-
Notifications
You must be signed in to change notification settings - Fork 4.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(db/declarative): fix TTL not working in DB-less and Hybrid mode (#…
…11464) * fix(declarative): fix TTL not working in DB-less and Hybrid mode ### Summary * Previously, in DB-less and Hybrid mode, the ttl/updated_at fields were not copied from the original entities to the flattened entities. As a result, the entities were loaded without the TTL field. * Additionally, for loading the TTL field, the "off" DB strategy (lmdb) did not properly filter expired items, nor returned right TTL value for DAO. FTI-4512 * fix coding style * fix coding style: improved function name * added test case: hybrid mode for key-auth * fix test case warnings * fixed test case consumer domain * export ttl as absolute value * delete unused defination * move ttl-fixing logic into row_to_entity() * still use pg to caculate relative value * clean code * add changelog entry * fixed test cases * fixed test cases warning * fixed test failure * fix test case issue: ttl expiration * fix test case: unsed local variable * add an entry in CHANGELOG.md * fix changelog scope * remove release-related information in CHANGELOG.md * fix test case: sleep before attempting unnecessary requests * sleep before attempting unnecessary requests * decrease the ttl to expedite the case's execution * fix CHANGELOG typo * fix the tense problem of changelog entry * add export options for "page_*_for_export" sql statement * fix warning: setting non-standard global variable * fix error reporting: options is nil * fix an issue where the off strategy returned the expired entity * run ttl processing before schema:process_auto_fields()
- Loading branch information
Showing
7 changed files
with
212 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
message: Fix an issue that the TTL of the key-auth plugin didnt work in DB-less and Hybrid mode. | ||
type: bugfix | ||
scope: Core | ||
prs: | ||
- 11464 | ||
jiras: | ||
- "FTI-4512" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,123 @@ | ||
local helpers = require "spec.helpers" | ||
|
||
for _, strategy in helpers.each_strategy({"postgres"}) do | ||
describe("Plugin: key-auth (access) [#" .. strategy .. "] auto-expiring keys", function() | ||
-- Give a bit of time to reduce test flakyness on slow setups | ||
local ttl = 10 | ||
local inserted_at | ||
local proxy_client | ||
|
||
lazy_setup(function() | ||
local bp = helpers.get_db_utils(strategy, { | ||
"routes", | ||
"services", | ||
"plugins", | ||
"consumers", | ||
"keyauth_credentials", | ||
}) | ||
|
||
local r = bp.routes:insert { | ||
hosts = { "key-ttl-hybrid.com" }, | ||
} | ||
|
||
bp.plugins:insert { | ||
name = "key-auth", | ||
route = { id = r.id }, | ||
} | ||
|
||
bp.consumers:insert { | ||
username = "Jafar", | ||
} | ||
|
||
assert(helpers.start_kong({ | ||
role = "control_plane", | ||
database = strategy, | ||
cluster_cert = "spec/fixtures/kong_clustering.crt", | ||
cluster_cert_key = "spec/fixtures/kong_clustering.key", | ||
lua_ssl_trusted_certificate = "spec/fixtures/kong_clustering.crt", | ||
cluster_listen = "127.0.0.1:9005", | ||
cluster_telemetry_listen = "127.0.0.1:9006", | ||
nginx_conf = "spec/fixtures/custom_nginx.template", | ||
})) | ||
|
||
assert(helpers.start_kong({ | ||
role = "data_plane", | ||
database = "off", | ||
prefix = "servroot2", | ||
cluster_cert = "spec/fixtures/kong_clustering.crt", | ||
cluster_cert_key = "spec/fixtures/kong_clustering.key", | ||
lua_ssl_trusted_certificate = "spec/fixtures/kong_clustering.crt", | ||
cluster_control_plane = "127.0.0.1:9005", | ||
cluster_telemetry_endpoint = "127.0.0.1:9006", | ||
proxy_listen = "0.0.0.0:9002", | ||
})) | ||
end) | ||
|
||
lazy_teardown(function() | ||
if proxy_client then | ||
proxy_client:close() | ||
end | ||
|
||
helpers.stop_kong("servroot2") | ||
helpers.stop_kong() | ||
end) | ||
|
||
it("authenticate for up to 'ttl'", function() | ||
|
||
-- add credentials after nginx has started to avoid TTL expiration | ||
local admin_client = helpers.admin_client() | ||
local res = assert(admin_client:send { | ||
method = "POST", | ||
path = "/consumers/Jafar/key-auth", | ||
headers = { | ||
["Content-Type"] = "application/json", | ||
}, | ||
body = { | ||
key = "kong", | ||
ttl = 10, | ||
}, | ||
}) | ||
assert.res_status(201, res) | ||
admin_client:close() | ||
|
||
ngx.update_time() | ||
inserted_at = ngx.now() | ||
|
||
helpers.wait_until(function() | ||
proxy_client = helpers.http_client("127.0.0.1", 9002) | ||
res = assert(proxy_client:send { | ||
method = "GET", | ||
path = "/status/200", | ||
headers = { | ||
["Host"] = "key-ttl-hybrid.com", | ||
["apikey"] = "kong", | ||
} | ||
}) | ||
|
||
proxy_client:close() | ||
return res and res.status == 200 | ||
end, 5) | ||
|
||
ngx.update_time() | ||
local elapsed = ngx.now() - inserted_at | ||
|
||
ngx.sleep(ttl - elapsed) | ||
|
||
helpers.wait_until(function() | ||
proxy_client = helpers.http_client("127.0.0.1", 9002) | ||
res = assert(proxy_client:send { | ||
method = "GET", | ||
path = "/status/200", | ||
headers = { | ||
["Host"] = "key-ttl-hybrid.com", | ||
["apikey"] = "kong", | ||
} | ||
}) | ||
|
||
proxy_client:close() | ||
return res and res.status == 401 | ||
end, 5) | ||
|
||
end) | ||
end) | ||
end |
48dc2ef
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Bazel Build
Docker image available
kong/kong:48dc2ef987e52831cf781f4d7b1a7fc001d40c1a
Artifacts available https://github.com/Kong/kong/actions/runs/6107459812