-
Notifications
You must be signed in to change notification settings - Fork 4.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(plugins/acme): username/password is a valid authentication method (…
…#13496) * fix(plugins/acme): username/password is a valid authentication method Fixed an issue where username and password were not accepted as a valid authentication method. This is already accepted as valid authentication method in other plugins that use the shared Redis library such as the rate-limiting plugin. Depends on this PR of lua-resty-acme: fffonion/lua-resty-acme#121 Fix FTI-6143
- Loading branch information
Showing
8 changed files
with
294 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
3 changes: 3 additions & 0 deletions
3
changelog/unreleased/kong/fix-acme-username-password-auth.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
message: "**ACME**: Fixed an issue where username and password were not accepted as valid authentication methods." | ||
type: bugfix | ||
scope: Plugin |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -341,7 +341,121 @@ describe("CP/DP config compat transformations #" .. strategy, function() | |
|
||
describe("compatibility tests for redis standarization", function() | ||
describe("acme plugin", function() | ||
it("translates standardized redis config to older acme structure", function() | ||
it("translates 3.8.x standardized redis config to older (3.5.0) acme structure", function() | ||
-- [[ 3.8.x ]] -- | ||
local acme = admin.plugins:insert { | ||
name = "acme", | ||
enabled = true, | ||
config = { | ||
account_email = "[email protected]", | ||
storage = "redis", | ||
storage_config = { | ||
-- [[ new structure redis | ||
redis = { | ||
host = "localhost", | ||
port = 57198, | ||
username = "test", | ||
password = "secret", | ||
database = 2, | ||
timeout = 1100, | ||
ssl = true, | ||
ssl_verify = true, | ||
server_name = "example.test", | ||
extra_options = { | ||
namespace = "test_namespace", | ||
scan_count = 13 | ||
} | ||
} | ||
-- ]] | ||
} | ||
} | ||
} | ||
|
||
local expected_acme_prior_38 = cycle_aware_deep_copy(acme) | ||
expected_acme_prior_38.config.storage_config.redis = { | ||
host = "localhost", | ||
port = 57198, | ||
-- username and password are not supported in 3.5.0 | ||
--username = "test", | ||
--password = "secret", | ||
auth = "secret", | ||
database = 2, | ||
ssl = true, | ||
ssl_verify = true, | ||
ssl_server_name = "example.test", | ||
namespace = "test_namespace", | ||
scan_count = 13, | ||
-- below fields are also not supported in 3.5.0 | ||
--timeout = 1100, | ||
--server_name = "example.test", | ||
--extra_options = { | ||
-- namespace = "test_namespace", | ||
-- scan_count = 13 | ||
--} | ||
} | ||
do_assert(uuid(), "3.5.0", expected_acme_prior_38) | ||
|
||
-- cleanup | ||
admin.plugins:remove({ id = acme.id }) | ||
end) | ||
|
||
it("translates 3.8.x standardized redis config to older (3.6.1) acme structure", function() | ||
-- [[ 3.8.x ]] -- | ||
local acme = admin.plugins:insert { | ||
name = "acme", | ||
enabled = true, | ||
config = { | ||
account_email = "[email protected]", | ||
storage = "redis", | ||
storage_config = { | ||
-- [[ new structure redis | ||
redis = { | ||
host = "localhost", | ||
port = 57198, | ||
username = "test", | ||
password = "secret", | ||
database = 2, | ||
timeout = 1100, | ||
ssl = true, | ||
ssl_verify = true, | ||
server_name = "example.test", | ||
extra_options = { | ||
namespace = "test_namespace", | ||
scan_count = 13 | ||
} | ||
} | ||
-- ]] | ||
} | ||
} | ||
} | ||
|
||
local expected_acme_prior_38 = cycle_aware_deep_copy(acme) | ||
expected_acme_prior_38.config.storage_config.redis = { | ||
host = "localhost", | ||
port = 57198, | ||
username = "test", | ||
auth = "secret", | ||
password = "secret", | ||
database = 2, | ||
ssl = true, | ||
ssl_verify = true, | ||
ssl_server_name = "example.test", | ||
namespace = "test_namespace", | ||
scan_count = 13, | ||
timeout = 1100, | ||
server_name = "example.test", | ||
extra_options = { | ||
namespace = "test_namespace", | ||
scan_count = 13 | ||
} | ||
} | ||
do_assert(uuid(), "3.6.1", expected_acme_prior_38) | ||
|
||
-- cleanup | ||
admin.plugins:remove({ id = acme.id }) | ||
end) | ||
|
||
it("translates 3.6.x standardized redis config to older (3.5.0) acme structure", function() | ||
-- [[ 3.6.x ]] -- | ||
local acme = admin.plugins:insert { | ||
name = "acme", | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
28c5f6a
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Bazel Build
Docker image available
kong/kong:28c5f6a23f9575b987afec2bd0d4119d9b24b8fb
Artifacts available https://github.com/Kong/kong/actions/runs/10453144464