chore(response-rl): standarize redis configuration

Response-RateLimiting right now has new config structure
that reuses common redis connection configuration.
The same as ACME and RateLimiting plugin.

KAG-3388

changelog/unreleased/kong/standardize-redis-conifguration-response-rl.yml

@@ -0,0 +1,3 @@
+message: "**Response-RateLimiting**: Standardize redis configuration across plugins. The redis configuration right now follows common schema that is shared across other plugins."
+type: deprecation
+scope: Plugin

kong-3.6.0-0.rockspec

@@ -383,13 +383,15 @@ build = {
 
     ["kong.plugins.response-ratelimiting.migrations"] = "kong/plugins/response-ratelimiting/migrations/init.lua",
     ["kong.plugins.response-ratelimiting.migrations.000_base_response_rate_limiting"] = "kong/plugins/response-ratelimiting/migrations/000_base_response_rate_limiting.lua",
+    ["kong.plugins.response-ratelimiting.migrations.001_350_to_360"] = "kong/plugins/response-ratelimiting/migrations/001_350_to_360.lua",
     ["kong.plugins.response-ratelimiting.handler"] = "kong/plugins/response-ratelimiting/handler.lua",
     ["kong.plugins.response-ratelimiting.access"] = "kong/plugins/response-ratelimiting/access.lua",
     ["kong.plugins.response-ratelimiting.header_filter"] = "kong/plugins/response-ratelimiting/header_filter.lua",
     ["kong.plugins.response-ratelimiting.log"] = "kong/plugins/response-ratelimiting/log.lua",
     ["kong.plugins.response-ratelimiting.schema"] = "kong/plugins/response-ratelimiting/schema.lua",
     ["kong.plugins.response-ratelimiting.policies"] = "kong/plugins/response-ratelimiting/policies/init.lua",
     ["kong.plugins.response-ratelimiting.policies.cluster"] = "kong/plugins/response-ratelimiting/policies/cluster.lua",
+    ["kong.plugins.response-ratelimiting.clustering.compat.redis_translation"] = "kong/plugins/response-ratelimiting/clustering/compat/redis_translation.lua",
 
     ["kong.plugins.request-size-limiting.handler"] = "kong/plugins/request-size-limiting/handler.lua",
     ["kong.plugins.request-size-limiting.schema"] = "kong/plugins/request-size-limiting/schema.lua",

kong/clustering/compat/checkers.lua

@@ -29,6 +29,7 @@ local compatible_checkers = {
       local redis_plugins_update = {
         acme = require("kong.plugins.acme.clustering.compat.redis_translation").adapter,
         ['rate-limiting'] = require("kong.plugins.rate-limiting.clustering.compat.redis_translation").adapter,
+        ['response-ratelimiting'] = require("kong.plugins.response-ratelimiting.clustering.compat.redis_translation").adapter
       }
 
       for _, plugin in ipairs(config_table.plugins or {}) do

kong/plugins/response-ratelimiting/clustering/compat/redis_translation.lua

@@ -0,0 +1,23 @@
+local function adapter(config_to_update)
+    if config_to_update.policy == "redis" then
+        config_to_update.redis_host = config_to_update.redis.host
+        config_to_update.redis_port = config_to_update.redis.port
+        config_to_update.redis_username = config_to_update.redis.username
+        config_to_update.redis_password = config_to_update.redis.password
+        config_to_update.redis_database = config_to_update.redis.database
+        config_to_update.redis_timeout = config_to_update.redis.timeout
+        config_to_update.redis_ssl = config_to_update.redis.ssl
+        config_to_update.redis_ssl_verify = config_to_update.redis.ssl_verify
+        config_to_update.redis_server_name = config_to_update.redis.server_name
+
+        config_to_update.redis = nil
+
+        return true
+    end
+
+    return false
+end
+
+return {
+    adapter = adapter
+}

kong/plugins/response-ratelimiting/migrations/001_350_to_360.lua

@@ -0,0 +1,38 @@
+return {
+    postgres = {
+      up = [[
+        DO $$
+        BEGIN
+          UPDATE plugins
+          SET config =
+            config::jsonb
+              - 'redis_host'
+              - 'redis_port'
+              - 'redis_password'
+              - 'redis_username'
+              - 'redis_ssl'
+              - 'redis_ssl_verify'
+              - 'redis_server_name'
+              - 'redis_timeout'
+              - 'redis_database'
+            || jsonb_build_object(
+              'redis',
+              jsonb_build_object(
+                'host', config->'redis_host',
+                'port', config->'redis_port',
+                'password', config->'redis_password',
+                'username', config->'redis_username',
+                'ssl', config->'redis_ssl',
+                'ssl_verify', config->'redis_ssl_verify',
+                'server_name', config->'redis_server_name',
+                'timeout', config->'redis_timeout',
+                'database', config->'redis_database'
+              )
+            )
+            WHERE name = 'response-ratelimiting';
+        EXCEPTION WHEN UNDEFINED_COLUMN OR UNDEFINED_TABLE THEN
+          -- Do nothing, accept existing state
+        END$$;
+      ]],
+    },
+}

kong/plugins/response-ratelimiting/migrations/init.lua

@@ -1,3 +1,4 @@
 return {
   "000_base_response_rate_limiting",
+  "001_350_to_360",
 }

kong/plugins/response-ratelimiting/policies/init.lua

@@ -25,6 +25,19 @@ local function is_present(str)
   return str and str ~= "" and str ~= null
 end
 
+local function get_redis_configuration(plugin_conf)
+  return {
+     host = plugin_conf.redis.host or plugin_conf.redis_host,
+     port = plugin_conf.redis.port or plugin_conf.redis_port,
+     username = plugin_conf.redis.username or plugin_conf.redis_username,
+     password = plugin_conf.redis.password or plugin_conf.redis_password,
+     database = plugin_conf.redis.database or plugin_conf.redis_database,
+     timeout = plugin_conf.redis.timeout or plugin_conf.redis_timeout,
+     ssl = plugin_conf.redis.ssl or plugin_conf.redis_ssl,
+     ssl_verify = plugin_conf.redis.ssl_verify or plugin_conf.redis_ssl_verify,
+     server_name = plugin_conf.redis.server_name or plugin_conf.redis_server_name,
+  }
+end
 
 local function get_service_and_route_ids(conf)
   conf = conf or {}
@@ -53,22 +66,23 @@ end
 local sock_opts = {}
 local function get_redis_connection(conf)
   local red = redis:new()
-  red:set_timeout(conf.redis_timeout)
+  local redis_config = get_redis_configuration(conf)
+  red:set_timeout(redis_config.timeout)
 
-  sock_opts.ssl = conf.redis_ssl
-  sock_opts.ssl_verify = conf.redis_ssl_verify
-  sock_opts.server_name = conf.redis_server_name
+  sock_opts.ssl = redis_config.ssl
+  sock_opts.ssl_verify = redis_config.ssl_verify
+  sock_opts.server_name = redis_config.server_name
 
-  -- use a special pool name only if redis_database is set to non-zero
+  -- use a special pool name only if redis_config.database is set to non-zero
   -- otherwise use the default pool name host:port
-  if conf.redis_database ~= 0 then
+  if redis_config.database ~= 0 then
     sock_opts.pool = fmt( "%s:%d;%d",
-                          conf.redis_host,
-                          conf.redis_port,
-                          conf.redis_database)
+                          redis_config.host,
+                          redis_config.port,
+                          redis_config.database)
   end
 
-  local ok, err = red:connect(conf.redis_host, conf.redis_port,
+  local ok, err = red:connect(redis_config.host, redis_config.port,
                               sock_opts)
   if not ok then
     kong.log.err("failed to connect to Redis: ", err)
@@ -82,28 +96,28 @@ local function get_redis_connection(conf)
   end
 
   if times == 0 then
-    if is_present(conf.redis_password) then
+    if is_present(redis_config.password) then
       local ok, err
-      if is_present(conf.redis_username) then
+      if is_present(redis_config.username) then
         ok, err = kong.vault.try(function(cfg)
-          return red:auth(cfg.redis_username, cfg.redis_password)
-        end, conf)
+          return red:auth(cfg.username, cfg.password)
+        end, redis_config)
       else
         ok, err = kong.vault.try(function(cfg)
-          return red:auth(cfg.redis_password)
-        end, conf)
+          return red:auth(cfg.password)
+        end, redis_config)
       end
       if not ok then
         kong.log.err("failed to auth Redis: ", err)
         return nil, err
       end
     end
 
-    if conf.redis_database ~= 0 then
+    if redis_config.database ~= 0 then
       -- Only call select first time, since we know the connection is shared
       -- between instances that use the same redis database
 
-      local ok, err = red:select(conf.redis_database)
+      local ok, err = red:select(redis_config.database)
       if not ok then
         kong.log.err("failed to change Redis database: ", err)
         return nil, err

kong/plugins/response-ratelimiting/schema.lua

@@ -1,5 +1,6 @@
 local typedefs = require "kong.db.schema.typedefs"
-
+local redis_schema = require "kong.tools.redis.schema"
+local deprecation = require "kong.deprecation"
 
 local ORDERED_PERIODS = { "second", "minute", "hour", "day", "month", "year" }
 
@@ -94,6 +95,7 @@ return {
               default = true
             },
           },
+          { redis = redis_schema.config_schema },
           {
             redis_host = typedefs.redis_host,
           },
@@ -202,29 +204,73 @@ return {
     },
   },
   entity_checks = {
-    {
-      conditional = {
-        if_field = "config.policy",
-        if_match = { eq = "redis" },
-        then_field = "config.redis_host",
-        then_match = { required = true },
-      }
-    },
-    {
-      conditional = {
-        if_field = "config.policy",
-        if_match = { eq = "redis" },
-        then_field = "config.redis_port",
-        then_match = { required = true },
-      }
-    },
-    {
-      conditional = {
-        if_field = "config.policy",
-        if_match = { eq = "redis" },
-        then_field = "config.redis_timeout",
-        then_match = { required = true },
-      }
-    },
+    { conditional_at_least_one_of = {
+      if_field = "config.policy", if_match = { eq = "redis" },
+      then_at_least_one_of = { "config.redis.host", "config.redis_host" },
+      then_err = "must set one of %s when 'policy' is 'redis'",
+    } },
+    { conditional_at_least_one_of = {
+      if_field = "config.policy", if_match = { eq = "redis" },
+      then_at_least_one_of = { "config.redis.port", "config.redis_port" },
+      then_err = "must set one of %s when 'policy' is 'redis'",
+    } },
+    { conditional_at_least_one_of = {
+      if_field = "config.policy", if_match = { eq = "redis" },
+      then_at_least_one_of = { "config.redis.timeout", "config.redis_timeout" },
+      then_err = "must set one of %s when 'policy' is 'redis'",
+    } },
+    { custom_entity_check = {
+      field_sources = {
+        "config.redis_host",
+        "config.redis_port",
+        "config.redis_password",
+        "config.redis_username",
+        "config.redis_ssl",
+        "config.redis_ssl_verify",
+        "config.redis_server_name",
+        "config.redis_timeout",
+        "config.redis_database"
+      },
+      fn = function(entity)
+        if (entity.config.redis_host or ngx.null) ~= ngx.null then
+          deprecation("response-ratelimiting: config.redis_host is deprecated, please use config.redis.host instead",
+            { after = "4.0", })
+        end
+        if (entity.config.redis_port or ngx.null) ~= ngx.null and entity.config.redis_port ~= 6379 then
+          deprecation("response-ratelimiting: config.redis_port is deprecated, please use config.redis.port instead",
+            { after = "4.0", })
+        end
+        if (entity.config.redis_password or ngx.null) ~= ngx.null then
+          deprecation("response-ratelimiting: config.redis_password is deprecated, please use config.redis.password instead",
+            { after = "4.0", })
+        end
+        if (entity.config.redis_username or ngx.null) ~= ngx.null then
+          deprecation("response-ratelimiting: config.redis_username is deprecated, please use config.redis.username instead",
+            { after = "4.0", })
+        end
+        if (entity.config.redis_ssl or ngx.null) ~= ngx.null and entity.config.redis_ssl ~= false then
+          deprecation("response-ratelimiting: config.redis_ssl is deprecated, please use config.redis.ssl instead",
+            { after = "4.0", })
+        end
+        if (entity.config.redis_ssl_verify or ngx.null) ~= ngx.null and entity.config.redis_ssl_verify ~= false then
+          deprecation("response-ratelimiting: config.redis_ssl_verify is deprecated, please use config.redis.ssl_verify instead",
+            { after = "4.0", })
+        end
+        if (entity.config.redis_server_name or ngx.null) ~= ngx.null then
+          deprecation("response-ratelimiting: config.redis_server_name is deprecated, please use config.redis.server_name instead",
+            { after = "4.0", })
+        end
+        if (entity.config.redis_timeout or ngx.null) ~= ngx.null and entity.config.redis_timeout ~= 2000 then
+          deprecation("response-ratelimiting: config.redis_timeout is deprecated, please use config.redis.timeout instead",
+            { after = "4.0", })
+        end
+        if (entity.config.redis_database or ngx.null) ~= ngx.null and entity.config.redis_database ~= 0 then
+          deprecation("response-ratelimiting: config.redis_database is deprecated, please use config.redis.database instead",
+            { after = "4.0", })
+        end
+
+        return true
+      end
+    } }
   },
 }

spec/02-integration/09-hybrid_mode/09-config-compat_spec.lua

@@ -407,6 +407,55 @@ describe("CP/DP config compat transformations #" .. strategy, function()
           admin.plugins:remove({ id = rl.id })
         end)
       end)
+
+      describe("response-ratelimiting plugin", function()
+        it("translates standardized redis config to older response-ratelimiting structure", function()
+          -- [[ 3.6.x ]] --
+          local response_rl = admin.plugins:insert {
+            name = "response-ratelimiting",
+            enabled = true,
+            config = {
+              limits = {
+                video = {
+                  minute = 300,
+                }
+              },
+              policy = "redis",
+              -- [[ new structure redis
+              redis = {
+                host = "localhost",
+                port = 57198,
+                username = "test",
+                password = "secret",
+                database = 2,
+                timeout = 1100,
+                ssl = true,
+                ssl_verify = true,
+                server_name = "example.test"
+              }
+              -- ]]
+            }
+          }
+
+          local expected_response_rl_prior_36 = utils.cycle_aware_deep_copy(response_rl)
+          expected_response_rl_prior_36.config.redis = nil
+          expected_response_rl_prior_36.config.redis_host = "localhost"
+          expected_response_rl_prior_36.config.redis_port = 57198
+          expected_response_rl_prior_36.config.redis_username = "test"
+          expected_response_rl_prior_36.config.redis_password = "secret"
+          expected_response_rl_prior_36.config.redis_database = 2
+          expected_response_rl_prior_36.config.redis_timeout = 1100
+          expected_response_rl_prior_36.config.redis_ssl = true
+          expected_response_rl_prior_36.config.redis_ssl_verify = true
+          expected_response_rl_prior_36.config.redis_server_name = "example.test"
+
+
+          do_assert(utils.uuid(), "3.5.0", expected_response_rl_prior_36)
+
+          -- cleanup
+          admin.plugins:remove({ id = response_rl.id })
+        end)
+      end)
     end)
   end)
 end)

spec/03-plugins/23-rate-limiting/05-integration_spec.lua

@@ -371,7 +371,6 @@ describe("Plugin: rate-limiting (integration)", function()
       lazy_setup(function()
         assert(helpers.start_kong({
           nginx_conf = "spec/fixtures/custom_nginx.template",
-          lua_ssl_trusted_certificate = config.lua_ssl_trusted_certificate,
         }))
 
         route3 = assert(bp.routes:insert {