Skip to content

Commit

Permalink
(services): add certificate support for service protocol grpcs
Browse files Browse the repository at this point in the history
  • Loading branch information
@raoxiaoyan
raoxiaoyan committed Nov 2, 2023
1 parent b3851a6 commit 68b4d6c
Show file tree
Hide file tree
Showing 5 changed files with 479 additions and 325 deletions.
7 changes: 7 additions & 0 deletions CHANGELOG/unreleased/kong/11529.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
message: adds certificate support for service protocol `grpcs`.
type: bugfix
scope: Admin API
prs:
- 11529
jiras:
- "FTI-5309"
33 changes: 33 additions & 0 deletions kong/clustering/compat/checkers.lua
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,39 @@ end


local compatible_checkers = {
{ 3006000000, --[[ 3.6.0.0 ]]
function(config_table, dp_version, log_suffix)
-- remove tls_verify, ca_certificates, tls_verify_depth fields for core entity services
local config_services = config_table["services"]
if not config_services then
return nil
end

local has_update
for _, t in ipairs(config_services) do
if t["protocol"] == "grpcs" then
if t["tls_verify"] or t["tls_verify_depth"] or t["ca_certificates"]
then
t["tls_verify"] = nil
t["tls_verify_depth"] = nil
t["ca_certificates"] = nil

has_update = true
end
end
end

if has_update then
log_warn_message("grpcs protocol service contains configuration 'service.tls_verify'" ..
"or 'service.tls_verify_depth' or 'service.ca_certificates'",
"be removed",
dp_version,
log_suffix)
end

return has_update
end
},
{ 3005000000, --[[ 3.5.0.0 ]]
function(config_table, dp_version, log_suffix)
local has_update
Expand Down
12 changes: 6 additions & 6 deletions kong/db/schema/entities/services.lua
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,23 +50,23 @@ return {

entity_checks = {
{ conditional = { if_field = "protocol",
if_match = { one_of = { "tcp", "tls", "udp", "grpc", "grpcs" }},
if_match = { one_of = { "tcp", "tls", "udp", "grpc", "grpcs" } },
then_field = "path",
then_match = { eq = null }}},
{ conditional = { if_field = "protocol",
if_match = { not_one_of = {"https", "tls"} },
if_match = { not_one_of = { "https", "tls" } },
then_field = "client_certificate",
then_match = { eq = null }}},
{ conditional = { if_field = "protocol",
if_match = { not_one_of = {"https", "tls"} },
if_match = { not_one_of = { "https", "tls", "grpcs" } },
then_field = "tls_verify",
then_match = { eq = null }}},
{ conditional = { if_field = "protocol",
if_match = { not_one_of = {"https", "tls"} },
if_match = { not_one_of = { "https", "tls", "grpcs" } },
then_field = "tls_verify_depth",
then_match = { eq = null }}},
{ conditional = { if_field = "protocol",
if_match = { not_one_of = {"https", "tls"} },
if_match = { not_one_of = { "https", "tls", "grpcs" } },
then_field = "ca_certificates",
then_match = { eq = null }}},
},
Expand Down Expand Up @@ -96,7 +96,7 @@ return {
host = parsed_url.host or null,
port = port or
parsed_url.port or
(protocol == "http" and 80) or
(protocol == "http" and 80) or
(protocol == "https" and 443) or
default_port,
path = parsed_url.path or null,
Expand Down
15 changes: 15 additions & 0 deletions spec/01-unit/01-db/01-schema/05-services_spec.lua
View file
Original file line number Diff line number Diff line change
Expand Up @@ -579,6 +579,21 @@ describe("services", function()
assert.is_true(ok)
end)

it("'protocol' accepts 'grpcs' with tls_verify and ca_certificates", function()
local service = {
protocol = "grpcs",
host = "x.y",
port = 80,
enabled = true,
tls_verify = true,
ca_certificates = { "41f484e9-7888-495d-9283-1d4ce2168172" },
}

local ok, err = Services:validate(service)
assert.is_nil(err)
assert.is_true(ok)
end)

it("if 'protocol = tcp/tls/udp/grpc/grpcs', then 'path' is empty", function()
for _, v in ipairs({ "tcp", "tls", "udp", "grpc", "grpcs" }) do
local service = {
Expand Down
Loading

0 comments on commit 68b4d6c

Please sign in to comment.