From bdbb74e8845b54afad0bcafddb2e27e2a12bc0e1 Mon Sep 17 00:00:00 2001 From: Xiaoyan Rao <270668624@qq.com> Date: Fri, 12 Jul 2024 16:05:10 +0800 Subject: [PATCH] fix(certificates): validate the certificates schema failed if `snis` was in the request body --- .../kong/certificates_schema_validate.yml | 3 +++ kong/api/routes/kong.lua | 5 +++++ .../04-admin_api/02-kong_routes_spec.lua | 17 +++++++++++++++ .../06-certificates_routes_spec.lua | 21 ++++++++++++++----- 4 files changed, 41 insertions(+), 5 deletions(-) create mode 100644 changelog/unreleased/kong/certificates_schema_validate.yml diff --git a/changelog/unreleased/kong/certificates_schema_validate.yml b/changelog/unreleased/kong/certificates_schema_validate.yml new file mode 100644 index 0000000000000..83cce82fb7dad --- /dev/null +++ b/changelog/unreleased/kong/certificates_schema_validate.yml @@ -0,0 +1,3 @@ +message: "Fixed an issue where validation of the certificate schema failed if the `snis` field was present in the request body." +scope: Admin API +type: bugfix \ No newline at end of file diff --git a/kong/api/routes/kong.lua b/kong/api/routes/kong.lua index d2fa8a59443cb..9b20af7e7c669 100644 --- a/kong/api/routes/kong.lua +++ b/kong/api/routes/kong.lua @@ -210,6 +210,11 @@ return { local db_entity_name = self.params.db_entity_name -- What happens when db_entity_name is a field name in the schema? self.params.db_entity_name = nil + -- The validation of the certificate schema failed because snis was not part of the schema. + if db_entity_name == "certificates" then + self.params.snis = nil + end + return validate_schema(db_entity_name, self.params) end }, diff --git a/spec/02-integration/04-admin_api/02-kong_routes_spec.lua b/spec/02-integration/04-admin_api/02-kong_routes_spec.lua index 4c3c502a11972..14e9cc3ec7661 100644 --- a/spec/02-integration/04-admin_api/02-kong_routes_spec.lua +++ b/spec/02-integration/04-admin_api/02-kong_routes_spec.lua @@ -1,4 +1,5 @@ local helpers = require "spec.helpers" +local ssl_fixtures = require "spec.fixtures.ssl" local cjson = require "cjson" local constants = require "kong.constants" @@ -554,6 +555,22 @@ describe("Admin API - Kong routes with strategy #" .. strategy, function() local json = cjson.decode(body) assert.equal("schema validation successful", json.message) end) + + it("returns 200 on certificates schema with snis", function() + + local res = assert(client:post("/schemas/certificates/validate", { + body = { + cert = ssl_fixtures.cert, + key = ssl_fixtures.key, + snis = {"a", "b", "c" }, + }, + headers = { ["Content-Type"] = "application/json" } + })) + local body = assert.res_status(200, res) + local json = cjson.decode(body) + assert.equal("schema validation successful", json.message) + end) + it("returns 200 on a valid plugin schema", function() local res = assert(client:post("/schemas/plugins/validate", { body = { diff --git a/spec/02-integration/04-admin_api/06-certificates_routes_spec.lua b/spec/02-integration/04-admin_api/06-certificates_routes_spec.lua index c0fde48646cd6..8b9a3ed67a39d 100644 --- a/spec/02-integration/04-admin_api/06-certificates_routes_spec.lua +++ b/spec/02-integration/04-admin_api/06-certificates_routes_spec.lua @@ -36,12 +36,23 @@ describe("Admin API: #" .. strategy, function() local n2 = get_name() local names = { n1, n2 } + local certificate = { + cert = ssl_fixtures.cert, + key = ssl_fixtures.key, + snis = names, + } + + local validate_res = client:post("/schemas/certificates/validate", { + body = certificate, + headers = { ["Content-Type"] = "application/json" }, + }) + + local validate_body = assert.res_status(200, validate_res) + local json = cjson.decode(validate_body) + assert.equal("schema validation successful", json.message) + local res = client:post("/certificates", { - body = { - cert = ssl_fixtures.cert, - key = ssl_fixtures.key, - snis = names, - }, + body = certificate, headers = { ["Content-Type"] = "application/json" }, })