diff --git a/.github/workflows/auto-assignee.yml b/.github/workflows/auto-assignee.yml index dcd8f1c4c34..864056be2a0 100644 --- a/.github/workflows/auto-assignee.yml +++ b/.github/workflows/auto-assignee.yml @@ -11,5 +11,5 @@ jobs: - name: assign-author # ignore the pull requests opened from PR because token is not correct if: github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]' - uses: toshimaru/auto-author-assign@c1ffd6f64e20f8f5f61f4620a1e5f0b0908790ef + uses: toshimaru/auto-author-assign@ebd30f10fb56e46eb0759a14951f36991426fed0 diff --git a/.github/workflows/backport-fail-bot.yml b/.github/workflows/backport-fail-bot.yml index 9d83c6df036..d1098c6ecee 100644 --- a/.github/workflows/backport-fail-bot.yml +++ b/.github/workflows/backport-fail-bot.yml @@ -44,7 +44,7 @@ jobs: result-encoding: string - name: Send Slack Message - uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 # v1.24.0 + uses: slackapi/slack-github-action@6c661ce58804a1a20f6dc5fbee7f0381b469e001 # v1.25.0 with: payload: ${{ steps.generate-payload.outputs.result }} env: diff --git a/.github/workflows/changelog-requirement.yml b/.github/workflows/changelog-requirement.yml index 65402ef3f7d..f60b15fb702 100644 --- a/.github/workflows/changelog-requirement.yml +++ b/.github/workflows/changelog-requirement.yml @@ -21,7 +21,7 @@ jobs: - name: Find changelog files id: changelog-list - uses: tj-actions/changed-files@716b1e13042866565e00e85fd4ec490e186c4a2f # 41.0.1 + uses: tj-actions/changed-files@aa08304bd477b800d468db44fe10f6c61f7f7b11 # 42.1.0 with: files_yaml: | changelogs: diff --git a/.github/workflows/cherry-picks.yml b/.github/workflows/cherry-picks.yml index 5d59cc8e34b..39e4dbba875 100644 --- a/.github/workflows/cherry-picks.yml +++ b/.github/workflows/cherry-picks.yml @@ -26,7 +26,7 @@ jobs: with: token: ${{ secrets.CHERRY_PICK_TOKEN }} - name: Create backport pull requests - uses: jschmid1/cross-repo-cherrypick-action@2d2a475d31b060ac21521b5eda0a78876bbae94e #v1.1.0 + uses: jschmid1/cross-repo-cherrypick-action@9d2ead0043acba474373992c8175f2b8ffcdb31c #v1.2.0 id: cherry_pick with: token: ${{ secrets.CHERRY_PICK_TOKEN }} diff --git a/.github/workflows/release-and-tests-fail-bot.yml b/.github/workflows/release-and-tests-fail-bot.yml index 1dc12b6f913..8b12ca3f2ab 100644 --- a/.github/workflows/release-and-tests-fail-bot.yml +++ b/.github/workflows/release-and-tests-fail-bot.yml @@ -70,7 +70,7 @@ jobs: result-encoding: string - name: Send Slack Message - uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 # v1.24.0 + uses: slackapi/slack-github-action@6c661ce58804a1a20f6dc5fbee7f0381b469e001 # v1.25.0 with: payload: ${{ steps.generate-payload.outputs.result }} env: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index bc07e202999..a1be7993e77 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -42,6 +42,7 @@ env: # PRs opened from fork and from dependabot don't have access to repo secrets HAS_ACCESS_TO_GITHUB_TOKEN: ${{ github.event_name != 'pull_request' || (github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]') }} + jobs: metadata: name: Metadata @@ -313,6 +314,10 @@ jobs: needs: [metadata, build-packages] runs-on: ubuntu-22.04 + permissions: + # create comments on commits for docker images needs the `write` permission + contents: write + strategy: fail-fast: false matrix: @@ -402,7 +407,7 @@ jobs: if: github.event_name == 'push' && matrix.label == 'ubuntu' uses: peter-evans/commit-comment@5a6f8285b8f2e8376e41fe1b563db48e6cf78c09 # v3.0.0 with: - token: ${{ secrets.GHA_COMMENT_TOKEN }} + token: ${{ secrets.GITHUB_TOKEN }} body: | ### Bazel Build Docker image available `${{ needs.metadata.outputs.prerelease-docker-repository }}:${{ needs.metadata.outputs.commit-sha }}` @@ -493,7 +498,7 @@ jobs: - name: Scan AMD64 Image digest id: sbom_action_amd64 if: steps.image_manifest_metadata.outputs.amd64_sha != '' - uses: Kong/public-shared-actions/security-actions/scan-docker-image@v1 + uses: Kong/public-shared-actions/security-actions/scan-docker-image@v2 with: asset_prefix: kong-${{ needs.metadata.outputs.commit-sha }}-${{ matrix.label }}-linux-amd64 image: ${{ needs.metadata.outputs.prerelease-docker-repository }}:${{ needs.metadata.outputs.commit-sha }}-${{ matrix.label }} @@ -501,7 +506,7 @@ jobs: - name: Scan ARM64 Image digest if: steps.image_manifest_metadata.outputs.manifest_list_exists == 'true' && steps.image_manifest_metadata.outputs.arm64_sha != '' id: sbom_action_arm64 - uses: Kong/public-shared-actions/security-actions/scan-docker-image@v1 + uses: Kong/public-shared-actions/security-actions/scan-docker-image@v2 with: asset_prefix: kong-${{ needs.metadata.outputs.commit-sha }}-${{ matrix.label }}-linux-arm64 image: ${{ needs.metadata.outputs.prerelease-docker-repository }}:${{ needs.metadata.outputs.commit-sha }}-${{ matrix.label }} diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 27e9623d64a..c21f80968db 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -37,7 +37,7 @@ Consult the Table of Contents below, and jump to the desired section. * [Writing changelog](#writing-changelog) * [Writing performant code](#writing-performant-code) * [Adding Changelog](#adding-changelog) - * [Contributor T-shirt](#contributor-t-shirt) + * [Contributor Badge](#contributor-badge) * [Code style](#code-style) * [Table of Contents - Code style](#table-of-contents---code-style) * [Modules](#modules) @@ -205,7 +205,7 @@ to it if necessary. If your Pull Request was accepted and fixes a bug, adds functionality, or makes it significantly easier to use or understand Kong, congratulations! You are now an official contributor to Kong. Get in touch with us to receive -your very own [Contributor T-shirt](#contributor-t-shirt)! +your very own [Contributor Badge](#contributor-badge)! Your change will be included in the subsequent release Changelog, and we will not forget to include your name if you are an external contributor. :wink: @@ -542,7 +542,7 @@ language you are using. :smile: #### Adding Changelog -Every patch, except those +Every patch, except those documentation-only changes, requires a changelog entry to be present inside your Pull Request. Please follow [the changelog instructions](https://github.com/Kong/gateway-changelog) @@ -550,18 +550,19 @@ to create the appropriate changelog file your Pull Request. [Back to TOC](#table-of-contents) -### Contributor T-shirt +### Contributor Badge If your Pull Request to [Kong/kong](https://github.com/Kong/kong) was accepted, and it fixes a bug, adds functionality, or makes it significantly easier to use or understand Kong, congratulations! You are eligible to -receive the very special Contributor T-shirt! Go ahead and fill out the +receive the very special digital Contributor Badge! Go ahead and fill out the [Contributors Submissions form](https://goo.gl/forms/5w6mxLaE4tz2YM0L2). -Proudly wear your T-shirt and show it to us by tagging +Proudly display your Badge and show it to us by tagging [@thekonginc](https://twitter.com/thekonginc) on Twitter! -![Kong Contributor T-shirt](https://konghq.com/wp-content/uploads/2018/04/100-contributor-t-shirt-1024x768.jpg) +*Badges expire after 1 year, at which point you may submit a new contribution +to renew the badge.* [Back to TOC](#table-of-contents) diff --git a/build/openresty/patches/ngx_lua-0.10.26_03-regex-memory-corruption.patch b/build/openresty/patches/ngx_lua-0.10.26_03-regex-memory-corruption.patch index 1c40fd5fa57..7de60af5e0d 100644 --- a/build/openresty/patches/ngx_lua-0.10.26_03-regex-memory-corruption.patch +++ b/build/openresty/patches/ngx_lua-0.10.26_03-regex-memory-corruption.patch @@ -1,38 +1,77 @@ diff --git a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_regex.c b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_regex.c -index 1b52fa2..30c1650 100644 +index 1b52fa2..646b483 100644 --- a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_regex.c +++ b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_regex.c -@@ -688,11 +688,11 @@ ngx_http_lua_ffi_exec_regex(ngx_http_lua_regex_t *re, int flags, +@@ -591,7 +591,11 @@ ngx_http_lua_ffi_compile_regex(const unsigned char *pat, size_t pat_len, + re_comp.captures = 0; + + } else { ++#if (NGX_PCRE2) ++ ovecsize = (re_comp.captures + 1) * 2; ++#else + ovecsize = (re_comp.captures + 1) * 3; ++#endif + } + + dd("allocating cap with size: %d", (int) ovecsize); +@@ -684,21 +688,21 @@ ngx_http_lua_ffi_exec_regex(ngx_http_lua_regex_t *re, int flags, + { + int rc, exec_opts = 0; + size_t *ov; +- ngx_uint_t ovecsize, n, i; ++ ngx_uint_t ovecpair, n, i; ngx_pool_t *old_pool; if (flags & NGX_LUA_RE_MODE_DFA) { - ovecsize = 2; -+ ovecsize = 1; ++ ovecpair = 1; re->ncaptures = 0; } else { - ovecsize = (re->ncaptures + 1) * 3; -+ ovecsize = re->ncaptures + 1; ++ ovecpair = re->ncaptures + 1; } old_pool = ngx_http_lua_pcre_malloc_init(NULL); -@@ -710,7 +710,7 @@ ngx_http_lua_ffi_exec_regex(ngx_http_lua_regex_t *re, int flags, + + if (ngx_regex_match_data == NULL +- || ovecsize > ngx_regex_match_data_size) ++ || ovecpair > ngx_regex_match_data_size) + { + /* + * Allocate a match data if not yet allocated or smaller than +@@ -709,8 +713,8 @@ ngx_http_lua_ffi_exec_regex(ngx_http_lua_regex_t *re, int flags, + pcre2_match_data_free(ngx_regex_match_data); } - ngx_regex_match_data_size = ovecsize; +- ngx_regex_match_data_size = ovecsize; - ngx_regex_match_data = pcre2_match_data_create(ovecsize / 3, NULL); -+ ngx_regex_match_data = pcre2_match_data_create(ovecsize, NULL); ++ ngx_regex_match_data_size = ovecpair; ++ ngx_regex_match_data = pcre2_match_data_create(ovecpair, NULL); if (ngx_regex_match_data == NULL) { rc = PCRE2_ERROR_NOMEMORY; -@@ -756,8 +756,8 @@ ngx_http_lua_ffi_exec_regex(ngx_http_lua_regex_t *re, int flags, - "n %ui, ovecsize %ui", flags, exec_opts, rc, n, ovecsize); +@@ -741,7 +745,7 @@ ngx_http_lua_ffi_exec_regex(ngx_http_lua_regex_t *re, int flags, + #if (NGX_DEBUG) + ngx_log_debug4(NGX_LOG_DEBUG_HTTP, ngx_cycle->log, 0, + "pcre2_match failed: flags 0x%05Xd, options 0x%08Xd, " +- "rc %d, ovecsize %ui", flags, exec_opts, rc, ovecsize); ++ "rc %d, ovecpair %ui", flags, exec_opts, rc, ovecpair); + #endif + + goto failed; +@@ -753,11 +757,11 @@ ngx_http_lua_ffi_exec_regex(ngx_http_lua_regex_t *re, int flags, + #if (NGX_DEBUG) + ngx_log_debug5(NGX_LOG_DEBUG_HTTP, ngx_cycle->log, 0, + "pcre2_match: flags 0x%05Xd, options 0x%08Xd, rc %d, " +- "n %ui, ovecsize %ui", flags, exec_opts, rc, n, ovecsize); ++ "n %ui, ovecpair %ui", flags, exec_opts, rc, n, ovecpair); #endif - if (!(flags & NGX_LUA_RE_MODE_DFA) && n > ovecsize / 3) { - n = ovecsize / 3; -+ if (n > ovecsize) { -+ n = ovecsize; ++ if (n > ovecpair) { ++ n = ovecpair; } for (i = 0; i < n; i++) { diff --git a/build/openresty/patches/ngx_stream_lua-0.0.14_03-regex-memory-corruption.patch b/build/openresty/patches/ngx_stream_lua-0.0.14_03-regex-memory-corruption.patch index 197a0e054b8..42bb7f4c6af 100644 --- a/build/openresty/patches/ngx_stream_lua-0.0.14_03-regex-memory-corruption.patch +++ b/build/openresty/patches/ngx_stream_lua-0.0.14_03-regex-memory-corruption.patch @@ -1,42 +1,81 @@ diff --git a/bundle/ngx_stream_lua-0.0.14/src/ngx_stream_lua_regex.c b/bundle/ngx_stream_lua-0.0.14/src/ngx_stream_lua_regex.c -index e32744e..241ec00 100644 +index e32744e..080e5dd 100644 --- a/bundle/ngx_stream_lua-0.0.14/src/ngx_stream_lua_regex.c +++ b/bundle/ngx_stream_lua-0.0.14/src/ngx_stream_lua_regex.c -@@ -695,11 +695,11 @@ ngx_stream_lua_ffi_exec_regex(ngx_stream_lua_regex_t *re, int flags, +@@ -598,7 +598,11 @@ ngx_stream_lua_ffi_compile_regex(const unsigned char *pat, size_t pat_len, + re_comp.captures = 0; + + } else { ++#if (NGX_PCRE2) ++ ovecsize = (re_comp.captures + 1) * 2; ++#else + ovecsize = (re_comp.captures + 1) * 3; ++#endif + } + + dd("allocating cap with size: %d", (int) ovecsize); +@@ -691,21 +695,21 @@ ngx_stream_lua_ffi_exec_regex(ngx_stream_lua_regex_t *re, int flags, + { + int rc, exec_opts = 0; + size_t *ov; +- ngx_uint_t ovecsize, n, i; ++ ngx_uint_t ovecpair, n, i; ngx_pool_t *old_pool; if (flags & NGX_LUA_RE_MODE_DFA) { - ovecsize = 2; -+ ovecsize = 1; ++ ovecpair = 1; re->ncaptures = 0; } else { - ovecsize = (re->ncaptures + 1) * 3; -+ ovecsize = re->ncaptures + 1; ++ ovecpair = re->ncaptures + 1; } old_pool = ngx_stream_lua_pcre_malloc_init(NULL); -@@ -717,7 +717,7 @@ ngx_stream_lua_ffi_exec_regex(ngx_stream_lua_regex_t *re, int flags, + + if (ngx_regex_match_data == NULL +- || ovecsize > ngx_regex_match_data_size) ++ || ovecpair > ngx_regex_match_data_size) + { + /* + * Allocate a match data if not yet allocated or smaller than +@@ -716,8 +720,8 @@ ngx_stream_lua_ffi_exec_regex(ngx_stream_lua_regex_t *re, int flags, + pcre2_match_data_free(ngx_regex_match_data); } - ngx_regex_match_data_size = ovecsize; +- ngx_regex_match_data_size = ovecsize; - ngx_regex_match_data = pcre2_match_data_create(ovecsize / 3, NULL); -+ ngx_regex_match_data = pcre2_match_data_create(ovecsize, NULL); ++ ngx_regex_match_data_size = ovecpair; ++ ngx_regex_match_data = pcre2_match_data_create(ovecpair, NULL); if (ngx_regex_match_data == NULL) { rc = PCRE2_ERROR_NOMEMORY; -@@ -762,8 +762,8 @@ ngx_stream_lua_ffi_exec_regex(ngx_stream_lua_regex_t *re, int flags, - "n %ui, ovecsize %ui", flags, exec_opts, rc, n, ovecsize); +@@ -747,7 +751,7 @@ ngx_stream_lua_ffi_exec_regex(ngx_stream_lua_regex_t *re, int flags, + #if (NGX_DEBUG) + ngx_log_debug4(NGX_LOG_DEBUG_STREAM, ngx_cycle->log, 0, + "pcre2_match failed: flags 0x%05Xd, options 0x%08Xd, rc %d, " +- "ovecsize %ui", flags, exec_opts, rc, ovecsize); ++ "ovecpair %ui", flags, exec_opts, rc, ovecpair); + #endif + + goto failed; +@@ -759,11 +763,11 @@ ngx_stream_lua_ffi_exec_regex(ngx_stream_lua_regex_t *re, int flags, + #if (NGX_DEBUG) + ngx_log_debug5(NGX_LOG_DEBUG_STREAM, ngx_cycle->log, 0, + "pcre2_match: flags 0x%05Xd, options 0x%08Xd, rc %d, " +- "n %ui, ovecsize %ui", flags, exec_opts, rc, n, ovecsize); ++ "n %ui, ovecpair %ui", flags, exec_opts, rc, n, ovecpair); #endif - if (!(flags & NGX_LUA_RE_MODE_DFA) && n > ovecsize / 3) { - n = ovecsize / 3; -+ if (n > ovecsize) { -+ n = ovecsize; ++ if (n > ovecpair) { ++ n = ovecpair; } for (i = 0; i < n; i++) { -@@ -796,6 +796,21 @@ ngx_stream_lua_ffi_exec_regex(ngx_stream_lua_regex_t *re, int flags, +@@ -796,6 +800,21 @@ ngx_stream_lua_ffi_exec_regex(ngx_stream_lua_regex_t *re, int flags, re->ncaptures = 0; } else { diff --git a/changelog/unreleased/kong/feat-jwt-eddsa.yml b/changelog/unreleased/kong/feat-jwt-eddsa.yml new file mode 100644 index 00000000000..f6095ed55fd --- /dev/null +++ b/changelog/unreleased/kong/feat-jwt-eddsa.yml @@ -0,0 +1,4 @@ +message: | + Addded support for EdDSA algorithms in JWT plugin +type: feature +scope: Plugin diff --git a/changelog/unreleased/kong/feat-jwt-es512.yml b/changelog/unreleased/kong/feat-jwt-es512.yml new file mode 100644 index 00000000000..3dd646f3b40 --- /dev/null +++ b/changelog/unreleased/kong/feat-jwt-es512.yml @@ -0,0 +1,4 @@ +message: | + Addded support for ES512, PS256, PS384, PS512 algorithms in JWT plugin +type: feature +scope: Plugin diff --git a/changelog/unreleased/kong/fix-dns-resolv-timeout-zero.yml b/changelog/unreleased/kong/fix-dns-resolv-timeout-zero.yml new file mode 100644 index 00000000000..fc0df3caee1 --- /dev/null +++ b/changelog/unreleased/kong/fix-dns-resolv-timeout-zero.yml @@ -0,0 +1,3 @@ +message: "**DNS Client**: Ignore a non-positive values on resolv.conf for options timeout, and use a default value of 2 seconds instead." +type: bugfix +scope: Core diff --git a/changelog/unreleased/kong/fix-external-plugin-instance.yml b/changelog/unreleased/kong/fix-external-plugin-instance.yml new file mode 100644 index 00000000000..b92665f2d9b --- /dev/null +++ b/changelog/unreleased/kong/fix-external-plugin-instance.yml @@ -0,0 +1,5 @@ +message: | + Fix an issue where an external plugin (Go, Javascript, or Python) would fail to + apply a change to the plugin config via the Admin API. +type: bugfix +scope: Configuration diff --git a/changelog/unreleased/kong/fix-jwt-plugin-check.yml b/changelog/unreleased/kong/fix-jwt-plugin-check.yml new file mode 100644 index 00000000000..bbf3ed71b84 --- /dev/null +++ b/changelog/unreleased/kong/fix-jwt-plugin-check.yml @@ -0,0 +1,3 @@ +message: "**Jwt**: fix an issue where the plugin would fail when using invalid public keys for ES384 and ES512 algorithms." +type: bugfix +scope: Plugin diff --git a/changelog/unreleased/kong/fix-snis-tls-passthrough-in-trad-compat.yml b/changelog/unreleased/kong/fix-snis-tls-passthrough-in-trad-compat.yml new file mode 100644 index 00000000000..ab00e318f63 --- /dev/null +++ b/changelog/unreleased/kong/fix-snis-tls-passthrough-in-trad-compat.yml @@ -0,0 +1,5 @@ +message: | + Fixed an issue where SNI-based routing does not work + using tls_passthrough and the traditional_compatible router flavor +type: bugfix +scope: Core diff --git a/changelog/unreleased/kong/plugin-schema-deprecation-record.yml b/changelog/unreleased/kong/plugin-schema-deprecation-record.yml new file mode 100644 index 00000000000..25689e6e2fe --- /dev/null +++ b/changelog/unreleased/kong/plugin-schema-deprecation-record.yml @@ -0,0 +1,3 @@ +message: "**Schema**: Added a deprecation field attribute to identify deprecated fields" +type: feature +scope: Configuration diff --git a/kong/db/schema/entities/routes.lua b/kong/db/schema/entities/routes.lua index 148a2b8aab2..d166c70d29f 100644 --- a/kong/db/schema/entities/routes.lua +++ b/kong/db/schema/entities/routes.lua @@ -130,10 +130,29 @@ else } if kong_router_flavor == "traditional_compatible" then + local is_empty_field = require("kong.router.transform").is_empty_field + table.insert(entity_checks, { custom_entity_check = { + field_sources = { "id", "protocols", + "snis", "sources", "destinations", + "methods", "hosts", "paths", "headers", + }, run_with_missing_fields = true, - fn = validate_route, + fn = function(entity) + if is_empty_field(entity.snis) and + is_empty_field(entity.sources) and + is_empty_field(entity.destinations) and + is_empty_field(entity.methods) and + is_empty_field(entity.hosts) and + is_empty_field(entity.paths) and + is_empty_field(entity.headers) + then + return true + end + + return validate_route(entity) + end, }} ) end diff --git a/kong/db/schema/init.lua b/kong/db/schema/init.lua index 89862852ab0..535ab24d44b 100644 --- a/kong/db/schema/init.lua +++ b/kong/db/schema/init.lua @@ -7,6 +7,8 @@ local nkeys = require "table.nkeys" local is_reference = require "kong.pdk.vault".is_reference local json = require "kong.db.schema.json" local cjson_safe = require "cjson.safe" +local deprecation = require "kong.deprecation" +local deepcompare = require "pl.tablex".deepcompare local setmetatable = setmetatable @@ -882,6 +884,16 @@ function Schema:validate_field(field, value) return nil, validation_errors.SUBSCHEMA_ABSTRACT_FIELD end + if field.deprecation then + local old_default = field.deprecation.old_default + local should_warn = old_default == nil + or not deepcompare(value, old_default) + if should_warn then + deprecation(field.deprecation.message, + { after = field.deprecation.removal_in_version, }) + end + end + if field.type == "array" then if not is_sequence(value) then return nil, validation_errors.ARRAY diff --git a/kong/db/schema/metaschema.lua b/kong/db/schema/metaschema.lua index 5c35424c402..deef4f5852a 100644 --- a/kong/db/schema/metaschema.lua +++ b/kong/db/schema/metaschema.lua @@ -192,6 +192,20 @@ local field_schema = { { encrypted = { type = "boolean" }, }, { referenceable = { type = "boolean" }, }, { json_schema = json_metaschema }, + -- Deprecation attribute: used to mark a field as deprecated + -- Results in `message` and `removal_in_version` to be printed in a warning + -- (via kong.deprecation) when the field is used. + -- If `old_default` is not set, the warning message is always printed. + -- If `old_default` is set, the warning message is only printed when the + -- field's value is different from the value of `old_default`. + { deprecation = { + type = "record", + fields = { + { message = { type = "string", required = true } }, + { removal_in_version = { type = "string", required = true } }, + { old_default = { type = "any", required = false } }, + }, + } }, } diff --git a/kong/plugins/acme/schema.lua b/kong/plugins/acme/schema.lua index 1c4d03be53d..5ccc3ffdf4a 100644 --- a/kong/plugins/acme/schema.lua +++ b/kong/plugins/acme/schema.lua @@ -1,7 +1,6 @@ local typedefs = require "kong.db.schema.typedefs" local reserved_words = require "kong.plugins.acme.reserved_words" local redis_schema = require "kong.tools.redis.schema" -local deprecation = require("kong.deprecation") local tablex = require "pl.tablex" @@ -43,18 +42,20 @@ local LEGACY_SCHEMA_TRANSLATIONS = { type = "string", len_min = 0, translate_backwards = {'password'}, + deprecation = { + message = "acme: config.storage_config.redis.auth is deprecated, please use config.storage_config.redis.password instead", + removal_in_version = "4.0", }, func = function(value) - deprecation("acme: config.storage_config.redis.auth is deprecated, please use config.storage_config.redis.password instead", - { after = "4.0", }) return { password = value } end }}, { ssl_server_name = { type = "string", translate_backwards = {'server_name'}, + deprecation = { + message = "acme: config.storage_config.redis.ssl_server_name is deprecated, please use config.storage_config.redis.server_name instead", + removal_in_version = "4.0", }, func = function(value) - deprecation("acme: config.storage_config.redis.ssl_server_name is deprecated, please use config.storage_config.redis.server_name instead", - { after = "4.0", }) return { server_name = value } end }}, @@ -62,18 +63,20 @@ local LEGACY_SCHEMA_TRANSLATIONS = { type = "string", len_min = 0, translate_backwards = {'extra_options', 'namespace'}, + deprecation = { + message = "acme: config.storage_config.redis.namespace is deprecated, please use config.storage_config.redis.extra_options.namespace instead", + removal_in_version = "4.0", }, func = function(value) - deprecation("acme: config.storage_config.redis.namespace is deprecated, please use config.storage_config.redis.extra_options.namespace instead", - { after = "4.0", }) return { extra_options = { namespace = value } } end }}, { scan_count = { type = "integer", translate_backwards = {'extra_options', 'scan_count'}, + deprecation = { + message = "acme: config.storage_config.redis.scan_count is deprecated, please use config.storage_config.redis.extra_options.scan_count instead", + removal_in_version = "4.0", }, func = function(value) - deprecation("acme: config.storage_config.redis.scan_count is deprecated, please use config.storage_config.redis.extra_options.scan_count instead", - { after = "4.0", }) return { extra_options = { scan_count = value } } end }}, diff --git a/kong/plugins/datadog/schema.lua b/kong/plugins/datadog/schema.lua index ed80c2929b6..e660f63e22c 100644 --- a/kong/plugins/datadog/schema.lua +++ b/kong/plugins/datadog/schema.lua @@ -1,5 +1,4 @@ local typedefs = require "kong.db.schema.typedefs" -local deprecation = require("kong.deprecation") local STAT_NAMES = { "kong_latency", @@ -89,17 +88,30 @@ return { consumer_tag = { description = "String to be attached as tag of the consumer.", type = "string", default = "consumer" }, }, { - retry_count = { description = "Number of times to retry when sending data to the upstream server.", - type = "integer" }, }, + retry_count = { + description = "Number of times to retry when sending data to the upstream server.", + type = "integer", + deprecation = { + message = "datadog: config.retry_count no longer works, please use config.queue.max_retry_time instead", + removal_in_version = "4.0", + old_default = 10 }, }, }, { queue_size = { - description = "Maximum number of log entries to be sent on each message to the upstream server.", - type = "integer" }, }, + description = "Maximum number of log entries to be sent on each message to the upstream server.", + type = "integer", + deprecation = { + message = "datadog: config.queue_size is deprecated, please use config.queue.max_batch_size instead", + removal_in_version = "4.0", + old_default = 1 }, }, }, { flush_timeout = { - description = - "Optional time in seconds. If `queue_size` > 1, this is the max idle time before sending a log with less than `queue_size` records.", - type = "number" }, }, + description = + "Optional time in seconds. If `queue_size` > 1, this is the max idle time before sending a log with less than `queue_size` records.", + type = "number", + deprecation = { + message = "datadog: config.flush_timeout is deprecated, please use config.queue.max_coalescing_delay instead", + removal_in_version = "4.0", + old_default = 2 }, }, }, { queue = typedefs.queue }, { metrics = { @@ -135,29 +147,6 @@ return { }, }, }, - - entity_checks = { - { - custom_entity_check = { - field_sources = { "retry_count", "queue_size", "flush_timeout" }, - fn = function(entity) - if (entity.retry_count or ngx.null) ~= ngx.null and entity.retry_count ~= 10 then - deprecation("datadog: config.retry_count no longer works, please use config.queue.max_retry_time instead", - { after = "4.0", }) - end - if (entity.queue_size or ngx.null) ~= ngx.null and entity.queue_size ~= 1 then - deprecation("datadog: config.queue_size is deprecated, please use config.queue.max_batch_size instead", - { after = "4.0", }) - end - if (entity.flush_timeout or ngx.null) ~= ngx.null and entity.flush_timeout ~= 2 then - deprecation("datadog: config.flush_timeout is deprecated, please use config.queue.max_coalescing_delay instead", - { after = "4.0", }) - end - return true - end - } - }, - }, }, }, }, diff --git a/kong/plugins/http-log/schema.lua b/kong/plugins/http-log/schema.lua index ef2dfdcdebc..430761a5ed4 100644 --- a/kong/plugins/http-log/schema.lua +++ b/kong/plugins/http-log/schema.lua @@ -1,6 +1,5 @@ local typedefs = require "kong.db.schema.typedefs" local url = require "socket.url" -local deprecation = require("kong.deprecation") return { @@ -15,9 +14,27 @@ return { { content_type = { description = "Indicates the type of data sent. The only available option is `application/json`.", type = "string", default = "application/json", one_of = { "application/json", "application/json; charset=utf-8" }, }, }, { timeout = { description = "An optional timeout in milliseconds when sending data to the upstream server.", type = "number", default = 10000 }, }, { keepalive = { description = "An optional value in milliseconds that defines how long an idle connection will live before being closed.", type = "number", default = 60000 }, }, - { retry_count = { description = "Number of times to retry when sending data to the upstream server.", type = "integer" }, }, - { queue_size = { description = "Maximum number of log entries to be sent on each message to the upstream server.", type = "integer" }, }, - { flush_timeout = { description = "Optional time in seconds. If `queue_size` > 1, this is the max idle time before sending a log with less than `queue_size` records.", type = "number" }, }, + { retry_count = { + description = "Number of times to retry when sending data to the upstream server.", + type = "integer", + deprecation = { + message = "http-log: config.retry_count no longer works, please use config.queue.max_retry_time instead", + removal_in_version = "4.0", + old_default = 10 }, }, }, + { queue_size = { + description = "Maximum number of log entries to be sent on each message to the upstream server.", + type = "integer", + deprecation = { + message = "http-log: config.queue_size is deprecated, please use config.queue.max_batch_size instead", + removal_in_version = "4.0", + old_default = 1 }, }, }, + { flush_timeout = { + description = "Optional time in seconds. If `queue_size` > 1, this is the max idle time before sending a log with less than `queue_size` records.", + type = "number", + deprecation = { + message = "http-log: config.flush_timeout is deprecated, please use config.queue.max_coalescing_delay instead", + removal_in_version = "4.0", + old_default = 2 }, }, }, { headers = { description = "An optional table of headers included in the HTTP message to the upstream server. Values are indexed by header name, and each header name accepts a single string.", type = "map", keys = typedefs.header_name { match_none = { @@ -43,27 +60,6 @@ return { { queue = typedefs.queue }, { custom_fields_by_lua = typedefs.lua_code }, }, - - entity_checks = { - { custom_entity_check = { - field_sources = { "retry_count", "queue_size", "flush_timeout" }, - fn = function(entity) - if (entity.retry_count or ngx.null) ~= ngx.null and entity.retry_count ~= 10 then - deprecation("http-log: config.retry_count no longer works, please use config.queue.max_retry_time instead", - { after = "4.0", }) - end - if (entity.queue_size or ngx.null) ~= ngx.null and entity.queue_size ~= 1 then - deprecation("http-log: config.queue_size is deprecated, please use config.queue.max_batch_size instead", - { after = "4.0", }) - end - if (entity.flush_timeout or ngx.null) ~= ngx.null and entity.flush_timeout ~= 2 then - deprecation("http-log: config.flush_timeout is deprecated, please use config.queue.max_coalescing_delay instead", - { after = "4.0", }) - end - return true - end - } }, - }, custom_validator = function(config) -- check no double userinfo + authorization header local parsed_url = url.parse(config.http_endpoint) diff --git a/kong/plugins/jwt/daos.lua b/kong/plugins/jwt/daos.lua index d18089bf562..32c46d2da27 100644 --- a/kong/plugins/jwt/daos.lua +++ b/kong/plugins/jwt/daos.lua @@ -37,7 +37,12 @@ return { "RS384", "RS512", "ES256", - "ES384" + "ES384", + "ES512", + "PS256", + "PS384", + "PS512", + "EdDSA", }, }, }, { tags = typedefs.tags }, @@ -45,7 +50,14 @@ return { entity_checks = { { conditional = { if_field = "algorithm", if_match = { - match_any = { patterns = { "^RS256$", "^RS384$", "^RS512$" }, }, + match_any = { patterns = { "^RS256$", + "^RS384$", + "^RS512$", + "^PS256$", + "^PS384$", + "^PS512$", + "^EdDSA$", + }, }, }, then_field = "rsa_public_key", then_match = { diff --git a/kong/plugins/jwt/jwt_parser.lua b/kong/plugins/jwt/jwt_parser.lua index 502d45a9ff6..b1cce974408 100644 --- a/kong/plugins/jwt/jwt_parser.lua +++ b/kong/plugins/jwt/jwt_parser.lua @@ -66,6 +66,43 @@ local alg_sign = { return nil end return sig + end, + ES512 = function(data, key) + local pkey = openssl_pkey.new(key) + local sig = assert(pkey:sign(data, "sha512", nil, { ecdsa_use_raw = true })) + if not sig then + return nil + end + return sig + end, + + PS256 = function(data, key) + local pkey = openssl_pkey.new(key) + local sig = assert(pkey:sign(data, "sha256", openssl_pkey.PADDINGS.RSA_PKCS1_PSS_PADDING)) + if not sig then + return nil + end + return sig + end, + PS384 = function(data, key) + local pkey = openssl_pkey.new(key) + local sig = assert(pkey:sign(data, "sha384", openssl_pkey.PADDINGS.RSA_PKCS1_PSS_PADDING)) + if not sig then + return nil + end + return sig + end, + PS512 = function(data, key) + local pkey = openssl_pkey.new(key) + local sig = assert(pkey:sign(data, "sha512", openssl_pkey.PADDINGS.RSA_PKCS1_PSS_PADDING)) + if not sig then + return nil + end + return sig + end, + EdDSA = function(data, key) + local pkey = assert(openssl_pkey.new(key)) + return assert(pkey:sign(data)) end } @@ -78,23 +115,17 @@ local alg_verify = { RS256 = function(data, signature, key) local pkey, _ = openssl_pkey.new(key) assert(pkey, "Consumer Public Key is Invalid") - local digest = openssl_digest.new("sha256") - assert(digest:update(data)) - return pkey:verify(signature, digest) + return pkey:verify(signature, data, "sha256") end, RS384 = function(data, signature, key) local pkey, _ = openssl_pkey.new(key) assert(pkey, "Consumer Public Key is Invalid") - local digest = openssl_digest.new("sha384") - assert(digest:update(data)) - return pkey:verify(signature, digest) + return pkey:verify(signature, data, "sha384") end, RS512 = function(data, signature, key) local pkey, _ = openssl_pkey.new(key) assert(pkey, "Consumer Public Key is Invalid") - local digest = openssl_digest.new("sha512") - assert(digest:update(data)) - return pkey:verify(signature, digest) + return pkey:verify(signature, data, "sha512") end, -- https://www.rfc-editor.org/rfc/rfc7518#section-3.4 ES256 = function(data, signature, key) @@ -117,8 +148,49 @@ local alg_verify = { -- ECDSA P-521 SHA-512, R and S will be 521 bits each, resulting in a -- 132-octet sequence. local pkey, _ = openssl_pkey.new(key) + assert(pkey, "Consumer Public Key is Invalid") assert(#signature == 96, "Signature must be 96 bytes.") return pkey:verify(signature, data, "sha384", nil, { ecdsa_use_raw = true }) + end, + + ES512 = function(data, signature, key) + -- Signing and validation with the ECDSA P-384 SHA-384 and ECDSA P-521 + -- SHA-512 algorithms is performed identically to the procedure for + -- ECDSA P-256 SHA-256 -- just using the corresponding hash algorithms + -- with correspondingly larger result values. For ECDSA P-384 SHA-384, + -- R and S will be 384 bits each, resulting in a 96-octet sequence. For + -- ECDSA P-521 SHA-512, R and S will be 521 bits each, resulting in a + -- 132-octet sequence. + local pkey, _ = openssl_pkey.new(key) + assert(pkey, "Consumer Public Key is Invalid") + assert(#signature == 132, "Signature must be 132 bytes.") + return pkey:verify(signature, data, "sha512", nil, { ecdsa_use_raw = true }) + end, + + PS256 = function(data, signature, key) + local pkey, _ = openssl_pkey.new(key) + assert(pkey, "Consumer Public Key is Invalid") + assert(#signature == 256, "Signature must be 256 bytes") + return pkey:verify(signature, data, "sha256", openssl_pkey.PADDINGS.RSA_PKCS1_PSS_PADDING) + end, + PS384 = function(data, signature, key) + local pkey, _ = openssl_pkey.new(key) + assert(pkey, "Consumer Public Key is Invalid") + assert(#signature == 256, "Signature must be 256 bytes") + return pkey:verify(signature, data, "sha384", openssl_pkey.PADDINGS.RSA_PKCS1_PSS_PADDING) + end, + PS512 = function(data, signature, key) + local pkey, _ = openssl_pkey.new(key) + assert(pkey, "Consumer Public Key is Invalid") + assert(#signature == 256, "Signature must be 256 bytes") + return pkey:verify(signature, data, "sha512", openssl_pkey.PADDINGS.RSA_PKCS1_PSS_PADDING) + end, + EdDSA = function(data, signature, key) + -- Support of EdDSA alg typ according to RFC 8037 + -- https://www.rfc-editor.org/rfc/rfc8037 + local pkey, _ = openssl_pkey.new(key) + assert(pkey, "Consumer Public Key is Invalid") + return pkey:verify(signature, data) end } diff --git a/kong/plugins/opentelemetry/schema.lua b/kong/plugins/opentelemetry/schema.lua index 85d8f4c1834..59181655c1a 100644 --- a/kong/plugins/opentelemetry/schema.lua +++ b/kong/plugins/opentelemetry/schema.lua @@ -1,6 +1,5 @@ local typedefs = require "kong.db.schema.typedefs" local Schema = require "kong.db.schema" -local deprecation = require("kong.deprecation") local function custom_validator(attributes) for _, v in pairs(attributes) do @@ -50,8 +49,20 @@ return { max_batch_size = 200, }, } }, - { batch_span_count = { description = "The number of spans to be sent in a single batch.", type = "integer" } }, - { batch_flush_delay = { description = "The delay, in seconds, between two consecutive batches.", type = "integer" } }, + { batch_span_count = { + description = "The number of spans to be sent in a single batch.", + type = "integer", + deprecation = { + message = "opentelemetry: config.batch_span_count is deprecated, please use config.queue.max_batch_size instead", + removal_in_version = "4.0", + old_default = 200 }, }, }, + { batch_flush_delay = { + description = "The delay, in seconds, between two consecutive batches.", + type = "integer", + deprecation = { + message = "opentelemetry: config.batch_flush_delay is deprecated, please use config.queue.max_coalescing_delay instead", + removal_in_version = "4.0", + old_default = 3, }, }, }, { connect_timeout = typedefs.timeout { default = 1000 } }, { send_timeout = typedefs.timeout { default = 5000 } }, { read_timeout = typedefs.timeout { default = 5000 } }, @@ -71,22 +82,6 @@ return { default = nil, } }, }, - entity_checks = { - { custom_entity_check = { - field_sources = { "batch_span_count", "batch_flush_delay" }, - fn = function(entity) - if (entity.batch_span_count or ngx.null) ~= ngx.null and entity.batch_span_count ~= 200 then - deprecation("opentelemetry: config.batch_span_count is deprecated, please use config.queue.max_batch_size instead", - { after = "4.0", }) - end - if (entity.batch_flush_delay or ngx.null) ~= ngx.null and entity.batch_flush_delay ~= 3 then - deprecation("opentelemetry: config.batch_flush_delay is deprecated, please use config.queue.max_coalescing_delay instead", - { after = "4.0", }) - end - return true - end - } }, - }, }, }, }, } diff --git a/kong/plugins/rate-limiting/schema.lua b/kong/plugins/rate-limiting/schema.lua index 21d48bfe29b..8928fb87fcd 100644 --- a/kong/plugins/rate-limiting/schema.lua +++ b/kong/plugins/rate-limiting/schema.lua @@ -1,6 +1,5 @@ local typedefs = require "kong.db.schema.typedefs" local redis_schema = require "kong.tools.redis.schema" -local deprecation = require "kong.deprecation" local SYNC_RATE_REALTIME = -1 @@ -104,18 +103,20 @@ return { { redis_host = { type = "string", translate_backwards = {'redis', 'host'}, + deprecation = { + message = "rate-limiting: config.redis_host is deprecated, please use config.redis.host instead", + removal_in_version = "4.0", }, func = function(value) - deprecation("rate-limiting: config.redis_host is deprecated, please use config.redis.host instead", - { after = "4.0", }) return { redis = { host = value } } end } }, { redis_port = { type = "integer", translate_backwards = {'redis', 'port'}, + deprecation = { + message = "rate-limiting: config.redis_port is deprecated, please use config.redis.port instead", + removal_in_version = "4.0", }, func = function(value) - deprecation("rate-limiting: config.redis_port is deprecated, please use config.redis.port instead", - { after = "4.0", }) return { redis = { port = value } } end } }, @@ -123,63 +124,70 @@ return { type = "string", len_min = 0, translate_backwards = {'redis', 'password'}, + deprecation = { + message = "rate-limiting: config.redis_password is deprecated, please use config.redis.password instead", + removal_in_version = "4.0", }, func = function(value) - deprecation("rate-limiting: config.redis_password is deprecated, please use config.redis.password instead", - { after = "4.0", }) return { redis = { password = value } } end } }, { redis_username = { type = "string", translate_backwards = {'redis', 'username'}, + deprecation = { + message = "rate-limiting: config.redis_username is deprecated, please use config.redis.username instead", + removal_in_version = "4.0", }, func = function(value) - deprecation("rate-limiting: config.redis_username is deprecated, please use config.redis.username instead", - { after = "4.0", }) return { redis = { username = value } } end } }, { redis_ssl = { type = "boolean", translate_backwards = {'redis', 'ssl'}, + deprecation = { + message = "rate-limiting: config.redis_ssl is deprecated, please use config.redis.ssl instead", + removal_in_version = "4.0", }, func = function(value) - deprecation("rate-limiting: config.redis_ssl is deprecated, please use config.redis.ssl instead", - { after = "4.0", }) return { redis = { ssl = value } } end } }, { redis_ssl_verify = { type = "boolean", translate_backwards = {'redis', 'ssl_verify'}, + deprecation = { + message = "rate-limiting: config.redis_ssl_verify is deprecated, please use config.redis.ssl_verify instead", + removal_in_version = "4.0", }, func = function(value) - deprecation("rate-limiting: config.redis_ssl_verify is deprecated, please use config.redis.ssl_verify instead", - { after = "4.0", }) return { redis = { ssl_verify = value } } end } }, { redis_server_name = { type = "string", translate_backwards = {'redis', 'server_name'}, + deprecation = { + message = "rate-limiting: config.redis_server_name is deprecated, please use config.redis.server_name instead", + removal_in_version = "4.0", }, func = function(value) - deprecation("rate-limiting: config.redis_server_name is deprecated, please use config.redis.server_name instead", - { after = "4.0", }) return { redis = { server_name = value } } end } }, { redis_timeout = { type = "integer", translate_backwards = {'redis', 'timeout'}, + deprecation = { + message = "rate-limiting: config.redis_timeout is deprecated, please use config.redis.timeout instead", + removal_in_version = "4.0", }, func = function(value) - deprecation("rate-limiting: config.redis_timeout is deprecated, please use config.redis.timeout instead", - { after = "4.0", }) return { redis = { timeout = value } } end } }, { redis_database = { type = "integer", translate_backwards = {'redis', 'database'}, + deprecation = { + message = "rate-limiting: config.redis_database is deprecated, please use config.redis.database instead", + removal_in_version = "4.0", }, func = function(value) - deprecation("rate-limiting: config.redis_database is deprecated, please use config.redis.database instead", - { after = "4.0", }) return { redis = { database = value } } end } }, diff --git a/kong/plugins/response-ratelimiting/schema.lua b/kong/plugins/response-ratelimiting/schema.lua index 4c6f765343b..d919ced5a8e 100644 --- a/kong/plugins/response-ratelimiting/schema.lua +++ b/kong/plugins/response-ratelimiting/schema.lua @@ -1,6 +1,5 @@ local typedefs = require "kong.db.schema.typedefs" local redis_schema = require "kong.tools.redis.schema" -local deprecation = require "kong.deprecation" local ORDERED_PERIODS = { "second", "minute", "hour", "day", "month", "year" } @@ -143,18 +142,20 @@ return { { redis_host = { type = "string", translate_backwards = {'redis', 'host'}, + deprecation = { + message = "response-ratelimiting: config.redis_host is deprecated, please use config.redis.host instead", + removal_in_version = "4.0", }, func = function(value) - deprecation("response-ratelimiting: config.redis_host is deprecated, please use config.redis.host instead", - { after = "4.0", }) return { redis = { host = value } } end } }, { redis_port = { type = "integer", translate_backwards = {'redis', 'port'}, + deprecation = { + message = "response-ratelimiting: config.redis_port is deprecated, please use config.redis.port instead", + removal_in_version = "4.0", }, func = function(value) - deprecation("response-ratelimiting: config.redis_port is deprecated, please use config.redis.port instead", - { after = "4.0", }) return { redis = { port = value } } end } }, @@ -162,63 +163,70 @@ return { type = "string", len_min = 0, translate_backwards = {'redis', 'password'}, + deprecation = { + message = "response-ratelimiting: config.redis_password is deprecated, please use config.redis.password instead", + removal_in_version = "4.0", }, func = function(value) - deprecation("response-ratelimiting: config.redis_password is deprecated, please use config.redis.password instead", - { after = "4.0", }) return { redis = { password = value } } end } }, { redis_username = { type = "string", translate_backwards = {'redis', 'username'}, + deprecation = { + message = "response-ratelimiting: config.redis_username is deprecated, please use config.redis.username instead", + removal_in_version = "4.0", }, func = function(value) - deprecation("response-ratelimiting: config.redis_username is deprecated, please use config.redis.username instead", - { after = "4.0", }) return { redis = { username = value } } end } }, { redis_ssl = { type = "boolean", translate_backwards = {'redis', 'ssl'}, + deprecation = { + message = "response-ratelimiting: config.redis_ssl is deprecated, please use config.redis.ssl instead", + removal_in_version = "4.0", }, func = function(value) - deprecation("response-ratelimiting: config.redis_ssl is deprecated, please use config.redis.ssl instead", - { after = "4.0", }) return { redis = { ssl = value } } end } }, { redis_ssl_verify = { type = "boolean", translate_backwards = {'redis', 'ssl_verify'}, + deprecation = { + message = "response-ratelimiting: config.redis_ssl_verify is deprecated, please use config.redis.ssl_verify instead", + removal_in_version = "4.0", }, func = function(value) - deprecation("response-ratelimiting: config.redis_ssl_verify is deprecated, please use config.redis.ssl_verify instead", - { after = "4.0", }) return { redis = { ssl_verify = value } } end } }, { redis_server_name = { type = "string", translate_backwards = {'redis', 'server_name'}, + deprecation = { + message = "response-ratelimiting: config.redis_server_name is deprecated, please use config.redis.server_name instead", + removal_in_version = "4.0", }, func = function(value) - deprecation("response-ratelimiting: config.redis_server_name is deprecated, please use config.redis.server_name instead", - { after = "4.0", }) return { redis = { server_name = value } } end } }, { redis_timeout = { type = "integer", translate_backwards = {'redis', 'timeout'}, + deprecation = { + message = "response-ratelimiting: config.redis_timeout is deprecated, please use config.redis.timeout instead", + removal_in_version = "4.0", }, func = function(value) - deprecation("response-ratelimiting: config.redis_timeout is deprecated, please use config.redis.timeout instead", - { after = "4.0", }) return { redis = { timeout = value } } end } }, { redis_database = { type = "integer", translate_backwards = {'redis', 'database'}, + deprecation = { + message = "response-ratelimiting: config.redis_database is deprecated, please use config.redis.database instead", + removal_in_version = "4.0", }, func = function(value) - deprecation("response-ratelimiting: config.redis_database is deprecated, please use config.redis.database instead", - { after = "4.0", }) return { redis = { database = value } } end } }, diff --git a/kong/plugins/statsd/schema.lua b/kong/plugins/statsd/schema.lua index 3eb70d587cb..c55151b0b59 100644 --- a/kong/plugins/statsd/schema.lua +++ b/kong/plugins/statsd/schema.lua @@ -1,6 +1,5 @@ local typedefs = require "kong.db.schema.typedefs" local constants = require "kong.plugins.statsd.constants" -local deprecation = require("kong.deprecation") local METRIC_NAMES = { @@ -196,32 +195,27 @@ return { { consumer_identifier_default = { type = "string", required = true, default = "custom_id", one_of = CONSUMER_IDENTIFIERS }, }, { service_identifier_default = { type = "string", required = true, default = "service_name_or_host", one_of = SERVICE_IDENTIFIERS }, }, { workspace_identifier_default = { type = "string", required = true, default = "workspace_id", one_of = WORKSPACE_IDENTIFIERS }, }, - { retry_count = { type = "integer" }, }, - { queue_size = { type = "integer" }, }, - { flush_timeout = { type = "number" }, }, + { retry_count = { + type = "integer", + deprecation = { + message = "statsd: config.retry_count no longer works, please use config.queue.max_retry_time instead", + removal_in_version = "4.0", + old_default = 10 }, }, }, + { queue_size = { + type = "integer", + deprecation = { + message = "statsd: config.queue_size is deprecated, please use config.queue.max_batch_size instead", + removal_in_version = "4.0", + old_default = 1 }, }, }, + { flush_timeout = { + type = "number", + deprecation = { + message = "statsd: config.flush_timeout is deprecated, please use config.queue.max_coalescing_delay instead", + removal_in_version = "4.0", + old_default = 2 }, }, }, { tag_style = { type = "string", required = false, one_of = TAG_TYPE }, }, { queue = typedefs.queue }, }, - entity_checks = { - { custom_entity_check = { - field_sources = { "retry_count", "queue_size", "flush_timeout" }, - fn = function(entity) - if (entity.retry_count or ngx.null) ~= ngx.null and entity.retry_count ~= 10 then - deprecation("statsd: config.retry_count no longer works, please use config.queue.max_retry_time instead", - { after = "4.0", }) - end - if (entity.queue_size or ngx.null) ~= ngx.null and entity.queue_size ~= 1 then - deprecation("statsd: config.queue_size is deprecated, please use config.queue.max_batch_size instead", - { after = "4.0", }) - end - if (entity.flush_timeout or ngx.null) ~= ngx.null and entity.flush_timeout ~= 2 then - deprecation("statsd: config.flush_timeout is deprecated, please use config.queue.max_coalescing_delay instead", - { after = "4.0", }) - end - return true - end - } }, - }, }, }, }, diff --git a/kong/resty/dns/client.lua b/kong/resty/dns/client.lua index 78cf91d29b5..7725e5fb0f7 100644 --- a/kong/resty/dns/client.lua +++ b/kong/resty/dns/client.lua @@ -32,6 +32,7 @@ local log = ngx.log local ERR = ngx.ERR local WARN = ngx.WARN local ALERT = ngx.ALERT +local NOTICE = ngx.NOTICE local DEBUG = ngx.DEBUG --[[ DEBUG = ngx.WARN @@ -54,6 +55,8 @@ local req_dyn_hook_run_hooks = req_dyn_hook.run_hooks local DOT = string_byte(".") local COLON = string_byte(":") +local DEFAULT_TIMEOUT = 2000 -- 2000 is openresty default + local EMPTY = setmetatable({}, {__newindex = function() error("The 'EMPTY' table is read-only") end}) @@ -621,10 +624,15 @@ _M.init = function(options) if resolv.options.timeout then options.timeout = resolv.options.timeout * 1000 else - options.timeout = 2000 -- 2000 is openresty default + options.timeout = DEFAULT_TIMEOUT end end - log(DEBUG, PREFIX, "timeout = ", options.timeout, " ms") + if options.timeout > 0 then + log(DEBUG, PREFIX, "timeout = ", options.timeout, " ms") + else + log(NOTICE, PREFIX, "timeout = ", DEFAULT_TIMEOUT, " ms (a non-positive timeout of ", options.timeout, " configured - using default timeout)") + options.timeout = DEFAULT_TIMEOUT + end -- setup the search order options.ndots = options.ndots or resolv.options.ndots or 1 diff --git a/kong/router/transform.lua b/kong/router/transform.lua index 141525e1ec5..2933bc1c32a 100644 --- a/kong/router/transform.lua +++ b/kong/router/transform.lua @@ -524,9 +524,7 @@ local function get_priority(route) -- stream expression - if not is_empty_field(srcs) or - not is_empty_field(dsts) - then + if is_stream_route(route) then return stream_get_priority(snis, srcs, dsts) end diff --git a/kong/runloop/plugin_servers/init.lua b/kong/runloop/plugin_servers/init.lua index 6c3937efc8e..316bb11012c 100644 --- a/kong/runloop/plugin_servers/init.lua +++ b/kong/runloop/plugin_servers/init.lua @@ -213,6 +213,7 @@ function get_instance_id(plugin_name, conf) if instance_info and instance_info.id + and instance_info.seq == conf.__seq__ and instance_info.conf and instance_info.conf.__plugin_id == key then -- exact match, return it @@ -224,6 +225,7 @@ function get_instance_id(plugin_name, conf) -- we're the first, put something to claim instance_info = { conf = conf, + seq = conf.__seq__, } running_instances[key] = instance_info else @@ -246,6 +248,7 @@ function get_instance_id(plugin_name, conf) instance_info.id = new_instance_info.id instance_info.plugin_name = plugin_name instance_info.conf = new_instance_info.conf + instance_info.seq = new_instance_info.seq instance_info.Config = new_instance_info.Config instance_info.rpc = new_instance_info.rpc diff --git a/spec/01-unit/08-router_spec.lua b/spec/01-unit/08-router_spec.lua index 3078c907f82..9e7a9e2cba1 100644 --- a/spec/01-unit/08-router_spec.lua +++ b/spec/01-unit/08-router_spec.lua @@ -4307,6 +4307,7 @@ for _, flavor in ipairs({ "traditional", "traditional_compatible", "expressions" service = service, route = { id = "e8fb37f1-102d-461e-9c51-6608a6bb8101", + protocols = { "tcp", }, sources = { { ip = "127.0.0.1" }, { ip = "127.0.0.2" }, @@ -4317,6 +4318,7 @@ for _, flavor in ipairs({ "traditional", "traditional_compatible", "expressions" service = service, route = { id = "e8fb37f1-102d-461e-9c51-6608a6bb8102", + protocols = { "tcp", }, sources = { { port = 65001 }, { port = 65002 }, @@ -4328,6 +4330,7 @@ for _, flavor in ipairs({ "traditional", "traditional_compatible", "expressions" service = service, route = { id = "e8fb37f1-102d-461e-9c51-6608a6bb8103", + protocols = { "tcp", }, sources = { { ip = "127.168.0.0/8" }, } @@ -4338,6 +4341,7 @@ for _, flavor in ipairs({ "traditional", "traditional_compatible", "expressions" service = service, route = { id = "e8fb37f1-102d-461e-9c51-6608a6bb8104", + protocols = { "tcp", }, sources = { { ip = "127.0.0.1", port = 65001 }, } @@ -4347,6 +4351,7 @@ for _, flavor in ipairs({ "traditional", "traditional_compatible", "expressions" service = service, route = { id = "e8fb37f1-102d-461e-9c51-6608a6bb8105", + protocols = { "tcp", }, sources = { { ip = "127.0.0.2", port = 65300 }, { ip = "127.168.0.0/16", port = 65301 }, @@ -4416,6 +4421,7 @@ for _, flavor in ipairs({ "traditional", "traditional_compatible", "expressions" service = service, route = { id = "e8fb37f1-102d-461e-9c51-6608a6bb8101", + protocols = { "tcp", }, destinations = { { ip = "127.0.0.1" }, { ip = "127.0.0.2" }, @@ -4426,6 +4432,7 @@ for _, flavor in ipairs({ "traditional", "traditional_compatible", "expressions" service = service, route = { id = "e8fb37f1-102d-461e-9c51-6608a6bb8102", + protocols = { "tcp", }, destinations = { { port = 65001 }, { port = 65002 }, @@ -4437,6 +4444,7 @@ for _, flavor in ipairs({ "traditional", "traditional_compatible", "expressions" service = service, route = { id = "e8fb37f1-102d-461e-9c51-6608a6bb8103", + protocols = { "tcp", }, destinations = { { ip = "127.168.0.0/8" }, } @@ -4447,6 +4455,7 @@ for _, flavor in ipairs({ "traditional", "traditional_compatible", "expressions" service = service, route = { id = "e8fb37f1-102d-461e-9c51-6608a6bb8104", + protocols = { "tcp", }, destinations = { { ip = "127.0.0.1", port = 65001 }, } @@ -4456,6 +4465,7 @@ for _, flavor in ipairs({ "traditional", "traditional_compatible", "expressions" service = service, route = { id = "e8fb37f1-102d-461e-9c51-6608a6bb8105", + protocols = { "tcp", }, destinations = { { ip = "127.0.0.2", port = 65300 }, { ip = "127.168.0.0/16", port = 65301 }, @@ -4613,6 +4623,7 @@ for _, flavor in ipairs({ "traditional", "traditional_compatible", "expressions" service = service, route = { id = "e8fb37f1-102d-461e-9c51-6608a6bb8101", + protocols = { "tls", }, snis = { "www.example.org" }, } }, @@ -4620,6 +4631,7 @@ for _, flavor in ipairs({ "traditional", "traditional_compatible", "expressions" service = service, route = { id = "e8fb37f1-102d-461e-9c51-6608a6bb8102", + protocols = { "tls", }, sources = { { ip = "127.0.0.1" }, } @@ -4629,6 +4641,7 @@ for _, flavor in ipairs({ "traditional", "traditional_compatible", "expressions" service = service, route = { id = "e8fb37f1-102d-461e-9c51-6608a6bb8103", + protocols = { "tls", }, destinations = { { ip = "172.168.0.1" }, } @@ -4655,6 +4668,7 @@ for _, flavor in ipairs({ "traditional", "traditional_compatible", "expressions" service = service, route = { id = "e8fb37f1-102d-461e-9c51-6608a6bb8101", + protocols = { "tls", }, snis = { "www.example.org" }, } }, @@ -4662,6 +4676,7 @@ for _, flavor in ipairs({ "traditional", "traditional_compatible", "expressions" service = service, route = { id = "e8fb37f1-102d-461e-9c51-6608a6bb8102", + protocols = { "tls", }, sources = { { ip = "127.0.0.1" }, }, @@ -5033,6 +5048,57 @@ do assert.same("/bar", match_t.upstream_uri) end) end) + + describe("Router (flavor = " .. flavor .. ")", function() + reload_router(flavor, "stream") + + it("[#stream SNI-based routing does work using tls_passthrough]", function() + local use_case = { + { + service = service, + route = { + id = "e8fb37f1-102d-461e-9c51-6608a6bb8101", + protocols = { "tls_passthrough", }, + snis = { "www.example.com" }, + preserve_host = true, + }, + }, + { + service = service, + route = { + id = "e8fb37f1-102d-461e-9c51-6608a6bb8102", + protocols = { "tls_passthrough", }, + snis = { "www.example.org" }, + preserve_host = true, + }, + }, + } + + local router = assert(new_router(use_case)) + + local _ngx = { + var = { + ssl_preread_server_name = "www.example.com", + }, + } + router._set_ngx(_ngx) + local match_t = router:exec() + + assert.truthy(match_t) + assert.same(use_case[1].route, match_t.route) + + local _ngx = { + var = { + ssl_preread_server_name = "www.example.org", + }, + } + router._set_ngx(_ngx) + local match_t = router:exec() + + assert.truthy(match_t) + assert.same(use_case[2].route, match_t.route) + end) + end) end -- local flavor = "traditional_compatible" do diff --git a/spec/02-integration/04-admin_api/02-kong_routes_spec.lua b/spec/02-integration/04-admin_api/02-kong_routes_spec.lua index 7c28d682fac..4c3c502a119 100644 --- a/spec/02-integration/04-admin_api/02-kong_routes_spec.lua +++ b/spec/02-integration/04-admin_api/02-kong_routes_spec.lua @@ -18,7 +18,7 @@ describe("Admin API - Kong routes with strategy #" .. strategy, function() helpers.get_db_utils(nil, {}) -- runs migrations assert(helpers.start_kong { database = strategy, - plugins = "bundled,reports-api", + plugins = "bundled,reports-api,dummy", pg_password = "hide_me" }) client = helpers.admin_client(10000) @@ -518,6 +518,30 @@ describe("Admin API - Kong routes with strategy #" .. strategy, function() local json = cjson.decode(body) assert.same({ message = "No plugin named 'not-present'" }, json) end) + it("returns information about a deprecated field", function() + local res = assert(client:send { + method = "GET", + path = "/schemas/plugins/dummy", + }) + local body = assert.res_status(200, res) + local json = cjson.decode(body) + assert.is_table(json.fields) + + local found = false + for _, f in ipairs(json.fields) do + local config_fields = f.config and f.config.fields + for _, cf in ipairs(config_fields or {}) do + local deprecation = cf.old_field and cf.old_field.deprecation + if deprecation then + assert.is_string(deprecation.message) + assert.is_number(deprecation.old_default) + assert.is_string(deprecation.removal_in_version) + found = true + end + end + end + assert(found) + end) end) describe("/schemas/:db_entity_name/validate", function() diff --git a/spec/02-integration/04-admin_api/03-consumers_routes_spec.lua b/spec/02-integration/04-admin_api/03-consumers_routes_spec.lua index 31d66bf29be..d5251bd7c67 100644 --- a/spec/02-integration/04-admin_api/03-consumers_routes_spec.lua +++ b/spec/02-integration/04-admin_api/03-consumers_routes_spec.lua @@ -46,7 +46,7 @@ describe("Admin API (#" .. strategy .. "): ", function() end) lazy_teardown(function() - helpers.stop_kong(nil, true) + helpers.stop_kong() end) before_each(function() diff --git a/spec/02-integration/04-admin_api/04-plugins_routes_spec.lua b/spec/02-integration/04-admin_api/04-plugins_routes_spec.lua index 2cdd40ce158..f1f52be0787 100644 --- a/spec/02-integration/04-admin_api/04-plugins_routes_spec.lua +++ b/spec/02-integration/04-admin_api/04-plugins_routes_spec.lua @@ -24,7 +24,7 @@ for _, strategy in helpers.each_strategy() do end) lazy_teardown(function() - helpers.stop_kong(nil, true) + helpers.stop_kong() end) before_each(function() diff --git a/spec/02-integration/04-admin_api/09-routes_routes_spec.lua b/spec/02-integration/04-admin_api/09-routes_routes_spec.lua index 20ab5d8a573..e358bf1d706 100644 --- a/spec/02-integration/04-admin_api/09-routes_routes_spec.lua +++ b/spec/02-integration/04-admin_api/09-routes_routes_spec.lua @@ -35,7 +35,7 @@ for _, strategy in helpers.each_strategy() do end) lazy_teardown(function() - helpers.stop_kong(nil, true) + helpers.stop_kong() end) before_each(function() @@ -1966,7 +1966,7 @@ for _, strategy in helpers.each_strategy() do end) lazy_teardown(function() - helpers.stop_kong(nil, true) + helpers.stop_kong() end) before_each(function() diff --git a/spec/02-integration/04-admin_api/10-services_routes_spec.lua b/spec/02-integration/04-admin_api/10-services_routes_spec.lua index b1fe3be1cc7..32dbcd052ff 100644 --- a/spec/02-integration/04-admin_api/10-services_routes_spec.lua +++ b/spec/02-integration/04-admin_api/10-services_routes_spec.lua @@ -35,7 +35,7 @@ for _, strategy in helpers.each_strategy() do end) lazy_teardown(function() - helpers.stop_kong(nil, true) + helpers.stop_kong() end) before_each(function() diff --git a/spec/02-integration/04-admin_api/15-off_spec.lua b/spec/02-integration/04-admin_api/15-off_spec.lua index 655a9e621bb..3ca5d34b80e 100644 --- a/spec/02-integration/04-admin_api/15-off_spec.lua +++ b/spec/02-integration/04-admin_api/15-off_spec.lua @@ -57,7 +57,7 @@ describe("Admin API #off", function() end) lazy_teardown(function() - helpers.stop_kong(nil, true) + helpers.stop_kong() end) before_each(function() @@ -2741,7 +2741,7 @@ describe("Admin API (concurrency tests) #off", function() end) after_each(function() - helpers.stop_kong(nil, true) + helpers.stop_kong() if client then client:close() @@ -2862,7 +2862,7 @@ describe("Admin API #off with Unique Foreign #unique", function() end) lazy_teardown(function() - helpers.stop_kong(nil, true) + helpers.stop_kong() end) before_each(function() @@ -3005,7 +3005,7 @@ describe("Admin API #off with cache key vs endpoint key #unique", function() end) lazy_teardown(function() - helpers.stop_kong(nil, true) + helpers.stop_kong() end) before_each(function() @@ -3073,7 +3073,7 @@ describe("Admin API #off worker_consistency=eventual", function() end) lazy_teardown(function() - helpers.stop_kong(nil, true) + helpers.stop_kong() end) before_each(function() diff --git a/spec/02-integration/04-admin_api/19-vaults_spec.lua b/spec/02-integration/04-admin_api/19-vaults_spec.lua index aa451805164..08063e30fe0 100644 --- a/spec/02-integration/04-admin_api/19-vaults_spec.lua +++ b/spec/02-integration/04-admin_api/19-vaults_spec.lua @@ -21,7 +21,7 @@ for _, strategy in helpers.each_strategy() do end) lazy_teardown(function() - helpers.stop_kong(nil, true) + helpers.stop_kong() end) before_each(function() diff --git a/spec/02-integration/04-admin_api/21-admin-api-keys_spec.lua b/spec/02-integration/04-admin_api/21-admin-api-keys_spec.lua index a4c6203b485..ac6a7981f6e 100644 --- a/spec/02-integration/04-admin_api/21-admin-api-keys_spec.lua +++ b/spec/02-integration/04-admin_api/21-admin-api-keys_spec.lua @@ -27,7 +27,7 @@ for _, strategy in helpers.all_strategies() do end) lazy_teardown(function() - helpers.stop_kong(nil, true) + helpers.stop_kong() end) before_each(function() diff --git a/spec/02-integration/04-admin_api/21-truncated_arguments_spec.lua b/spec/02-integration/04-admin_api/21-truncated_arguments_spec.lua index 03d342edaf3..3a4071642b2 100644 --- a/spec/02-integration/04-admin_api/21-truncated_arguments_spec.lua +++ b/spec/02-integration/04-admin_api/21-truncated_arguments_spec.lua @@ -18,7 +18,7 @@ for _, strategy in helpers.each_strategy() do end) lazy_teardown(function() - helpers.stop_kong(nil, true) + helpers.stop_kong() end) before_each(function() diff --git a/spec/02-integration/04-admin_api/25-max_safe_integer_spec.lua b/spec/02-integration/04-admin_api/25-max_safe_integer_spec.lua index a54ff945225..ec51f1d644a 100644 --- a/spec/02-integration/04-admin_api/25-max_safe_integer_spec.lua +++ b/spec/02-integration/04-admin_api/25-max_safe_integer_spec.lua @@ -25,7 +25,7 @@ for _, strategy in helpers.each_strategy() do end) lazy_teardown(function() - helpers.stop_kong(nil, true) + helpers.stop_kong() end) before_each(function() @@ -63,7 +63,7 @@ for _, strategy in helpers.each_strategy() do end) lazy_teardown(function() - helpers.stop_kong(nil, true) + helpers.stop_kong() end) before_each(function() diff --git a/spec/02-integration/05-proxy/04-plugins_triggering_spec.lua b/spec/02-integration/05-proxy/04-plugins_triggering_spec.lua index 81e54483425..5f729b22194 100644 --- a/spec/02-integration/05-proxy/04-plugins_triggering_spec.lua +++ b/spec/02-integration/05-proxy/04-plugins_triggering_spec.lua @@ -232,7 +232,7 @@ for _, strategy in helpers.each_strategy() do lazy_teardown(function() if proxy_client then proxy_client:close() end - helpers.stop_kong(nil, true) + helpers.stop_kong() end) it("checks global configuration without credentials", function() @@ -744,7 +744,7 @@ for _, strategy in helpers.each_strategy() do lazy_teardown(function() helpers.stop_kong("servroot2") - helpers.stop_kong(nil, true) + helpers.stop_kong() end) @@ -1277,7 +1277,7 @@ for _, strategy in helpers.each_strategy() do end) lazy_teardown(function() - helpers.stop_kong(nil, true) + helpers.stop_kong() end) it("certificate phase clears context, fix #7054", function() diff --git a/spec/02-integration/05-proxy/09-websockets_spec.lua b/spec/02-integration/05-proxy/09-websockets_spec.lua index b88b6b788f5..a70d8a4c585 100644 --- a/spec/02-integration/05-proxy/09-websockets_spec.lua +++ b/spec/02-integration/05-proxy/09-websockets_spec.lua @@ -42,7 +42,7 @@ for _, strategy in helpers.each_strategy() do end) lazy_teardown(function() - helpers.stop_kong(nil, true) + helpers.stop_kong() end) local function open_socket(uri) diff --git a/spec/02-integration/05-proxy/11-handler_spec.lua b/spec/02-integration/05-proxy/11-handler_spec.lua index fbd048b2a5b..ec374a65804 100644 --- a/spec/02-integration/05-proxy/11-handler_spec.lua +++ b/spec/02-integration/05-proxy/11-handler_spec.lua @@ -43,7 +43,7 @@ for _, strategy in helpers.each_strategy() do lazy_teardown(function() if admin_client then admin_client:close() end - helpers.stop_kong(nil, true) + helpers.stop_kong() end) it("runs", function() @@ -101,7 +101,7 @@ for _, strategy in helpers.each_strategy() do lazy_teardown(function() if admin_client then admin_client:close() end - helpers.stop_kong(nil, true) + helpers.stop_kong() end) it("doesn't run", function() @@ -175,7 +175,7 @@ for _, strategy in helpers.each_strategy() do lazy_teardown(function() if admin_client then admin_client:close() end - helpers.stop_kong(nil, true) + helpers.stop_kong() end) it("doesn't run", function() diff --git a/spec/02-integration/05-proxy/13-error_handlers_spec.lua b/spec/02-integration/05-proxy/13-error_handlers_spec.lua index a755d515bed..e56c8bc22d0 100644 --- a/spec/02-integration/05-proxy/13-error_handlers_spec.lua +++ b/spec/02-integration/05-proxy/13-error_handlers_spec.lua @@ -12,7 +12,7 @@ describe("Proxy error handlers", function() end) lazy_teardown(function() - helpers.stop_kong(nil, true) + helpers.stop_kong() end) before_each(function() diff --git a/spec/02-integration/05-proxy/25-upstream_keepalive_spec.lua b/spec/02-integration/05-proxy/25-upstream_keepalive_spec.lua index 91ee0e436df..c9421795755 100644 --- a/spec/02-integration/05-proxy/25-upstream_keepalive_spec.lua +++ b/spec/02-integration/05-proxy/25-upstream_keepalive_spec.lua @@ -125,7 +125,7 @@ describe("#postgres upstream keepalive", function() proxy_client:close() end - helpers.stop_kong(nil, true) + helpers.stop_kong() end) diff --git a/spec/02-integration/06-invalidations/02-core_entities_invalidations_spec.lua b/spec/02-integration/06-invalidations/02-core_entities_invalidations_spec.lua index 5a895803bd8..d9946e39b04 100644 --- a/spec/02-integration/06-invalidations/02-core_entities_invalidations_spec.lua +++ b/spec/02-integration/06-invalidations/02-core_entities_invalidations_spec.lua @@ -82,8 +82,8 @@ for _, strategy in helpers.each_strategy() do end) lazy_teardown(function() - helpers.stop_kong("servroot1", true) - helpers.stop_kong("servroot2", true) + helpers.stop_kong("servroot1") + helpers.stop_kong("servroot2") end) before_each(function() @@ -1196,8 +1196,8 @@ for _, strategy in helpers.each_strategy() do end) lazy_teardown(function() - helpers.stop_kong("servroot1", true) - helpers.stop_kong("servroot2", true) + helpers.stop_kong("servroot1") + helpers.stop_kong("servroot2") end) before_each(function() @@ -1337,8 +1337,8 @@ for _, strategy in helpers.each_strategy() do end) lazy_teardown(function() - helpers.stop_kong("servroot1", true) - helpers.stop_kong("servroot2", true) + helpers.stop_kong("servroot1") + helpers.stop_kong("servroot2") end) before_each(function() diff --git a/spec/02-integration/11-dbless/01-respawn_spec.lua b/spec/02-integration/11-dbless/01-respawn_spec.lua index 5f263067bd7..3536ebcfdc2 100644 --- a/spec/02-integration/11-dbless/01-respawn_spec.lua +++ b/spec/02-integration/11-dbless/01-respawn_spec.lua @@ -57,7 +57,7 @@ describe("worker respawn", function() end) lazy_teardown(function() - helpers.stop_kong(nil, true) + helpers.stop_kong() end) before_each(function() diff --git a/spec/02-integration/11-dbless/02-workers_spec.lua b/spec/02-integration/11-dbless/02-workers_spec.lua index 242294d616f..fd7a002cfa5 100644 --- a/spec/02-integration/11-dbless/02-workers_spec.lua +++ b/spec/02-integration/11-dbless/02-workers_spec.lua @@ -29,7 +29,7 @@ describe("Workers initialization #off", function() lazy_teardown(function() admin_client:close() proxy_client:close() - helpers.stop_kong(nil, true) + helpers.stop_kong() end) it("restarts worker correctly without issues on the init_worker phase when config includes 1000+ plugins", function() diff --git a/spec/02-integration/11-dbless/03-config_persistence_spec.lua b/spec/02-integration/11-dbless/03-config_persistence_spec.lua index e4c51f4025b..f49d4958986 100644 --- a/spec/02-integration/11-dbless/03-config_persistence_spec.lua +++ b/spec/02-integration/11-dbless/03-config_persistence_spec.lua @@ -21,7 +21,7 @@ describe("dbless persistence #off", function() end) lazy_teardown(function() - helpers.stop_kong(nil, true) + helpers.stop_kong() end) it("loads the lmdb config on restarts", function() @@ -113,7 +113,7 @@ describe("dbless persistence with a declarative config #off", function() end) after_each(function() - helpers.stop_kong(nil, true) + helpers.stop_kong() end) lazy_teardown(function() os.remove(yaml_file) diff --git a/spec/02-integration/13-vaults/05-ttl_spec.lua b/spec/02-integration/13-vaults/05-ttl_spec.lua index e6f65fd5646..f3eaf983499 100644 --- a/spec/02-integration/13-vaults/05-ttl_spec.lua +++ b/spec/02-integration/13-vaults/05-ttl_spec.lua @@ -183,7 +183,7 @@ describe("vault ttl and rotation (#" .. strategy .. ") #" .. vault.name, functio client:close() end - helpers.stop_kong(nil, true) + helpers.stop_kong() vault:teardown() helpers.unsetenv("KONG_LUA_PATH_OVERRIDE") diff --git a/spec/02-integration/13-vaults/07-resurrect_spec.lua b/spec/02-integration/13-vaults/07-resurrect_spec.lua index d91bbcabd86..38b42e227ba 100644 --- a/spec/02-integration/13-vaults/07-resurrect_spec.lua +++ b/spec/02-integration/13-vaults/07-resurrect_spec.lua @@ -188,7 +188,7 @@ describe("vault resurrect_ttl and rotation (#" .. strategy .. ") #" .. vault.nam client:close() end - helpers.stop_kong(nil, true) + helpers.stop_kong() vault:teardown() helpers.unsetenv("KONG_LUA_PATH_OVERRIDE") diff --git a/spec/03-plugins/01-legacy_queue_parameter_warning_spec.lua b/spec/03-plugins/01-legacy_queue_parameter_warning_spec.lua index 440ea7637d3..8390383533d 100644 --- a/spec/03-plugins/01-legacy_queue_parameter_warning_spec.lua +++ b/spec/03-plugins/01-legacy_queue_parameter_warning_spec.lua @@ -32,7 +32,7 @@ for _, strategy in helpers.each_strategy() do if admin_client then admin_client:close() end - helpers.stop_kong(nil, true) + helpers.stop_kong() end) before_each(function() diff --git a/spec/03-plugins/16-jwt/01-jwt_parser_spec.lua b/spec/03-plugins/16-jwt/01-jwt_parser_spec.lua index 5ef5af77d51..b53633dc023 100644 --- a/spec/03-plugins/16-jwt/01-jwt_parser_spec.lua +++ b/spec/03-plugins/16-jwt/01-jwt_parser_spec.lua @@ -94,6 +94,78 @@ describe("Plugin: jwt (parser)", function() local jwt = assert(jwt_parser:new(token)) assert.True(jwt:verify_signature(fixtures.es384_public_key)) end) + + it("should encode using ES512", function() + local token = jwt_parser.encode({ + sub = "5656565656", + name = "Jane Doe", + admin = true + }, fixtures.es512_private_key, 'ES512') + + assert.truthy(token) + local jwt = assert(jwt_parser:new(token)) + assert.True(jwt:verify_signature(fixtures.es512_public_key)) + end) + it("should encode using PS256", function() + local token = jwt_parser.encode({ + sub = "5656565656", + name = "Jane Doe", + admin = true + }, fixtures.ps256_private_key, 'PS256') + + assert.truthy(token) + local jwt = assert(jwt_parser:new(token)) + assert.True(jwt:verify_signature(fixtures.ps256_public_key)) + end) + + it("should encode using PS384", function() + local token = jwt_parser.encode({ + sub = "5656565656", + name = "Jane Doe", + admin = true + }, fixtures.ps384_private_key, 'PS384') + + assert.truthy(token) + local jwt = assert(jwt_parser:new(token)) + assert.True(jwt:verify_signature(fixtures.ps384_public_key)) + end) + + it("should encode using PS512", function() + local token = jwt_parser.encode({ + sub = "5656565656", + name = "Jane Doe", + admin = true + }, fixtures.ps512_private_key, 'PS512') + + assert.truthy(token) + local jwt = assert(jwt_parser:new(token)) + assert.True(jwt:verify_signature(fixtures.ps512_public_key)) + end) + + it("should encode using EdDSA with Ed25519 key", function() + local token = jwt_parser.encode({ + sub = "5656565656", + name = "Jane Doe", + admin = true + }, fixtures.ed25519_private_key, 'EdDSA') + + assert.truthy(token) + local jwt = assert(jwt_parser:new(token)) + assert.True(jwt:verify_signature(fixtures.ed25519_public_key)) + end) + + it("should encode using EdDSA with Ed448 key", function() + local token = jwt_parser.encode({ + sub = "5656565656", + name = "Jane Doe", + admin = true + }, fixtures.ed448_private_key, 'EdDSA') + + assert.truthy(token) + local jwt = assert(jwt_parser:new(token)) + assert.True(jwt:verify_signature(fixtures.ed448_public_key)) + end) + end) describe("Decoding", function() it("throws an error if not given a string", function() @@ -181,6 +253,38 @@ describe("Plugin: jwt (parser)", function() assert.False(jwt:verify_signature(fixtures.rs256_public_key)) end end) + it("using ES512", function() + for _ = 1, 500 do + local token = jwt_parser.encode({sub = "foo"}, fixtures.es512_private_key, 'ES512') + local jwt = assert(jwt_parser:new(token)) + assert.True(jwt:verify_signature(fixtures.es512_public_key)) + assert.False(jwt:verify_signature(fixtures.rs256_public_key)) + end + end) + it("using PS256", function() + for _ = 1, 500 do + local token = jwt_parser.encode({sub = "foo"}, fixtures.ps256_private_key, 'PS256') + local jwt = assert(jwt_parser:new(token)) + assert.True(jwt:verify_signature(fixtures.ps256_public_key)) + assert.False(jwt:verify_signature(fixtures.es256_public_key)) + end + end) + it("using PS384", function() + for _ = 1, 500 do + local token = jwt_parser.encode({sub = "foo"}, fixtures.ps384_private_key, 'PS384') + local jwt = assert(jwt_parser:new(token)) + assert.True(jwt:verify_signature(fixtures.ps384_public_key)) + assert.False(jwt:verify_signature(fixtures.es256_public_key)) + end + end) + it("using PS512", function() + for _ = 1, 500 do + local token = jwt_parser.encode({sub = "foo"}, fixtures.ps512_private_key, 'PS512') + local jwt = assert(jwt_parser:new(token)) + assert.True(jwt:verify_signature(fixtures.ps512_public_key)) + assert.False(jwt:verify_signature(fixtures.es256_public_key)) + end + end) end) describe("verify registered claims", function() it("requires claims passed as arguments", function() diff --git a/spec/03-plugins/16-jwt/03-access_spec.lua b/spec/03-plugins/16-jwt/03-access_spec.lua index e4b2682ac53..d091fb8e478 100644 --- a/spec/03-plugins/16-jwt/03-access_spec.lua +++ b/spec/03-plugins/16-jwt/03-access_spec.lua @@ -22,6 +22,12 @@ for _, strategy in helpers.each_strategy() do local rsa_jwt_secret_3 local rsa_jwt_secret_4 local rsa_jwt_secret_5 + local rsa_jwt_secret_6 + local rsa_jwt_secret_7 + local rsa_jwt_secret_8 + local rsa_jwt_secret_9 + local rsa_jwt_secret_10 + local rsa_jwt_secret_11 local hs_jwt_secret_1 local hs_jwt_secret_2 local proxy_client @@ -66,6 +72,12 @@ for _, strategy in helpers.each_strategy() do local consumer8 = consumers:insert({ username = "jwt_tests_hs_consumer_8" }) local consumer9 = consumers:insert({ username = "jwt_tests_rsa_consumer_9" }) local consumer10 = consumers:insert({ username = "jwt_tests_rsa_consumer_10"}) + local consumer11 = consumers:insert({ username = "jwt_tests_rsa_consumer_11"}) + local consumer12 = consumers:insert({ username = "jwt_tests_rsa_consumer_12"}) + local consumer13 = consumers:insert({ username = "jwt_tests_rsa_consumer_13"}) + local consumer14 = consumers:insert({ username = "jwt_tests_rsa_consumer_14"}) + local consumer15 = consumers:insert({ username = "jwt_tests_rsa_consumer_15"}) + local consumer16 = consumers:insert({ username = "jwt_tests_rsa_consumer_16"}) local anonymous_user = consumers:insert({ username = "no-body" }) local plugins = bp.plugins @@ -168,8 +180,6 @@ for _, strategy in helpers.each_strategy() do ctx_check_field = "authenticated_jwt_token" }, }) - - jwt_secret = bp.jwt_secrets:insert { consumer = { id = consumer1.id } } jwt_secret_2 = bp.jwt_secrets:insert { consumer = { id = consumer6.id } } base64_jwt_secret = bp.jwt_secrets:insert { consumer = { id = consumer2.id } } @@ -204,6 +214,42 @@ for _, strategy in helpers.each_strategy() do rsa_public_key = fixtures.es384_public_key } + rsa_jwt_secret_6 = bp.jwt_secrets:insert { + consumer = { id = consumer11.id }, + algorithm = "ES512", + rsa_public_key = fixtures.es512_public_key + } + + rsa_jwt_secret_7 = bp.jwt_secrets:insert { + consumer = { id = consumer12.id }, + algorithm = "PS256", + rsa_public_key = fixtures.ps256_public_key + } + + rsa_jwt_secret_8 = bp.jwt_secrets:insert { + consumer = { id = consumer13.id }, + algorithm = "PS384", + rsa_public_key = fixtures.ps384_public_key + } + + rsa_jwt_secret_9 = bp.jwt_secrets:insert { + consumer = { id = consumer14.id }, + algorithm = "PS512", + rsa_public_key = fixtures.ps512_public_key + } + + rsa_jwt_secret_10 = bp.jwt_secrets:insert { + consumer = { id = consumer15.id }, + algorithm = "EdDSA", + rsa_public_key = fixtures.ed25519_public_key + } + + rsa_jwt_secret_11 = bp.jwt_secrets:insert { + consumer = { id = consumer16.id }, + algorithm = "EdDSA", + rsa_public_key = fixtures.ed448_public_key + } + hs_jwt_secret_1 = bp.jwt_secrets:insert { consumer = { id = consumer7.id }, algorithm = "HS384", @@ -750,6 +796,44 @@ for _, strategy in helpers.each_strategy() do end) end) + describe("ES512", function() + it("verifies JWT", function() + PAYLOAD.iss = rsa_jwt_secret_6.key + local jwt = jwt_encoder.encode(PAYLOAD, fixtures.es512_private_key, "ES512") + local authorization = "Bearer " .. jwt + local res = assert(proxy_client:send { + method = "GET", + path = "/request", + headers = { + ["Authorization"] = authorization, + ["Host"] = "jwt1.test", + } + }) + local body = cjson.decode(assert.res_status(200, res)) + assert.equal(authorization, body.headers.authorization) + assert.equal("jwt_tests_rsa_consumer_11", body.headers["x-consumer-username"]) + assert.equal(rsa_jwt_secret_6.key, body.headers["x-credential-identifier"]) + assert.equal(nil, body.headers["x-credential-username"]) + end) + it("identifies Consumer", function() + PAYLOAD.iss = rsa_jwt_secret_6.key + local jwt = jwt_encoder.encode(PAYLOAD, fixtures.es512_private_key, "ES512") + local authorization = "Bearer " .. jwt + local res = assert(proxy_client:send { + method = "GET", + path = "/request", + headers = { + ["Authorization"] = authorization, + ["Host"] = "jwt1.test", + } + }) + local body = cjson.decode(assert.res_status(200, res)) + assert.equal(authorization, body.headers.authorization) + assert.equal("jwt_tests_rsa_consumer_11", body.headers["x-consumer-username"]) + assert.equal(rsa_jwt_secret_6.key, body.headers["x-credential-identifier"]) + assert.equal(nil, body.headers["x-credential-username"]) + end) + end) describe("ES384", function() it("verifies JWT", function() @@ -788,6 +872,177 @@ for _, strategy in helpers.each_strategy() do end) end) + describe("PS256", function() + it("verifies JWT", function() + PAYLOAD.iss = rsa_jwt_secret_7.key + local jwt = jwt_encoder.encode(PAYLOAD, fixtures.ps256_private_key, "PS256") + local authorization = "Bearer " .. jwt + local res = assert(proxy_client:send { + method = "GET", + path = "/request", + headers = { + ["Authorization"] = authorization, + ["Host"] = "jwt1.test", + } + }) + local body = cjson.decode(assert.res_status(200, res)) + assert.equal(authorization, body.headers.authorization) + assert.equal("jwt_tests_rsa_consumer_12", body.headers["x-consumer-username"]) + assert.equal(rsa_jwt_secret_7.key, body.headers["x-credential-identifier"]) + assert.equal(nil, body.headers["x-credential-username"]) + end) + it("identifies Consumer", function() + PAYLOAD.iss = rsa_jwt_secret_7.key + local jwt = jwt_encoder.encode(PAYLOAD, fixtures.ps256_private_key, "PS256") + local authorization = "Bearer " .. jwt + local res = assert(proxy_client:send { + method = "GET", + path = "/request", + headers = { + ["Authorization"] = authorization, + ["Host"] = "jwt1.test", + } + }) + local body = cjson.decode(assert.res_status(200, res)) + assert.equal(authorization, body.headers.authorization) + assert.equal("jwt_tests_rsa_consumer_12", body.headers["x-consumer-username"]) + assert.equal(rsa_jwt_secret_7.key, body.headers["x-credential-identifier"]) + assert.equal(nil, body.headers["x-credential-username"]) + end) + end) + + describe("PS384", function() + it("verifies JWT", function() + PAYLOAD.iss = rsa_jwt_secret_8.key + local jwt = jwt_encoder.encode(PAYLOAD, fixtures.ps384_private_key, "PS384") + local authorization = "Bearer " .. jwt + local res = assert(proxy_client:send { + method = "GET", + path = "/request", + headers = { + ["Authorization"] = authorization, + ["Host"] = "jwt1.test", + } + }) + local body = cjson.decode(assert.res_status(200, res)) + assert.equal(authorization, body.headers.authorization) + assert.equal("jwt_tests_rsa_consumer_13", body.headers["x-consumer-username"]) + assert.equal(rsa_jwt_secret_8.key, body.headers["x-credential-identifier"]) + assert.equal(nil, body.headers["x-credential-username"]) + end) + it("identifies Consumer", function() + PAYLOAD.iss = rsa_jwt_secret_8.key + local jwt = jwt_encoder.encode(PAYLOAD, fixtures.ps384_private_key, "PS384") + local authorization = "Bearer " .. jwt + local res = assert(proxy_client:send { + method = "GET", + path = "/request", + headers = { + ["Authorization"] = authorization, + ["Host"] = "jwt1.test", + } + }) + local body = cjson.decode(assert.res_status(200, res)) + assert.equal(authorization, body.headers.authorization) + assert.equal("jwt_tests_rsa_consumer_13", body.headers["x-consumer-username"]) + assert.equal(rsa_jwt_secret_8.key, body.headers["x-credential-identifier"]) + assert.equal(nil, body.headers["x-credential-username"]) + end) + end) + + describe("PS512", function() + it("verifies JWT", function() + PAYLOAD.iss = rsa_jwt_secret_9.key + local jwt = jwt_encoder.encode(PAYLOAD, fixtures.ps512_private_key, "PS512") + local authorization = "Bearer " .. jwt + local res = assert(proxy_client:send { + method = "GET", + path = "/request", + headers = { + ["Authorization"] = authorization, + ["Host"] = "jwt1.test", + } + }) + local body = cjson.decode(assert.res_status(200, res)) + assert.equal(authorization, body.headers.authorization) + assert.equal("jwt_tests_rsa_consumer_14", body.headers["x-consumer-username"]) + assert.equal(rsa_jwt_secret_9.key, body.headers["x-credential-identifier"]) + assert.equal(nil, body.headers["x-credential-username"]) + end) + it("identifies Consumer", function() + PAYLOAD.iss = rsa_jwt_secret_9.key + local jwt = jwt_encoder.encode(PAYLOAD, fixtures.ps512_private_key, "PS512") + local authorization = "Bearer " .. jwt + local res = assert(proxy_client:send { + method = "GET", + path = "/request", + headers = { + ["Authorization"] = authorization, + ["Host"] = "jwt1.test", + } + }) + local body = cjson.decode(assert.res_status(200, res)) + assert.equal(authorization, body.headers.authorization) + assert.equal("jwt_tests_rsa_consumer_14", body.headers["x-consumer-username"]) + assert.equal(rsa_jwt_secret_9.key, body.headers["x-credential-identifier"]) + assert.equal(nil, body.headers["x-credential-username"]) + end) + end) + + describe("EdDSA", function() + it("verifies JWT with Ed25519 key", function() + PAYLOAD.iss = rsa_jwt_secret_10.key + local jwt = jwt_encoder.encode(PAYLOAD, fixtures.ed25519_private_key, "EdDSA") + local authorization = "Bearer " .. jwt + local res = assert(proxy_client:send { + method = "GET", + path = "/request", + headers = { + ["Authorization"] = authorization, + ["Host"] = "jwt1.test", + } + }) + local body = cjson.decode(assert.res_status(200, res)) + assert.equal(authorization, body.headers.authorization) + assert.equal(rsa_jwt_secret_10.key, body.headers["x-credential-identifier"]) + assert.equal(nil, body.headers["x-credential-username"]) + end) + it("verifies JWT with Ed448 key", function() + PAYLOAD.iss = rsa_jwt_secret_11.key + local jwt = jwt_encoder.encode(PAYLOAD, fixtures.ed448_private_key, "EdDSA") + local authorization = "Bearer " .. jwt + local res = assert(proxy_client:send { + method = "GET", + path = "/request", + headers = { + ["Authorization"] = authorization, + ["Host"] = "jwt1.test", + } + }) + local body = cjson.decode(assert.res_status(200, res)) + assert.equal(authorization, body.headers.authorization) + assert.equal(rsa_jwt_secret_11.key, body.headers["x-credential-identifier"]) + assert.equal(nil, body.headers["x-credential-username"]) + end) + it("identifies Consumer", function() + PAYLOAD.iss = rsa_jwt_secret_10.key + local jwt = jwt_encoder.encode(PAYLOAD, fixtures.ed25519_private_key, "EdDSA") + local authorization = "Bearer " .. jwt + local res = assert(proxy_client:send { + method = "GET", + path = "/request", + headers = { + ["Authorization"] = authorization, + ["Host"] = "jwt1.test", + } + }) + local body = cjson.decode(assert.res_status(200, res)) + assert.equal(authorization, body.headers.authorization) + assert.equal("jwt_tests_rsa_consumer_15", body.headers["x-consumer-username"]) + assert.equal(nil, body.headers["x-credential-username"]) + end) + end) + describe("HS386", function() it("proxies the request with token and consumer headers if it was verified", function() PAYLOAD.iss = hs_jwt_secret_1.key diff --git a/spec/03-plugins/16-jwt/fixtures.lua b/spec/03-plugins/16-jwt/fixtures.lua index 7da17bfff66..58924b4503d 100644 --- a/spec/03-plugins/16-jwt/fixtures.lua +++ b/spec/03-plugins/16-jwt/fixtures.lua @@ -150,6 +150,165 @@ MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAErFpnvWb5O3A/2DkYVCbgfNP0LZtr+R0L RAtNBSs2RN0KT9ppGITPRe2uAGj58ebs -----END PUBLIC KEY----- ]], +es512_private_key = [[ +-----BEGIN EC PRIVATE KEY----- +MIHcAgEBBEIAWT73PVm/Ry1jd3pM2VFD9neWfLhs1PBYU8UmCrj2mMUXwk8FQy+X +QVdIdwjpYnDgrxEdBbiuSDWxQq3LbNnnJzagBwYFK4EEACOhgYkDgYYABAGzP5K5 +cY2xWPv0KMDNKoxRmX/TJVFH9VHoLBmj9H6/gDLtYQ/plQVuDLX/QPeXug4CgsPX +28p7G0/JOQoKeP423ABYSBOf5RZoV3OE3miHh2fd0nf7T5khZEhkHj6twR2swADe +U2RCz4If+3hk3cKhAr01B2XYRgI3FFx8hV4wParxLQ== +-----END EC PRIVATE KEY----- +]], +es512_public_key = [[ +-----BEGIN PUBLIC KEY----- +MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBsz+SuXGNsVj79CjAzSqMUZl/0yVR +R/VR6CwZo/R+v4Ay7WEP6ZUFbgy1/0D3l7oOAoLD19vKextPyTkKCnj+NtwAWEgT +n+UWaFdzhN5oh4dn3dJ3+0+ZIWRIZB4+rcEdrMAA3lNkQs+CH/t4ZN3CoQK9NQdl +2EYCNxRcfIVeMD2q8S0= +-----END PUBLIC KEY----- +]], +ps256_private_key = [[ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAtbY9gPRzIvw+XRr3dyzXTqhbhk5XoVm+JBL75ZqaMAvk8lcK +vOhkU9g+m13L5f0zS2IUKWn3mRCBwFYjb25myVW3qy028x3M2w605qP6cXhJR/et +NlhBtFWqSPCaZFKSxjBADZvKoGDraRrO1su5jQLtfZVv4Ave6ozeN6o5rGNUhE1b +n5DvD1r4jtKc9FmXkcQxx2qln+K3z3xC6f25MUoU1sRTLsDXzPDYqCTgiIHURW7b +G3gwRaaf7IWfsLTf13IBSJc2/gW3eQka4/FepHBV14DbTVefV4rUt3vin/IxKeRe +zaPA+alyPvUaqcDfbe1DLx2hTZasgKyOBDxHuQIDAQABAoIBABT6ccoPHrJDrRb+ +Z6K7e212MB/WsFT9SX98bhatRT8GBoPoYuHZkgigguTYvLMkCt2ZeIKp/FbwYgxw +nWVuWWFF2z8gyJLjhjyli2LDvGSIeqxbdqS7JnXBfJfwaCCsLEwDcsenbGqc2dy/ +5rCDY1v5Yi3xGFIFSNJrGjYSudcSC6G2doVsX1pJj5QU7hHbkUo+YvWiBTY0k0rx +O+62fT7H/xi7fHoxnr4lVPiieaQUTg13gck2po90+CJDtXCms8tRCmCYwn9Jefyf +mYz2Jm6Wxl7ulpVgvUgHca79ViWdah9/wXUeqLNQ7exc1UIOnGHO5qkzypc/MruB +RVmBDeECgYEA/4RIuAF61SbLtn0Z8DyxNh7J+5nXUOkhKm28OsYLXMJZjyciahUr +uKpFjAhLl8iNYp6MfGKTUW5XTKuzmxlZ1/luD50nrEXV3A0oJaMWBX7sSypLNn0D +2mha/ATewz3Bg1Z6Nh3eWBM6y4EiMKhhUfBlR8OsU5o//ECISw6/5qECgYEAtg44 +rY1MnwkOjMsT6xqLXcnkwfD+nUUKHrg126hZnCxyDzr5l1Td2ztzZUqQr6Cp3OU+ +kgI4jENXALAWg6V/f47Y2CYxZ6gHAkx2113SPvim6g6O+v0N/elwpE1cnaC9ldo4 +OWFEBbNvKdeitBwh+q/qJaJD8SXUrq3GhKHBghkCgYEA0xD64MSYKqq5bC061+/K +kuIsBuG1suhgtSOgcQxXJnCEenPhQa/rRcehW2MezmqkH+rIMZdcCdAT3QmYe24d +gQJRoCQ5OV0Wo4daunxVHIUTu6NcLc5m+GtrfPKo8K56w3sTyNAzcp2v25r4Gyl7 ++quRfg5ss0KfyEemThoI+wECgYBF3I05ZDib6sDPnHpnRMdoVTpYhh9ewIiSo0Pf +p+nDOXcHiy0OOn3sTBMLMqL1EmU8pCfvpbSHdqvjUq9BE3gqvelOgNGCooMWCbut +B47PpWF//dg2TndZEYStOBarUmyOHbBnrICK44FsABiqnwUXCvyCNpN17XuBEKRW +bzAvuQKBgQCDYL6jXe3wGrAl6NxPEWTRI5gIe5GKnqDCv97HN7iYlZgjl0DtXV82 +9CR6PLl1Ev9I8GszKPo17rk1Hwy84rzo9ndlP0K7JiVLmf2cDmi/cUmUHq8uS6P4 +8NWyW582YletSfoI78YCVB0nvkRSzR+KfcLyUIdRxHSU639sYQMs5Q== +-----END RSA PRIVATE KEY----- +]], +ps256_public_key = [[ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtbY9gPRzIvw+XRr3dyzX +Tqhbhk5XoVm+JBL75ZqaMAvk8lcKvOhkU9g+m13L5f0zS2IUKWn3mRCBwFYjb25m +yVW3qy028x3M2w605qP6cXhJR/etNlhBtFWqSPCaZFKSxjBADZvKoGDraRrO1su5 +jQLtfZVv4Ave6ozeN6o5rGNUhE1bn5DvD1r4jtKc9FmXkcQxx2qln+K3z3xC6f25 +MUoU1sRTLsDXzPDYqCTgiIHURW7bG3gwRaaf7IWfsLTf13IBSJc2/gW3eQka4/Fe +pHBV14DbTVefV4rUt3vin/IxKeRezaPA+alyPvUaqcDfbe1DLx2hTZasgKyOBDxH +uQIDAQAB +-----END PUBLIC KEY----- +]], +ps384_private_key = [[ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA1qz02EfyPx96zSG4W67waC5wFcJUb9tO7PZmxEGHjQj20Mlw +4sbwJYMy/o1PZzz6gktCPkpCqNc2to1jtvjKx9H5IWtHlu8c503vCFAsaV2l5fvm +yc/qCQLIVoGt/c9TG/SyPTdgJxUM4Vs8OlWI3jxPbINsZDqUKyxH4jsWgSTPwKli +YXpwyovqEvSKhJ+qeJ4Y8o8k0T1ieYg9tWlgDGxQceGGCyyD/jfiZHe4H0FQJXpA +EAyvRInaFRyWs1QtAoTZl4/QJtLITQubT5jIv9atfAzQovE9bSgT0ZCPt3Usd9qF +ueNqY5bM++tC5V37i3EO+5NpjeB7u2qLRatmZwIDAQABAoIBABZ0xjH/qKwIt3hQ +0C+rB5PmU6w7BUkkKEfqaIqcDjlnGCZ0A/587+8En+d30bgLbWsGw1mvu/Rceuky +th0UPmYTpVtlFPqJbb0Wbmwwssyc0rdRl+1BdgpWQ62k6BX2Q4vXl3OG4OSFs7C5 +Mf4qJ2ST63z+7G45oHk5qxVTuAFvLqeyiKpaqEESpg8+5GcCTNznMwAsk+vPT7E6 +j62nw9aA8+nMWI3KDgNCvle6abrX8UlEQSXOJFH4XIqrTKiXXN8XqnTh84yNbHY0 +P66DI0QAUZ41Wf+O3A3f+16C3Ikbrvkp9yHXXJeex+sLbaEQWKfC6xESOjSBPyZy +EQQWQh0CgYEA/Z+X5T220E6mxV83C/PAF1VO7UbGwivy8N+uDhs6XezihF5ju/b9 +sQEwSflOuNFudTbc+y80xX8VEGWIjsUFDytPLf0Jk4Lij0FD5Zq4ywfaGIlahnvd +7jGKW1DMGTy4+HuriNFjOSnABvdLPjejo5qU6Dvst0HtljIe+KT6kVUCgYEA2K/u +zY98Dm4B5Fi9Jx0t7HP8JMR2i9HZofUumgUKacG0dr1aCic0agt4uE9ZacHbvOHl +1AvenIZNujTSSXh+TMgVqomcm4IgPpYpqbD19OaWL1Hrnvqf77PbXRunk6nfIjwK +h+J9JsCJjFl0LATd9boFJBQ9Nn+TiY4asXKxiMsCgYEAiigJokK/9zEg/5sibUxW +c19xIyfO1a8DI9t1ARIr9UY5DkosohOllmpDV8iK7XqIZSmBrwLECGF1o/zrKnqA +iwbYlwCj2ssNh2PSDJz/1PluALexrFiFSF+MMroMtCKz0AfuJRWKq3TmueS0BCxi +45gtTWR3SkyLk6mx3VhhdhECgYEAwoqZ1NYoo+/iJPgCwtYwv+SWERCN+hQq13yA +HWm/Ipn1gtGXwBvYtAielqMu/IM+3ELYC9uoPlFaAX6g+bODeT3+LcEk6H0Yo/g/ +aYlmGTzYw51B9NbAtv18SgilGC7gFSVgswUGJb+g/m/lnAu2l4IuUWkWWBKMDGiX +0I7Pk6cCgYEA+it3gpl3unOUg+SOBOZzy7qRMfcmYFL1vLhdWRIij93indNQQA0B +l37q27Iq+pVn5dSywOAS2TrqbTAauuuSUOZMqAprgvxgF66w4iUXN+QnkivSMx8f +SZndqyNIKXem/OuUXrkmf40ZPGSu+JSEWkBISch1aEnhnIkybU5pebA= +-----END RSA PRIVATE KEY----- +]], +ps384_public_key = [[ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1qz02EfyPx96zSG4W67w +aC5wFcJUb9tO7PZmxEGHjQj20Mlw4sbwJYMy/o1PZzz6gktCPkpCqNc2to1jtvjK +x9H5IWtHlu8c503vCFAsaV2l5fvmyc/qCQLIVoGt/c9TG/SyPTdgJxUM4Vs8OlWI +3jxPbINsZDqUKyxH4jsWgSTPwKliYXpwyovqEvSKhJ+qeJ4Y8o8k0T1ieYg9tWlg +DGxQceGGCyyD/jfiZHe4H0FQJXpAEAyvRInaFRyWs1QtAoTZl4/QJtLITQubT5jI +v9atfAzQovE9bSgT0ZCPt3Usd9qFueNqY5bM++tC5V37i3EO+5NpjeB7u2qLRatm +ZwIDAQAB +-----END PUBLIC KEY----- +]], +ps512_private_key = [[ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA4HtLVmfjX69xUhJFpqR0759O4mRcBwbwI0TVROff+rZP5z0v ++B83i40ImDiP+V8XyMHzZsWNoKxtYiyf2RkjmxrEJ2wfqsX+lzNJI2HZr+j1nY2L +Srpt7DrOhnL8XxR+sa5Hl+RZFsbXJ58u6Njn0cF1Yw2gFn1ytAbu1xUyaYlDBPS8 +U1GiqgYC8IKSYEZEZFn6jNfkgOqjlvGZkGlCKFFlITU6dvS0zwNp5HHWD9mTvAL6 +1uf9RyGcwyMSanYAIjM5GT1pYPa7RHPLKJ/pVv1PBULdZ0AMZzzBFW77zIA3kxth +cBLB3C0N8mvPLjgfimyD4dK9j8v7lZoheCKC5QIDAQABAoIBABtf7bgDwz6P7onL +oKLJu1jdXIlPI8nXlsE2S6uzeyTfxq60T306kVN7R2kIvMX0Sro4rK4DuVm2rUAj +oPqgji8D/JeyH8p7iqh1oJ2n+RvylME52ZqrUWxVX4oVy6DspuaUEjb7qcGVTfeO ++fF7QgnaRa5movcbJTm+/rFL7HHiCLZRFePcn5DJH3tzLqpgJaY9UxQgqaumCHEj +nNOKL/O1waZ3ekZsU0SqQX0f1a/6XszHnvf96SQPwux4n5u3XoTsO/1CYxrOkNM2 ++SRZFM21CEFwE3GFqyaY/S4bKjPHaOkL8mB1kxoSX12zRAdspkx6GpJO2jIWRoF8 +fMgQJqECgYEA/H/n8/3DeqJRw8amWG1bvsdURQGhY8BoG0AUuxSjIWPReE6gYZ+2 +PVuDw03XMfKEx1Go8yX2gM781zkANedFRaw3hPR+mbhfHbv8c3+FPUKug0+7+onx +7wJFzAVNHdWKt/WEs2O9ljpNYRP2AT4KCUsnsBE+nIsWYJ0Np3xk0E8CgYEA45f0 +j0luRVOIrLHY08fnMJaFSFUF4oD3xFRtNN521T1FEhnI1+INNhL4Jnri0LWLrS3t +AEWsASWZqDDYaph+C9AY4z8xFvzY2Cih/2brOlchwohqSQ89TvixInMJQa6koKhz +uChEJLmHu7rBmdT+wJ8YhopRnUXIjKDQLwLCGIsCgYBJHD/tRezz9Uv3g+1mbUPD +WbPsxywT1gJO4Z8fDDqv0Fc2no2RtszttzHPuxo0PCR2Eg75WGSnp0dOihKliPFl +2xe4R5Lgr6Ha2jOeva22rzgYjV3AjXCf4+iRyncpzEr+OPjTeG3MsdT15vG0KmJ9 +jmVPda7LZPp1vwPVGw+VwQKBgGKKDSnouiSr+TYEPoPbPl7MHOLnZQffnObVQv8r +/rlusLQYk9vclKm/5s8KT5/bqqENjFqcz88jT3cBxwHICnLk45Gob4GrcduNJC6n +idsVlJlcZOBDB+FkTZVDx1M34TFqHcgzLuXTqk/+mQoYrUAK4hyGULXOW/l/OwPP +pufnAoGBAJtoxuSLyztQZqsrbGwPRYaot/+irOPD9VjUJlevshliABPUIVBO/8HW +vw5Vm6okpSSKB18TliwGNAmYPmHYqOoPHRuwfciDMh5ThyV2KRgiVgHb8Nk53uWY +bE70hIJfbI58PV7xNof6ilZaCqyiDV2TCfKtf6g+gQIgGL/kZcjP +-----END RSA PRIVATE KEY----- +]], +ps512_public_key = [[ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4HtLVmfjX69xUhJFpqR0 +759O4mRcBwbwI0TVROff+rZP5z0v+B83i40ImDiP+V8XyMHzZsWNoKxtYiyf2Rkj +mxrEJ2wfqsX+lzNJI2HZr+j1nY2LSrpt7DrOhnL8XxR+sa5Hl+RZFsbXJ58u6Njn +0cF1Yw2gFn1ytAbu1xUyaYlDBPS8U1GiqgYC8IKSYEZEZFn6jNfkgOqjlvGZkGlC +KFFlITU6dvS0zwNp5HHWD9mTvAL61uf9RyGcwyMSanYAIjM5GT1pYPa7RHPLKJ/p +Vv1PBULdZ0AMZzzBFW77zIA3kxthcBLB3C0N8mvPLjgfimyD4dK9j8v7lZoheCKC +5QIDAQAB +-----END PUBLIC KEY----- +]], +ed448_private_key = [[ +-----BEGIN PRIVATE KEY----- +MEcCAQAwBQYDK2VxBDsEOV3hg//s9c2Ahjrhrf4Wz2u16RyZm7xKj9bTreD7z3Hr +ravo3fvLad9VY0eUjuhfplE7PJ8HVnInaw== +-----END PRIVATE KEY----- +]], +ed448_public_key = [[ +-----BEGIN PUBLIC KEY----- +MEMwBQYDK2VxAzoAeFbeVK5Kv6jnE06XuaQk7aUCV+TjyyB1PI4cHWxCEuWZMHrw ++Q2jl6VsEZ1h792RxRE8E0OBJjmA +-----END PUBLIC KEY----- +]], +ed25519_private_key = [[ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEIPojZUis9iVUYwbo+PMs7CeF294UmQqW417VNgaZ2AZ3 +-----END PRIVATE KEY----- +]], +ed25519_public_key = [[ +-----BEGIN PUBLIC KEY----- +MCowBQYDK2VwAyEAoJ7Hm7fVc7IQh6RqgR9+Dw0pvB0iqEaGXZex6FlwyGk= +-----END PUBLIC KEY----- +]], hs384_secret = u([[ zxhk1H1Y11ax99xO20EGf00FDAOuPb9kEOmOQZMpR1BElx7sWjBIX2okAJiqjulH OZpsjcgbzfCq69apm6f2K28PTvIvS8ni_CG46_huUTBqosCmdEr-kZDvKBLsppfG diff --git a/spec/03-plugins/19-hmac-auth/04-invalidations_spec.lua b/spec/03-plugins/19-hmac-auth/04-invalidations_spec.lua index e235e38e54c..79194afbac2 100644 --- a/spec/03-plugins/19-hmac-auth/04-invalidations_spec.lua +++ b/spec/03-plugins/19-hmac-auth/04-invalidations_spec.lua @@ -58,7 +58,7 @@ for _, strategy in helpers.each_strategy() do admin_client:close() end - helpers.stop_kong(nil, true) + helpers.stop_kong() end) local function hmac_sha1_binary(secret, data) diff --git a/spec/03-plugins/20-ldap-auth/02-invalidations_spec.lua b/spec/03-plugins/20-ldap-auth/02-invalidations_spec.lua index 054db47fed0..551db0978c7 100644 --- a/spec/03-plugins/20-ldap-auth/02-invalidations_spec.lua +++ b/spec/03-plugins/20-ldap-auth/02-invalidations_spec.lua @@ -63,7 +63,7 @@ for _, ldap_strategy in pairs(ldap_strategies) do end) lazy_teardown(function() - helpers.stop_kong(nil, true) + helpers.stop_kong() end) local function cache_key(conf, username, password) diff --git a/spec/03-plugins/23-rate-limiting/03-api_spec.lua b/spec/03-plugins/23-rate-limiting/03-api_spec.lua index 1e862bdc3a7..a6a3f83ca05 100644 --- a/spec/03-plugins/23-rate-limiting/03-api_spec.lua +++ b/spec/03-plugins/23-rate-limiting/03-api_spec.lua @@ -21,7 +21,7 @@ for _, strategy in helpers.each_strategy() do admin_client:close() end - helpers.stop_kong(nil, true) + helpers.stop_kong() end) describe("POST", function() diff --git a/spec/03-plugins/24-response-rate-limiting/04-access_spec.lua b/spec/03-plugins/24-response-rate-limiting/04-access_spec.lua index c7def76fe69..ed269177ead 100644 --- a/spec/03-plugins/24-response-rate-limiting/04-access_spec.lua +++ b/spec/03-plugins/24-response-rate-limiting/04-access_spec.lua @@ -375,7 +375,7 @@ for _, strategy in helpers.each_strategy() do end) lazy_teardown(function() - helpers.stop_kong(nil, true) + helpers.stop_kong() end) describe("Without authentication (IP address)", function() @@ -619,7 +619,7 @@ for _, strategy in helpers.each_strategy() do end) lazy_teardown(function() - helpers.stop_kong(nil, true) + helpers.stop_kong() end) it("expires a counter", function() @@ -696,7 +696,7 @@ for _, strategy in helpers.each_strategy() do end) lazy_teardown(function() - helpers.stop_kong(nil, true) + helpers.stop_kong() end) it("blocks when the consumer exceeds their quota, no matter what service/route used", function() @@ -739,7 +739,7 @@ for _, strategy in helpers.each_strategy() do end) lazy_teardown(function() - helpers.stop_kong(nil, true) + helpers.stop_kong() end) before_each(function() @@ -828,7 +828,7 @@ for _, strategy in helpers.each_strategy() do end) after_each(function() - helpers.stop_kong(nil, true) + helpers.stop_kong() end) it("does not work if an error occurs", function() @@ -930,7 +930,7 @@ for _, strategy in helpers.each_strategy() do end) after_each(function() - helpers.stop_kong(nil, true) + helpers.stop_kong() end) it("does not work if an error occurs", function() diff --git a/spec/03-plugins/29-acme/05-redis_storage_spec.lua b/spec/03-plugins/29-acme/05-redis_storage_spec.lua index 3298dcbaf01..d383c0c66c7 100644 --- a/spec/03-plugins/29-acme/05-redis_storage_spec.lua +++ b/spec/03-plugins/29-acme/05-redis_storage_spec.lua @@ -252,7 +252,7 @@ describe("Plugin: acme (storage.redis)", function() end) lazy_teardown(function() - helpers.stop_kong(nil, true) + helpers.stop_kong() end) before_each(function() diff --git a/spec/03-plugins/31-proxy-cache/02-access_spec.lua b/spec/03-plugins/31-proxy-cache/02-access_spec.lua index aa8b350773d..1dc0c5bb930 100644 --- a/spec/03-plugins/31-proxy-cache/02-access_spec.lua +++ b/spec/03-plugins/31-proxy-cache/02-access_spec.lua @@ -364,7 +364,7 @@ do admin_client:close() end - helpers.stop_kong(nil, true) + helpers.stop_kong() end) it("caches a simple request", function() diff --git a/spec/03-plugins/31-proxy-cache/03-api_spec.lua b/spec/03-plugins/31-proxy-cache/03-api_spec.lua index 81191c8558d..ac5268396fb 100644 --- a/spec/03-plugins/31-proxy-cache/03-api_spec.lua +++ b/spec/03-plugins/31-proxy-cache/03-api_spec.lua @@ -64,7 +64,7 @@ describe("Plugin: proxy-cache", function() end) teardown(function() - helpers.stop_kong(nil, true) + helpers.stop_kong() end) describe("(schema)", function() diff --git a/spec/03-plugins/31-proxy-cache/04-invalidations_spec.lua b/spec/03-plugins/31-proxy-cache/04-invalidations_spec.lua index e21abd9cd4e..b40d8729a00 100644 --- a/spec/03-plugins/31-proxy-cache/04-invalidations_spec.lua +++ b/spec/03-plugins/31-proxy-cache/04-invalidations_spec.lua @@ -98,8 +98,8 @@ describe("proxy-cache invalidations via: " .. strategy, function() end) teardown(function() - helpers.stop_kong("servroot1", true) - helpers.stop_kong("servroot2", true) + helpers.stop_kong("servroot1") + helpers.stop_kong("servroot2") end) before_each(function() diff --git a/spec/03-plugins/38-ai-proxy/02-openai_integration_spec.lua b/spec/03-plugins/38-ai-proxy/02-openai_integration_spec.lua index 409ed8096ab..8919fbe0652 100644 --- a/spec/03-plugins/38-ai-proxy/02-openai_integration_spec.lua +++ b/spec/03-plugins/38-ai-proxy/02-openai_integration_spec.lua @@ -512,7 +512,7 @@ for _, strategy in helpers.all_strategies() do if strategy ~= "cassandra" then end) lazy_teardown(function() - helpers.stop_kong(nil, true) + helpers.stop_kong() end) before_each(function() diff --git a/spec/03-plugins/38-ai-proxy/03-anthropic_integration_spec.lua b/spec/03-plugins/38-ai-proxy/03-anthropic_integration_spec.lua index a9feb38baec..224f0a6b705 100644 --- a/spec/03-plugins/38-ai-proxy/03-anthropic_integration_spec.lua +++ b/spec/03-plugins/38-ai-proxy/03-anthropic_integration_spec.lua @@ -365,7 +365,7 @@ for _, strategy in helpers.all_strategies() do if strategy ~= "cassandra" then end) lazy_teardown(function() - helpers.stop_kong(nil, true) + helpers.stop_kong() end) before_each(function() diff --git a/spec/03-plugins/38-ai-proxy/04-cohere_integration_spec.lua b/spec/03-plugins/38-ai-proxy/04-cohere_integration_spec.lua index 621fbcd786b..33023874373 100644 --- a/spec/03-plugins/38-ai-proxy/04-cohere_integration_spec.lua +++ b/spec/03-plugins/38-ai-proxy/04-cohere_integration_spec.lua @@ -358,7 +358,7 @@ for _, strategy in helpers.all_strategies() do if strategy ~= "cassandra" then end) lazy_teardown(function() - helpers.stop_kong(nil, true) + helpers.stop_kong() end) before_each(function() diff --git a/spec/03-plugins/38-ai-proxy/05-azure_integration_spec.lua b/spec/03-plugins/38-ai-proxy/05-azure_integration_spec.lua index d976689f92a..96d9645a401 100644 --- a/spec/03-plugins/38-ai-proxy/05-azure_integration_spec.lua +++ b/spec/03-plugins/38-ai-proxy/05-azure_integration_spec.lua @@ -372,7 +372,7 @@ for _, strategy in helpers.all_strategies() do if strategy ~= "cassandra" then end) lazy_teardown(function() - helpers.stop_kong(nil, true) + helpers.stop_kong() end) before_each(function() diff --git a/spec/03-plugins/38-ai-proxy/06-mistral_integration_spec.lua b/spec/03-plugins/38-ai-proxy/06-mistral_integration_spec.lua index 16bcea29ecd..49612408f1d 100644 --- a/spec/03-plugins/38-ai-proxy/06-mistral_integration_spec.lua +++ b/spec/03-plugins/38-ai-proxy/06-mistral_integration_spec.lua @@ -309,7 +309,7 @@ for _, strategy in helpers.all_strategies() do if strategy ~= "cassandra" then end) lazy_teardown(function() - helpers.stop_kong(nil, true) + helpers.stop_kong() end) before_each(function() diff --git a/spec/03-plugins/38-ai-proxy/07-llama2_integration_spec.lua b/spec/03-plugins/38-ai-proxy/07-llama2_integration_spec.lua index b41aaa6e11a..aa74ef9fd5b 100644 --- a/spec/03-plugins/38-ai-proxy/07-llama2_integration_spec.lua +++ b/spec/03-plugins/38-ai-proxy/07-llama2_integration_spec.lua @@ -157,7 +157,7 @@ for _, strategy in helpers.all_strategies() do if strategy ~= "cassandra" then end) lazy_teardown(function() - helpers.stop_kong(nil, true) + helpers.stop_kong() end) before_each(function() diff --git a/spec/03-plugins/38-ai-proxy/08-encoding_integration_spec.lua b/spec/03-plugins/38-ai-proxy/08-encoding_integration_spec.lua index b11c16a973f..049920e460b 100644 --- a/spec/03-plugins/38-ai-proxy/08-encoding_integration_spec.lua +++ b/spec/03-plugins/38-ai-proxy/08-encoding_integration_spec.lua @@ -237,7 +237,7 @@ for _, strategy in helpers.all_strategies() do if strategy ~= "cassandra" then end) lazy_teardown(function() - helpers.stop_kong(nil, true) + helpers.stop_kong() end) before_each(function() diff --git a/spec/03-plugins/39-ai-request-transformer/02-integration_spec.lua b/spec/03-plugins/39-ai-request-transformer/02-integration_spec.lua index 7ddedad91fb..662fb4c9e11 100644 --- a/spec/03-plugins/39-ai-request-transformer/02-integration_spec.lua +++ b/spec/03-plugins/39-ai-request-transformer/02-integration_spec.lua @@ -188,7 +188,7 @@ for _, strategy in helpers.all_strategies() do if strategy ~= "cassandra" then end) lazy_teardown(function() - helpers.stop_kong(nil, true) + helpers.stop_kong() end) before_each(function() diff --git a/spec/03-plugins/40-ai-response-transformer/02-integration_spec.lua b/spec/03-plugins/40-ai-response-transformer/02-integration_spec.lua index 40c55add51d..2fdd5b11e71 100644 --- a/spec/03-plugins/40-ai-response-transformer/02-integration_spec.lua +++ b/spec/03-plugins/40-ai-response-transformer/02-integration_spec.lua @@ -304,7 +304,7 @@ for _, strategy in helpers.all_strategies() do if strategy ~= "cassandra" then end) lazy_teardown(function() - helpers.stop_kong(nil, true) + helpers.stop_kong() end) before_each(function() diff --git a/spec/03-plugins/41-ai-prompt-decorator/02-integration_spec.lua b/spec/03-plugins/41-ai-prompt-decorator/02-integration_spec.lua index 6cba00bcdc4..4fdc8b02532 100644 --- a/spec/03-plugins/41-ai-prompt-decorator/02-integration_spec.lua +++ b/spec/03-plugins/41-ai-prompt-decorator/02-integration_spec.lua @@ -54,7 +54,7 @@ for _, strategy in helpers.all_strategies() do if strategy ~= "cassandra" then end) lazy_teardown(function() - helpers.stop_kong(nil, true) + helpers.stop_kong() end) before_each(function() diff --git a/spec/03-plugins/42-ai-prompt-guard/02-integration_spec.lua b/spec/03-plugins/42-ai-prompt-guard/02-integration_spec.lua index d5ffdf8b535..05258f659cc 100644 --- a/spec/03-plugins/42-ai-prompt-guard/02-integration_spec.lua +++ b/spec/03-plugins/42-ai-prompt-guard/02-integration_spec.lua @@ -130,7 +130,7 @@ for _, strategy in helpers.all_strategies() do if strategy ~= "cassandra" then end) lazy_teardown(function() - helpers.stop_kong(nil, true) + helpers.stop_kong() end) before_each(function() diff --git a/spec/03-plugins/43-ai-prompt-template/02-integration_spec.lua b/spec/03-plugins/43-ai-prompt-template/02-integration_spec.lua index 412add965af..5b7b38cf581 100644 --- a/spec/03-plugins/43-ai-prompt-template/02-integration_spec.lua +++ b/spec/03-plugins/43-ai-prompt-template/02-integration_spec.lua @@ -125,7 +125,7 @@ for _, strategy in helpers.all_strategies() do if strategy ~= "cassandra" then end) lazy_teardown(function() - helpers.stop_kong(nil, true) + helpers.stop_kong() end) before_each(function() diff --git a/spec/05-migration/plugins/acme/migrations/003_350_to_360_spec.lua b/spec/05-migration/plugins/acme/migrations/003_350_to_360_spec.lua index 77dae348495..b0df35c13cf 100644 --- a/spec/05-migration/plugins/acme/migrations/003_350_to_360_spec.lua +++ b/spec/05-migration/plugins/acme/migrations/003_350_to_360_spec.lua @@ -9,7 +9,7 @@ if uh.database_type() == 'postgres' then end) lazy_teardown(function () - assert(uh.stop_kong(nil, true)) + assert(uh.stop_kong()) end) uh.setup(function () diff --git a/spec/05-migration/plugins/http-log/migrations/001_280_to_300_spec.lua b/spec/05-migration/plugins/http-log/migrations/001_280_to_300_spec.lua index 1264a2c8f10..adadc50f5cc 100644 --- a/spec/05-migration/plugins/http-log/migrations/001_280_to_300_spec.lua +++ b/spec/05-migration/plugins/http-log/migrations/001_280_to_300_spec.lua @@ -18,7 +18,7 @@ handler("http-log plugin migration", function() end) lazy_teardown(function () - assert(uh.stop_kong(nil, true)) + assert(uh.stop_kong()) end) local log_server_url = "http://localhost:" .. HTTP_PORT .. "/" diff --git a/spec/05-migration/plugins/opentelemetry/migrations/001_331_to_332_spec.lua b/spec/05-migration/plugins/opentelemetry/migrations/001_331_to_332_spec.lua index b385c2db05f..98ac32422df 100644 --- a/spec/05-migration/plugins/opentelemetry/migrations/001_331_to_332_spec.lua +++ b/spec/05-migration/plugins/opentelemetry/migrations/001_331_to_332_spec.lua @@ -11,7 +11,7 @@ if uh.database_type() == 'postgres' then end) lazy_teardown(function () - assert(uh.stop_kong(nil, true)) + assert(uh.stop_kong()) end) uh.setup(function () diff --git a/spec/05-migration/plugins/rate-limiting/migrations/006_350_to_360_spec.lua b/spec/05-migration/plugins/rate-limiting/migrations/006_350_to_360_spec.lua index 29ab4ff1228..de963af442b 100644 --- a/spec/05-migration/plugins/rate-limiting/migrations/006_350_to_360_spec.lua +++ b/spec/05-migration/plugins/rate-limiting/migrations/006_350_to_360_spec.lua @@ -10,7 +10,7 @@ if uh.database_type() == 'postgres' then end) lazy_teardown(function () - assert(uh.stop_kong(nil, true)) + assert(uh.stop_kong()) end) uh.setup(function () diff --git a/spec/05-migration/plugins/response-ratelimiting/migrations/001_350_to_360_spec.lua b/spec/05-migration/plugins/response-ratelimiting/migrations/001_350_to_360_spec.lua index d574bd9cfc7..77a47a9a94b 100644 --- a/spec/05-migration/plugins/response-ratelimiting/migrations/001_350_to_360_spec.lua +++ b/spec/05-migration/plugins/response-ratelimiting/migrations/001_350_to_360_spec.lua @@ -10,7 +10,7 @@ if uh.database_type() == 'postgres' then end) lazy_teardown(function () - assert(uh.stop_kong(nil, true)) + assert(uh.stop_kong()) end) uh.setup(function () diff --git a/spec/fixtures/custom_plugins/kong/plugins/dummy/schema.lua b/spec/fixtures/custom_plugins/kong/plugins/dummy/schema.lua index c4b203142b4..9f689e48544 100644 --- a/spec/fixtures/custom_plugins/kong/plugins/dummy/schema.lua +++ b/spec/fixtures/custom_plugins/kong/plugins/dummy/schema.lua @@ -18,7 +18,13 @@ return { }}, { append_body = { type = "string" } }, { resp_code = { type = "number" } }, - { test_try = { type = "boolean", default = false}} + { test_try = { type = "boolean", default = false}}, + { old_field = { + type = "number", + deprecation = { + message = "dummy: old_field is deprecated", + removal_in_version = "x.y.z", + old_default = 42 }, }, } }, }, }, diff --git a/t/03-dns-client/00-sanity.t b/t/03-dns-client/00-sanity.t index 0c365c576ef..2856ea84b08 100644 --- a/t/03-dns-client/00-sanity.t +++ b/t/03-dns-client/00-sanity.t @@ -2,7 +2,7 @@ use strict; use warnings FATAL => 'all'; use Test::Nginx::Socket::Lua; -plan tests => 2; +plan tests => 5; run_tests(); @@ -25,3 +25,20 @@ GET /t --- response_body 127.0.0.1 --- no_error_log + + + +=== TEST 2: load lua-resty-dns-client +--- config + location = /t { + access_by_lua_block { + local client = require("kong.resty.dns.client") + assert(client.init({ timeout = 0 })) + ngx.exit(200) + } + } +--- request +GET /t +--- error_log +[notice] +timeout = 2000 ms (a non-positive timeout of 0 configured - using default timeout)