2,
+ "time_window": 60,
+ "rejected_code": 503,
+ "key": "remote_addr",
+ "policy": "redis-cluster"
+ "redis_timeout": 1001,
+ "redis_cluster_nodes": [
+ "127.0.0.1:7000",
+ "127.0.0.1:7001"
+ ],
+ "redis_cluster_name": "redis-cluster-1",
+ "redis_cluster_ssl": "true",
+ "redis_cluster_ssl_verify": "false"
+ }
+ },
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "uri": "/hello"
+ }]]
+ )
+
+ if code >= 300 then
+ ngx.status = code
+ end
+ ngx.print(body)
+ }
+ }
+--- error_code: 400
+--- error_log
+Expected comma or object end but found T_STRING
+
+
+
+=== TEST 13: set route, redis_cluster_ssl_verify is true(will cause ssl handshake err), with enable degradation switch
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local code, body = t('/apisix/admin/routes/1',
+ ngx.HTTP_PUT,
+ [[{
+ "uri": "/hello",
+ "plugins": {
+ "limit-count": {
+ "count": 2,
+ "time_window": 60,
+ "rejected_code": 503,
+ "key": "remote_addr",
+ "policy": "redis-cluster",
+ "allow_degradation": true,
+ "redis_timeout": 1001,
+ "redis_cluster_nodes": [
+ "127.0.0.1:7000",
+ "127.0.0.1:7001"
+ ],
+ "redis_cluster_name": "redis-cluster-1",
+ "redis_cluster_ssl": true,
+ "redis_cluster_ssl_verify": true
+ }
+ },
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ }
+ }]]
+ )
+
+ if code >= 300 then
+ ngx.status = code
+ end
+ ngx.say(body)
+ }
+ }
+--- response_body
+passed
+
+
+
+=== TEST 14: enable degradation switch for TEST 5
+--- request
+GET /hello
+--- response_body
+hello world
+--- error_log
+failed to do ssl handshake
+
+
+
+=== TEST 15: set route, with redis_cluster_nodes and redis_cluster_name redis_cluster_ssl and redis_cluster_ssl_verify
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local code, body = t('/apisix/admin/routes/1',
+ ngx.HTTP_PUT,
+ [[{
+ "uri": "/hello",
+ "plugins": {
+ "limit-count": {
+ "count": 2,
+ "time_window": 60,
+ "rejected_code": 503,
+ "key": "remote_addr",
+ "policy": "redis-cluster",
+ "redis_timeout": 1001,
+ "redis_cluster_nodes": [
+ "127.0.0.1:7000",
+ "127.0.0.1:7001"
+ ],
+ "redis_cluster_name": "redis-cluster-1",
+ "redis_cluster_ssl": true,
+ "redis_cluster_ssl_verify": false
+ }
+ },
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ }
+ }]]
+ )
+
+ if code >= 300 then
+ ngx.status = code
+ end
+ ngx.say(body)
+ }
+ }
+--- response_body
+passed
+
+
+
+=== TEST 16: up the limit
+--- request
+GET /hello
+--- error_log
+try to lock with key route#1#redis-cluster
+unlock with key route#1#redis-cluster
+
+
+
+=== TEST 17: up the limit
Review Comment:
Why do we need TEST 16 as we have TEST 17?
##########
t/plugin/limit-count-redis-cluster.t:
##########
@@ -384,3 +384,170 @@ GET /hello
hello world
--- error_log
connection refused
+
+
+
+=== TEST 12: set route, use error type for redis_cluster_ssl and redis_cluster_ssl_verify
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local code, body = t('/apisix/admin/routes/1',
+ ngx.HTTP_PUT,
+ [[{
+ "plugins": {
+ "limit-count": {
+ "count": 2,
+ "time_window": 60,
+ "rejected_code": 503,
+ "key": "remote_addr",
+ "policy": "redis-cluster"
+ "redis_timeout": 1001,
+ "redis_cluster_nodes": [
+ "127.0.0.1:7000",
+ "127.0.0.1:7001"
+ ],
+ "redis_cluster_name": "redis-cluster-1",
+ "redis_cluster_ssl": "true",
+ "redis_cluster_ssl_verify": "false"
+ }
+ },
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "uri": "/hello"
+ }]]
+ )
+
+ if code >= 300 then
+ ngx.status = code
+ end
+ ngx.print(body)
+ }
+ }
+--- error_code: 400
+--- error_log
+Expected comma or object end but found T_STRING
+
+
+
+=== TEST 13: set route, redis_cluster_ssl_verify is true(will cause ssl handshake err), with enable degradation switch
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local code, body = t('/apisix/admin/routes/1',
+ ngx.HTTP_PUT,
+ [[{
+ "uri": "/hello",
+ "plugins": {
+ "limit-count": {
+ "count": 2,
+ "time_window": 60,
+ "rejected_code": 503,
+ "key": "remote_addr",
+ "policy": "redis-cluster",
+ "allow_degradation": true,
+ "redis_timeout": 1001,
+ "redis_cluster_nodes": [
+ "127.0.0.1:7000",
+ "127.0.0.1:7001"
+ ],
+ "redis_cluster_name": "redis-cluster-1",
+ "redis_cluster_ssl": true,
+ "redis_cluster_ssl_verify": true
+ }
+ },
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ }
+ }]]
+ )
+
+ if code >= 300 then
+ ngx.status = code
+ end
+ ngx.say(body)
+ }
+ }
+--- response_body
+passed
+
+
+
+=== TEST 14: enable degradation switch for TEST 5
Review Comment:
Incorrect title
##########
ci/pod/docker-compose.common.yml:
##########
@@ -102,3 +102,103 @@ services:
VAULT_DEV_ROOT_TOKEN_ID: root
VAULT_DEV_LISTEN_ADDRESS: 0.0.0.0:8200
command: [ "vault", "server", "-dev" ]
+
+
+ ## RedisCluster Enable TLS
Review Comment:
Let's move the redis cluster to https://github.com/apache/apisix/blob/master/ci/pod/docker-compose.plugin.yml, as this dependency is only used in the plugin test.
##########
ci/pod/docker-compose.common.yml:
##########
@@ -102,3 +102,103 @@ services:
VAULT_DEV_ROOT_TOKEN_ID: root
VAULT_DEV_LISTEN_ADDRESS: 0.0.0.0:8200
command: [ "vault", "server", "-dev" ]
+
+
+ ## RedisCluster Enable TLS
+ redis-node-0:
+ image: docker.io/bitnami/redis-cluster:7.0
+ volumes:
+ - ./t/certs:/certs
+ environment:
+ - 'ALLOW_EMPTY_PASSWORD=yes'
+ - 'REDIS_NODES=redis-node-0 redis-node-1 redis-node-2 redis-node-3 redis-node-4 redis-node-5'
Review Comment:
Could we reduce the number of redis nodes used in the CI?
##########
t/plugin/limit-count-redis-cluster.t:
##########
@@ -384,3 +384,170 @@ GET /hello
hello world
--- error_log
connection refused
+
+
+
+=== TEST 12: set route, use error type for redis_cluster_ssl and redis_cluster_ssl_verify
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local code, body = t('/apisix/admin/routes/1',
+ ngx.HTTP_PUT,
+ [[{
+ "plugins": {
+ "limit-count": {
+ "count": 2,
+ "time_window": 60,
+ "rejected_code": 503,
+ "key": "remote_addr",
+ "policy": "redis-cluster"
+ "redis_timeout": 1001,
+ "redis_cluster_nodes": [
+ "127.0.0.1:7000",
+ "127.0.0.1:7001"
+ ],
+ "redis_cluster_name": "redis-cluster-1",
+ "redis_cluster_ssl": "true",
+ "redis_cluster_ssl_verify": "false"
+ }
+ },
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "uri": "/hello"
+ }]]
+ )
+
+ if code >= 300 then
+ ngx.status = code
+ end
+ ngx.print(body)
+ }
+ }
+--- error_code: 400
+--- error_log
+Expected comma or object end but found T_STRING
Review Comment:
This error message seems from a JSON parsing error, is it expected?
##########
ci/pod/docker-compose.common.yml:
##########
@@ -102,3 +102,103 @@ services:
VAULT_DEV_ROOT_TOKEN_ID: root
VAULT_DEV_LISTEN_ADDRESS: 0.0.0.0:8200
command: [ "vault", "server", "-dev" ]
+
+
+ ## RedisCluster Enable TLS
+ redis-node-0:
+ image: docker.io/bitnami/redis-cluster:7.0
+ volumes:
+ - ./t/certs:/certs
+ environment:
+ - 'ALLOW_EMPTY_PASSWORD=yes'
+ - 'REDIS_NODES=redis-node-0 redis-node-1 redis-node-2 redis-node-3 redis-node-4 redis-node-5'
+ - 'REDIS_TLS_ENABLED=yes'
+ - 'REDIS_TLS_CERT_FILE=/certs/redis.crt'
Review Comment:
Maybe we can use the existing certificate under `./t/certs` so there is no need to manage new certs
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org