KNEL/KNELProductionContainers
2
0
Fork 0
Code Pull Requests Actions Packages Releases Activity

feat(apisix): add Cloudron package

Browse Source 
- Implements Apache APISIX packaging for Cloudron platform.
- Includes Dockerfile, CloudronManifest.json, and start.sh.
- Configured to use Cloudron's etcd addon.

🤖 Generated with Gemini CLI
Co-Authored-By: Gemini <noreply@google.com>
This commit is contained in:
Charles N Wyble - admin
2025-09-04 09:42:47 -05:00
parent f7bae09f22
commit 54cc5f7308
1608 changed files with 388342 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
CloudronPackages/APISIX/apisix-source/t/cli/cli.t Normal file
View File

@@ -0,0 +1,60 @@
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# unit test for cli module
use t::APISIX 'no_plan';
repeat_each(1);
no_long_string();
no_root_location();
no_shuffle();
log_level("info");
$ENV{TEST_NGINX_HTML_DIR} ||= html_dir();
add_block_preprocessor(sub {
my ($block) = @_;
if (!$block->request) {
$block->set_value("request", "GET /t");
}
if (!$block->no_error_log) {
$block->set_value("no_error_log", "[error]\n[alert]");
}
});
run_tests;
__DATA__
=== TEST 1: local_dns_resolver
--- config
location /t {
content_by_lua_block {
local local_dns_resolver = require("apisix.cli.ops").local_dns_resolver
local json_encode = require("toolkit.json").encode
ngx.say(json_encode(local_dns_resolver("$TEST_NGINX_HTML_DIR/resolv.conf")))
}
}
--- user_files
>>> resolv.conf
# This file was automatically generated.
nameserver 172.27.0.1
nameserver fe80::215:5dff:fec5:8e1d
--- response_body
["172.27.0.1","fe80::215:5dff:fec5:8e1d"]

111
CloudronPackages/APISIX/apisix-source/t/cli/cli_envsubst_confusion.t Normal file
View File

@@ -0,0 +1,111 @@
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
use t::APISIX 'no_plan';
repeat_each(1);
$ENV{SOME_STRING_VALUE_BUT_DIFFERENT} = 'astringvaluebutdifferent';
$ENV{SOME_STRING_VALUE} = 'astringvalue';
our $yaml_config = <<_EOC_;
apisix:
node_listen: 1984
deployment:
role: data_plane
role_data_plane:
config_provider: yaml
_EOC_
our $apisix_yaml = <<_EOC_;
upstreams:
- id: 1
nodes:
- host: 127.0.0.1
port: 1980
weight: 1
routes:
- uri: /hello
upstream_id: 1
plugins:
response-rewrite:
headers:
set:
X-Some-String-Value-But-Different: Different \${{SOME_STRING_VALUE_BUT_DIFFERENT}}
X-Some-String-Value: \${{SOME_STRING_VALUE}}
#END
_EOC_
our $response_headers_correct = <<_EOC_;
X-Some-String-Value-But-Different: Different astringvaluebutdifferent
X-Some-String-Value: astringvalue
_EOC_
our $response_headers_INCORRECT = <<_EOC_;
X-Some-String-Value-But-Different: Different astringvalue
X-Some-String-Value: astringvalue
_EOC_
add_block_preprocessor(sub {
my ($block) = @_;
if (!$block->request) {
$block->set_value("request", "GET /hello");
}
});
run_tests();
__DATA__
=== TEST 1: assignment style, the PREFIX 1st - incorrect
--- main_config
env SOME_STRING_VALUE=astringvalue;
env SOME_STRING_VALUE_BUT_DIFFERENT=astringvaluebutdifferent;
--- yaml_config eval: $::yaml_config
--- apisix_yaml eval: $::apisix_yaml
--- response_headers eval: $::response_headers_INCORRECT
=== TEST 2: assignment style, the DIFF 1st - correct
--- main_config
env SOME_STRING_VALUE_BUT_DIFFERENT=astringvaluebutdifferent;
env SOME_STRING_VALUE=astringvalue;
--- yaml_config eval: $::yaml_config
--- apisix_yaml eval: $::apisix_yaml
--- response_headers eval: $::response_headers_correct
=== TEST 3: declaration style, the PREFIX 1st - correct
--- main_config
env SOME_STRING_VALUE;
env SOME_STRING_VALUE_BUT_DIFFERENT;
--- yaml_config eval: $::yaml_config
--- apisix_yaml eval: $::apisix_yaml
--- response_headers eval: $::response_headers_correct
=== TEST 4: declaration style, the DIFF 1st - also correct
--- main_config
env SOME_STRING_VALUE_BUT_DIFFERENT;
env SOME_STRING_VALUE;
--- yaml_config eval: $::yaml_config
--- apisix_yaml eval: $::apisix_yaml
--- response_headers eval: $::response_headers_correct

43
CloudronPackages/APISIX/apisix-source/t/cli/common.sh Normal file
View File

@@ -0,0 +1,43 @@
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# 'make init' operates scripts and related configuration files in the current directory
# The 'apisix' command is a command in the /usr/local/apisix,
# and the configuration file for the operation is in the /usr/local/apisix/conf
set -ex
check_failure() {
cat logs/error.log
}
clean_up() {
if [ $? -gt 0 ]; then
check_failure
fi
make stop || true
git checkout conf/config.yaml
}
trap clean_up EXIT
exit_if_not_customed_nginx() {
openresty -V 2>&1 | grep apisix-nginx-module || exit 0
}
rm logs/error.log || true # clear previous error log
unset APISIX_PROFILE

72
CloudronPackages/APISIX/apisix-source/t/cli/docker-compose-etcd-cluster.yaml Normal file
View File

@@ -0,0 +1,72 @@
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
version: "3.7"
services:
etcd0:
image: "gcr.io/etcd-development/etcd:v3.4.15"
container_name: etcd0
ports:
- "23800:2380"
- "23790:2379"
environment:
- ALLOW_NONE_AUTHENTICATION=yes
- ETCD_NAME=etcd0
- ETCD_LISTEN_PEER_URLS=http://0.0.0.0:2380
- ETCD_LISTEN_CLIENT_URLS=http://0.0.0.0:2379
- ETCD_ADVERTISE_CLIENT_URLS=http://127.0.0.1:23790
- ETCD_INITIAL_ADVERTISE_PEER_URLS=http://etcd0:2380
- ETCD_INITIAL_CLUSTER_TOKEN=etcd-cluster
- ETCD_INITIAL_CLUSTER=etcd0=http://etcd0:2380,etcd1=http://etcd1:2380,etcd2=http://etcd2:2380
- ETCD_INITIAL_CLUSTER_STATE=new
- ETCD_ENABLE_GRPC_GATEWAY=${ETCD_ENABLE_GRPC_GATEWAY:-true}
etcd1:
image: "gcr.io/etcd-development/etcd:v3.4.15"
container_name: etcd1
ports:
- "23801:2380"
- "23791:2379"
environment:
- ALLOW_NONE_AUTHENTICATION=yes
- ETCD_NAME=etcd1
- ETCD_LISTEN_PEER_URLS=http://0.0.0.0:2380
- ETCD_LISTEN_CLIENT_URLS=http://0.0.0.0:2379
- ETCD_ADVERTISE_CLIENT_URLS=http://127.0.0.1:23791
- ETCD_INITIAL_ADVERTISE_PEER_URLS=http://etcd1:2380
- ETCD_INITIAL_CLUSTER_TOKEN=etcd-cluster
- ETCD_INITIAL_CLUSTER=etcd0=http://etcd0:2380,etcd1=http://etcd1:2380,etcd2=http://etcd2:2380
- ETCD_INITIAL_CLUSTER_STATE=new
- ETCD_ENABLE_GRPC_GATEWAY=${ETCD_ENABLE_GRPC_GATEWAY:-true}
etcd2:
image: "gcr.io/etcd-development/etcd:v3.4.15"
container_name: etcd2
ports:
- "23802:2380"
- "23792:2379"
environment:
- ALLOW_NONE_AUTHENTICATION=yes
- ETCD_NAME=etcd2
- ETCD_LISTEN_PEER_URLS=http://0.0.0.0:2380
- ETCD_LISTEN_CLIENT_URLS=http://0.0.0.0:2379
- ETCD_ADVERTISE_CLIENT_URLS=http://127.0.0.1:23792
- ETCD_INITIAL_ADVERTISE_PEER_URLS=http://etcd2:2380
- ETCD_INITIAL_CLUSTER_TOKEN=etcd-cluster
- ETCD_INITIAL_CLUSTER=etcd0=http://etcd0:2380,etcd1=http://etcd1:2380,etcd2=http://etcd2:2380
- ETCD_INITIAL_CLUSTER_STATE=new
- ETCD_ENABLE_GRPC_GATEWAY=${ETCD_ENABLE_GRPC_GATEWAY:-true}

262
CloudronPackages/APISIX/apisix-source/t/cli/test_access_log.sh Executable file
View File

@@ -0,0 +1,262 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
. ./t/cli/common.sh
# log format
git checkout conf/config.yaml
echo '
nginx_config:
http:
access_log_format: "$remote_addr - $remote_user [$time_local] $http_host test_access_log_format"
' > conf/config.yaml
make init
grep "test_access_log_format" conf/nginx.conf > /dev/null
if [ ! $? -eq 0 ]; then
echo "failed: access_log_format in nginx.conf doesn't change"
exit 1
fi
echo "passed: access_log_format in nginx.conf is ok"
# check enable access log
echo '
nginx_config:
http:
enable_access_log: true
access_log_format: "$remote_addr - $remote_user [$time_local] $http_host test_enable_access_log_true"
' > conf/config.yaml
make init
count_test_access_log=`grep -c "test_enable_access_log_true" conf/nginx.conf || true`
if [ $count_test_access_log -eq 0 ]; then
echo "failed: nginx.conf file doesn't find access_log_format when enable access log"
exit 1
fi
count_access_log_off=`grep -c "access_log off;" conf/nginx.conf || true`
if [ $count_access_log_off -eq 5 ]; then
echo "failed: nginx.conf file find access_log off; when enable access log"
exit 1
fi
make run
sleep 0.1
curl http://127.0.0.1:9080/hi
sleep 4
tail -n 1 logs/access.log > output.log
count_grep=`grep -c "test_enable_access_log_true" output.log || true`
if [ $count_grep -eq 0 ]; then
echo "failed: not found test_enable_access_log in access.log "
exit 1
fi
make stop
echo '
nginx_config:
http:
enable_access_log: false
access_log_format: "$remote_addr - $remote_user [$time_local] $http_host test_enable_access_log_false"
' > conf/config.yaml
make init
count_test_access_log=`grep -c "test_enable_access_log_false" conf/nginx.conf || true`
if [ $count_test_access_log -eq 1 ]; then
echo "failed: nginx.conf file find access_log_format when disable access log"
exit 1
fi
make run
sleep 0.1
curl http://127.0.0.1:9080/hi
sleep 4
tail -n 1 logs/access.log > output.log
count_grep=`grep -c "test_enable_access_log_false" output.log || true`
if [ $count_grep -eq 1 ]; then
echo "failed: found test_enable_access_log in access.log "
exit 1
fi
make stop
echo "passed: enable_access_log is ok"
# access log with JSON format
echo '
nginx_config:
http:
access_log_format: |-
{"@timestamp": "$time_iso8601", "client_ip": "$remote_addr", "status": "$status"}
access_log_format_escape: json
' > conf/config.yaml
make init
make run
sleep 0.1
curl http://127.0.0.1:9080/hello2
sleep 4
tail -n 1 logs/access.log > output.log
if [ `grep -c '"client_ip": "127.0.0.1"' output.log` -eq '0' ]; then
echo "failed: invalid JSON log in access log"
exit 1
fi
if [ `grep -c 'main escape=json' conf/nginx.conf` -eq '0' ]; then
echo "failed: not found \"escape=json\" in conf/nginx.conf"
exit 1
fi
make stop
echo "passed: access log with JSON format"
# check uninitialized variable in access log when access admin
git checkout conf/config.yaml
rm logs/error.log
make init
make run
admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g')
code=$(curl -v -k -i -m 20 -o /dev/null -s -w %{http_code} http://127.0.0.1:9180/apisix/admin/routes -H "X-API-KEY: $admin_key")
make stop
if [ ! $code -eq 200 ]; then
echo "failed: failed to access admin"
exit 1
fi
if grep -E 'using uninitialized ".+" variable while logging request' logs/error.log; then
echo "failed: uninitialized variable found during writing access log"
exit 1
fi
echo "pass: uninitialized variable not found during writing access log"
# don't log uninitialized access log variable when the HTTP request is malformed
git checkout conf/config.yaml
rm logs/error.log
./bin/apisix start
sleep 1 # wait for apisix starts
curl -v -k -i -m 20 -o /dev/null -s https://127.0.0.1:9080 || true
if grep -E 'using uninitialized ".+" variable while logging request' logs/error.log; then
echo "failed: log uninitialized access log variable when the HTTP request is malformed"
exit 1
fi
make stop
echo "don't log uninitialized access log variable when the HTTP request is malformed"
# TLS upstream
echo "
deployment:
admin:
admin_listen:
port: 9180
https_admin: true
admin_api_mtls:
admin_ssl_cert: '../t/certs/apisix_admin_ssl.crt'
admin_ssl_cert_key: '../t/certs/apisix_admin_ssl.key'
nginx_config:
http:
access_log_format: '\"\$upstream_scheme://\$upstream_host\" \$ssl_server_name'
" > conf/config.yaml
make run
sleep 2
admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g')
curl -k -i https://127.0.0.1:9180/apisix/admin/routes/1 -H "X-API-KEY: $admin_key" -X PUT -d \
'{"uri":"/apisix/admin/routes/1", "upstream":{"nodes":{"localhost:9180":1},"scheme":"https","type":"roundrobin","pass_host":"node"}}'
curl -i http://127.0.0.1:9080/apisix/admin/routes/1
sleep 4
tail -n 2 logs/access.log > output.log
# APISIX
if ! grep '"https://localhost:9180" -' output.log; then
echo "failed: should find upstream scheme"
cat output.log
exit 1
fi
# admin
if ! grep '"http://localhost:9180" localhost' output.log; then
echo "failed: should find upstream scheme"
cat output.log
exit 1
fi
make stop
echo "passed: should find upstream scheme"
# check stream logs
echo '
apisix:
proxy_mode: stream
stream_proxy: # UDP proxy
udp:
- "127.0.0.1:9200"
nginx_config:
stream:
enable_access_log: true
access_log_format: "$remote_addr $protocol test_stream_access_log_format"
' > conf/config.yaml
make init
grep "test_stream_access_log_format" conf/nginx.conf > /dev/null
if [ ! $? -eq 0 ]; then
echo "failed: stream access_log_format in nginx.conf doesn't change"
exit 1
fi
echo "passed: stream access_log_format in nginx.conf is ok"
# check if logs are being written
make run
sleep 0.1
# sending single udp packet
echo -n "hello" | nc -4u -w1 localhost 9200
sleep 4
tail -n 1 logs/access_stream.log > output.log
if ! grep '127.0.0.1 UDP test_stream_access_log_format' output.log; then
echo "failed: should have found udp log entry"
cat output.log
exit 1
fi
echo "passed: logs are being dumped for stream proxy"

492
CloudronPackages/APISIX/apisix-source/t/cli/test_admin.sh Executable file
View File

@@ -0,0 +1,492 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
. ./t/cli/common.sh
# check admin https enabled
git checkout conf/config.yaml
echo "
deployment:
admin:
admin_listen:
port: 9180
https_admin: true
admin_api_mtls:
admin_ssl_cert: '../t/certs/apisix_admin_ssl.crt'
admin_ssl_cert_key: '../t/certs/apisix_admin_ssl.key'
" > conf/config.yaml
make init
grep "listen 0.0.0.0:9180 ssl" conf/nginx.conf > /dev/null
if [ ! $? -eq 0 ]; then
echo "failed: failed to enable https for admin"
exit 1
fi
make run
admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g')
echo "admin key is " $admin_key
code=$(curl -v -k -i -m 20 -o /dev/null -s -w %{http_code} https://127.0.0.1:9180/apisix/admin/routes -H "X-API-KEY: $admin_key")
if [ ! $code -eq 200 ]; then
echo "failed: failed to enable https for admin"
exit 1
fi
make stop
echo "passed: admin https enabled"
echo '
apisix:
enable_admin: true
deployment:
admin:
admin_listen:
ip: 127.0.0.2
port: 9181
' > conf/config.yaml
make init
if ! grep "listen 127.0.0.2:9181;" conf/nginx.conf > /dev/null; then
echo "failed: customize address for admin server"
exit 1
fi
make run
admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g')
code=$(curl -v -k -i -m 20 -o /dev/null -s -w %{http_code} http://127.0.0.2:9181/apisix/admin/routes -H "X-API-KEY: $admin_key")
if [ ! $code -eq 200 ]; then
echo "failed: failed to access admin"
exit 1
fi
make stop
# rollback to the default
git checkout conf/config.yaml
make init
set +ex
grep "listen 0.0.0.0:9080 ssl" conf/nginx.conf > /dev/null
if [ ! $? -eq 1 ]; then
echo "failed: failed to rollback to the default admin config"
exit 1
fi
set -ex
echo "passed: rollback to the default admin config"
# set allow_admin in conf/config.yaml
echo "
deployment:
admin:
allow_admin:
- 127.0.0.9
" > conf/config.yaml
make init
count=`grep -c "allow 127.0.0.9" conf/nginx.conf`
if [ $count -eq 0 ]; then
echo "failed: not found 'allow 127.0.0.9;' in conf/nginx.conf"
exit 1
fi
echo "
deployment:
admin:
allow_admin: ~
" > conf/config.yaml
make init
count=`grep -c "allow all;" conf/nginx.conf`
if [ $count -eq 0 ]; then
echo "failed: not found 'allow all;' in conf/nginx.conf"
exit 1
fi
echo "passed: empty allow_admin in conf/config.yaml"
# missing admin key, allow any IP to access admin api
git checkout conf/config.yaml
echo '
deployment:
admin:
admin_key: ~
allow_admin: ~
' > conf/config.yaml
make init > output.log 2>&1 | true
grep -E "ERROR: missing valid Admin API token." output.log > /dev/null
if [ ! $? -eq 0 ]; then
echo "failed: should show 'ERROR: missing valid Admin API token.'"
exit 1
fi
echo "pass: missing admin key and show ERROR message"
# missing admin key, only allow 127.0.0.0/24 to access admin api
echo '
deployment:
admin:
admin_key: ~
allow_admin:
- 127.0.0.0/24
' > conf/config.yaml
make init > output.log 2>&1 | true
if grep -E "ERROR: missing valid Admin API token." output.log > /dev/null; then
echo "failed: should not show 'ERROR: missing valid Admin API token.'"
exit 1
fi
echo '
deployment:
admin:
admin_key: ~
allow_admin:
- 0.0.0.0/0
- 127.0.0.0/24
' > conf/config.yaml
make init > output.log 2>&1 | true
if ! grep -E "ERROR: missing valid Admin API token." output.log > /dev/null; then
echo "failed: should show 'ERROR: missing valid Admin API token.'"
exit 1
fi
echo "pass: missing admin key and only allow 127.0.0.0/24 to access admin api"
# allow any IP to access admin api with empty admin_key, when admin_key_required=true
git checkout conf/config.yaml
echo '
deployment:
admin:
admin_key_required: true
admin_key: ~
allow_admin:
- 0.0.0.0/0
' > conf/config.yaml
make init > output.log 2>&1 | true
if ! grep -E "ERROR: missing valid Admin API token." output.log > /dev/null; then
echo "failed: should show 'ERROR: missing valid Admin API token.'"
exit 1
fi
echo '
deployment:
admin:
admin_key_required: false
admin_key: ~
allow_admin:
- 0.0.0.0/0
' > conf/config.yaml
make init > output.log 2>&1 | true
if grep -E "ERROR: missing valid Admin API token." output.log > /dev/null; then
echo "failed: should not show 'ERROR: missing valid Admin API token.'"
exit 1
fi
if ! grep -E "Warning! Admin key is bypassed" output.log > /dev/null; then
echo "failed: should show 'Warning! Admin key is bypassed'"
exit 1
fi
echo '
deployment:
admin:
admin_key_required: invalid-value
' > conf/config.yaml
make init > output.log 2>&1 | true
if grep -E "path[deployment->admin->admin_key_required] expect: boolean, but got: string" output.log > /dev/null; then
echo "check admin_key_required value failed: should show 'expect: boolean, but got: string'"
exit 1
fi
echo "pass: allow empty admin_key, when admin_key_required=false"
# admin api, allow any IP but use default key
echo '
deployment:
admin:
allow_admin: ~
admin_key:
- name: "admin"
key: ''
role: admin
' > conf/config.yaml
make init > output.log 2>&1 | true
grep -E "WARNING: using empty Admin API." output.log > /dev/null
if [ ! $? -eq 0 ]; then
echo "failed: need to show `WARNING: using fixed Admin API token has security risk`"
exit 1
fi
echo "pass: show WARNING message if the user uses empty key"
# admin_listen set
echo '
deployment:
admin:
admin_listen:
port: 9180
' > conf/config.yaml
rm logs/error.log
make init
make run
admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g')
code=$(curl -v -k -i -m 20 -o /dev/null -s -w %{http_code} http://127.0.0.1:9180/apisix/admin/routes -H "X-API-KEY: $admin_key")
make stop
if [ ! $code -eq 200 ]; then
echo "failed: failed to access admin"
exit 1
fi
if grep -E 'using uninitialized ".+" variable while logging request' logs/error.log; then
echo "failed: uninitialized variable found during writing access log"
exit 1
fi
echo "pass: uninitialized variable not found during writing access log (admin_listen set)"
# Admin API can only be used with etcd config_provider
## if role is data_plane, and config_provider is yaml, then enable_admin is set to false
echo '
apisix:
enable_admin: true
deployment:
role: data_plane
role_data_plane:
config_provider: yaml
' > conf/config.yaml
out=$(make init 2>&1 || true)
if echo "$out" | grep "Admin API can only be used with etcd config_provider"; then
echo "failed: Admin API can only be used with etcd config_provider"
exit 1
fi
echo "passed: Admin API can only be used with etcd config_provider"
# disable Admin API and init plugins syncer
echo '
apisix:
enable_admin: false
' > conf/config.yaml
rm logs/error.log
make init
make run
admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g')
make init
if grep -E "failed to fetch data from etcd" logs/error.log; then
echo "failed: should sync /apisix/plugins from etcd when disabling admin normal"
exit 1
fi
make stop
echo "pass: sync /apisix/plugins from etcd when disabling admin successfully"
# ignore changes to /apisix/plugins/ due to init_etcd
echo '
apisix:
enable_admin: true
plugins:
- public-api
- node-status
nginx_config:
error_log_level: info
' > conf/config.yaml
rm logs/error.log
make init
make run
admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g')
# initialize node-status public API routes #1
code=$(curl -v -k -i -m 20 -o /dev/null -s -w %{http_code} -X PUT http://127.0.0.1:9180/apisix/admin/routes/node-status \
-H "X-API-KEY: $admin_key" \
-d "{
\"uri\": \"/apisix/status\",
\"plugins\": {
\"public-api\": {}
}
}")
if [ ! $code -lt 300 ]; then
echo "failed: initialize node status public API failed #1"
exit 1
fi
sleep 0.5
# first time check node status api
code=$(curl -v -k -i -m 20 -o /dev/null -s -w %{http_code} http://127.0.0.1:9080/apisix/status)
if [ ! $code -eq 200 ]; then
echo "failed: first time check node status api failed #1"
exit 1
fi
# mock another instance init etcd dir
make init
sleep 1
admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g')
# initialize node-status public API routes #2
code=$(curl -v -k -i -m 20 -o /dev/null -s -w %{http_code} -X PUT http://127.0.0.1:9180/apisix/admin/routes/node-status \
-H "X-API-KEY: $admin_key" \
-d "{
\"uri\": \"/apisix/status\",
\"plugins\": {
\"public-api\": {}
}
}")
if [ ! $code -eq 200 ]; then
echo "failed: initialize node status public API failed #2"
exit 1
fi
sleep 0.5
# second time check node status api
code=$(curl -v -k -i -m 20 -o /dev/null -s -w %{http_code} http://127.0.0.1:9080/apisix/status)
if [ ! $code -eq 200 ]; then
echo "failed: second time check node status api failed #1"
exit 1
fi
make stop
echo "pass: ignore changes to /apisix/plugins/ due to init_etcd successfully"
# accept changes to /apisix/plugins when enable_admin is false
echo '
apisix:
enable_admin: false
plugins:
- public-api
- node-status
stream_plugins:
' > conf/config.yaml
rm logs/error.log
make init
make run
admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g')
# first time check node status api
code=$(curl -v -k -i -m 20 -o /dev/null -s -w %{http_code} http://127.0.0.1:9080/apisix/status)
if [ ! $code -eq 200 ]; then
echo "failed: first time check node status api failed #2"
exit 1
fi
sleep 0.5
# check http plugins load list
if ! grep logs/error.log -E -e 'new plugins: {"public-api":true,"node-status":true}' \
-e 'new plugins: {"node-status":true,"public-api":true}'; then
echo "failed: first time load http plugins list failed"
exit 1
fi
# check stream plugins(no plugins under stream, it will be added below)
if grep -E 'failed to read stream plugin list from local file' logs/error.log; then
echo "failed: first time load stream plugins list failed"
exit 1
fi
# mock another instance add /apisix/plugins
res=$(etcdctl put "/apisix/plugins" '[{"name":"node-status"},{"name":"example-plugin"},{"name":"public-api"},{"stream":true,"name":"mqtt-proxy"}]')
if [[ $res != "OK" ]]; then
echo "failed: failed to set /apisix/plugins to add more plugins"
exit 1
fi
sleep 0.5
# second time check node status api
code=$(curl -v -k -i -m 20 -o /dev/null -s -w %{http_code} http://127.0.0.1:9080/apisix/status)
if [ ! $code -eq 200 ]; then
echo "failed: second time check node status api failed #2"
exit 1
fi
# check http plugins load list
if ! grep logs/error.log -E -e 'new plugins: {"public-api":true,"node-status":true}' \
-e 'new plugins: {"node-status":true,"public-api":true}'; then
echo "failed: second time load http plugins list failed"
exit 1
fi
# check stream plugins load list
if ! grep -E 'new plugins: {.*example-plugin' logs/error.log; then
echo "failed: second time load stream plugins list failed"
exit 1
fi
if grep -E 'new plugins: {}' logs/error.log; then
echo "failed: second time load plugins list failed"
exit 1
fi
make stop
echo "pass: accept changes to /apisix/plugins successfully"

55
CloudronPackages/APISIX/apisix-source/t/cli/test_admin_mtls.sh Executable file
View File

@@ -0,0 +1,55 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
. ./t/cli/common.sh
# The 'admin.apisix.dev' is injected by ci/common.sh@set_coredns
echo '
deployment:
admin:
admin_listen:
port: 9180
https_admin: true
admin_api_mtls:
admin_ssl_cert: "../t/certs/mtls_server.crt"
admin_ssl_cert_key: "../t/certs/mtls_server.key"
admin_ssl_ca_cert: "../t/certs/mtls_ca.crt"
' > conf/config.yaml
make run
sleep 1
admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g')
# correct certs
code=$(curl -i -o /dev/null -s -w %{http_code} --cacert ./t/certs/mtls_ca.crt --key ./t/certs/mtls_client.key --cert ./t/certs/mtls_client.crt -H "X-API-KEY: $admin_key" https://admin.apisix.dev:9180/apisix/admin/routes)
if [ ! "$code" -eq 200 ]; then
echo "failed: failed to enabled mTLS for admin"
exit 1
fi
# skip
code=$(curl -i -o /dev/null -s -w %{http_code} -k -H "X-API-KEY: $admin_key" https://admin.apisix.dev:9180/apisix/admin/routes)
if [ ! "$code" -eq 400 ]; then
echo "failed: failed to enabled mTLS for admin"
exit 1
fi
echo "passed: enabled mTLS for admin"

148
CloudronPackages/APISIX/apisix-source/t/cli/test_admin_ui.sh Executable file
View File

@@ -0,0 +1,148 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
. ./t/cli/common.sh
# check admin ui enabled
git checkout conf/config.yaml
make init
grep "location ^~ /ui/" conf/nginx.conf > /dev/null
if [ ! $? -eq 0 ]; then
echo "failed: failed to enable embedded admin ui"
exit 1
fi
make run
## check /ui redirects to /ui/
code=$(curl -v -k -i -m 20 -o /dev/null -s -w %{http_code} http://127.0.0.1:9180/ui)
if [ ! $code -eq 301 ]; then
echo "failed: failed to redirect /ui to /ui/"
exit 1
fi
## check /ui/ accessible
mkdir -p ui/assets
echo "test_html" > ui/index.html
echo "test_js" > ui/assets/test.js
echo "test_css" > ui/assets/test.css
code=$(curl -v -k -i -m 20 -o /dev/null -s -w %{http_code} http://127.0.0.1:9180/ui/)
if [ ! $code -eq 200 ]; then
echo "failed: /ui/ not accessible"
exit 1
fi
## check /ui/index.html accessible
code=$(curl -v -k -i -m 20 -o /dev/null -s -w %{http_code} http://127.0.0.1:9180/ui/index.html)
if [ ! $code -eq 200 ]; then
echo "failed: /ui/index.html not accessible"
exit 1
fi
## check /ui/assets/test.js accessible
code=$(curl -v -k -i -m 20 -o /dev/null -s -w %{http_code} http://127.0.0.1:9180/ui/assets/test.js)
if [ ! $code -eq 200 ]; then
echo "failed: /ui/assets/test.js not accessible"
exit 1
fi
## check /ui/assets/test.css accessible
code=$(curl -v -k -i -m 20 -o /dev/null -s -w %{http_code} http://127.0.0.1:9180/ui/assets/test.css)
if [ ! $code -eq 200 ]; then
echo "failed: /ui/assets/test.css not accessible"
exit 1
fi
## check /ui/ single-page-application fallback
code=$(curl -v -k -i -m 20 -o /dev/null -s -w %{http_code} http://127.0.0.1:9180/ui/not_exist)
if [ ! $code -eq 200 ]; then
echo "failed: /ui/not_exist not accessible"
exit 1
fi
make stop
# test ip restriction
git checkout conf/config.yaml
echo "
deployment:
admin:
enable_admin_ui: true
allow_admin:
- 1.1.1.1/32
" > conf/config.yaml
make run
code=$(curl -v -k -i -m 20 -o /dev/null -s -w %{http_code} http://127.0.0.1:9180/ui/)
if [ ! $code -eq 403 ]; then
echo "failed: ip restriction not working, expected 403, got $code"
exit 1
fi
make stop
# test admin ui disabled
git checkout conf/config.yaml
echo "
deployment:
admin:
enable_admin_ui: false
" > conf/config.yaml
make init
#### When grep cannot find the value, it uses 1 as the exit code.
#### Due to the use of set -e, any non-zero exit will terminate the
#### script, so grep is written inside the if statement here.
if grep "location ^~ /ui/" conf/nginx.conf > /dev/null; then
echo "failed: failed to disable embedded admin ui"
exit 1
fi
# test admin UI explicitly enabled
git checkout conf/config.yaml
echo "
deployment:
admin:
enable_admin_ui: true
" > conf/config.yaml
make init
if ! grep "location ^~ /ui/" conf/nginx.conf > /dev/null; then
echo "failed: failed to explicitly enable embedded admin ui"
exit 1
fi

63
CloudronPackages/APISIX/apisix-source/t/cli/test_apisix_mirror.sh Executable file
View File

@@ -0,0 +1,63 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
. ./t/cli/common.sh
exit_if_not_customed_nginx
echo '
nginx_config:
http:
enable_access_log: false
' > conf/config.yaml
rm logs/error.log || true
make init
make run
sleep 0.1
admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g')
curl -k -i http://127.0.0.1:9180/apisix/admin/routes/1 -H "X-API-KEY: $admin_key" -X PUT -d '
{
"upstream": {
"nodes": {
"httpbin.org:80": 1
},
"type": "roundrobin"
},
"uri": "/get"
}'
sleep 0.1
curl -k -i http://127.0.0.1:9080/get
sleep 0.1
if ! grep "apisix_mirror_on_demand on;" conf/nginx.conf > /dev/null; then
echo "failed: apisix_mirror_on_demand should on when running on apisix-runtime"
exit 1
fi
if grep -E "invalid URL prefix" logs/error.log > /dev/null; then
echo "failed: apisix_mirror_on_demand should on when running on apisix-runtime"
exit 1
fi
echo "passed: apisix_mirror_on_demand is on when running on apisix-runtime"

66
CloudronPackages/APISIX/apisix-source/t/cli/test_ci_only.sh Executable file
View File

@@ -0,0 +1,66 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is like other test_*.sh, but requires extra dependencies which
# you don't need in daily development.
. ./t/cli/common.sh
# check error handling when connecting to old etcd
git checkout conf/config.yaml
echo '
deployment:
role: traditional
role_traditional:
config_provider: etcd
etcd:
host:
- "http://127.0.0.1:3379"
prefix: "/apisix"
' > conf/config.yaml
out=$(make init 2>&1 || true)
if ! echo "$out" | grep 'etcd cluster version 3.3.0 is less than the required version 3.4.0'; then
echo "failed: properly handle the error when connecting to old etcd"
exit 1
fi
echo "passed: properly handle the error when connecting to old etcd"
# It is forbidden to run apisix under the "/root" directory.
git checkout conf/config.yaml
mkdir /root/apisix
cp -r ./* /root/apisix
cd /root/apisix
make init
out=$(make run 2>&1 || true)
if ! echo "$out" | grep "Error: It is forbidden to run APISIX in the /root directory"; then
echo "failed: should echo It is forbidden to run APISIX in the /root directory"
exit 1
fi
cd -
echo "passed: successfully prohibit APISIX from running in the /root directory"
rm -rf /root/apisix

224
CloudronPackages/APISIX/apisix-source/t/cli/test_cmd.sh Executable file
View File

@@ -0,0 +1,224 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
. ./t/cli/common.sh
git checkout conf/config.yaml
# check restart with old nginx.pid exist
echo "-1" > logs/nginx.pid
out=$(./bin/apisix start 2>&1 || true)
if echo "$out" | grep "the old APISIX is still running"; then
rm logs/nginx.pid
echo "failed: should reject bad nginx.pid"
exit 1
fi
./bin/apisix stop
sleep 0.5
rm logs/nginx.pid || true
# check no corresponding process
make run
oldpid=$(< logs/nginx.pid)
make stop
sleep 0.5
echo $oldpid > logs/nginx.pid
out=$(make run || true)
if ! echo "$out" | grep "nginx.pid exists but there's no corresponding process with pid"; then
echo "failed: should find no corresponding process"
exit 1
fi
make stop
echo "pass: no corresponding process"
# check running when run repeatedly
out=$(make run; make run || true)
if ! echo "$out" | grep "the old APISIX is still running"; then
echo "failed: should find APISIX running"
exit 1
fi
make stop
echo "pass: check APISIX running"
# check customized config
git checkout conf/config.yaml
# start with not existed customized config
make init
if ./bin/apisix start -c conf/not_existed_config.yaml; then
echo "failed: apisix still start with invalid customized config.yaml"
exit 1
fi
# start with customized config
echo "
deployment:
admin:
admin_listen:
port: 9180
https_admin: true
admin_api_mtls:
admin_ssl_cert: '../t/certs/apisix_admin_ssl.crt'
admin_ssl_cert_key: '../t/certs/apisix_admin_ssl.key'
admin_key_required: true # Enable Admin API authentication by default for security.
admin_key:
-
name: admin # admin: write access to configurations.
key: edd1c9f034335f136f87ad84b625c8f1
role: admin
" > conf/customized_config.yaml
./bin/apisix start -c conf/customized_config.yaml
# check if .customized_config_path has been created
if [ ! -e conf/.customized_config_path ]; then
rm conf/customized_config.yaml
echo ".customized_config_path should exits"
exit 1
fi
# check if the custom config is used
code=$(curl -k -i -m 20 -o /dev/null -s -w %{http_code} https://127.0.0.1:9180/apisix/admin/routes -H "X-API-KEY: edd1c9f034335f136f87ad84b625c8f1")
if [ ! $code -eq 200 ]; then
rm conf/customized_config.yaml
echo "failed: customized config.yaml not be used"
exit 1
fi
make stop
# check if .customized_config_path has been removed
if [ -e conf/.customized_config_path ]; then
rm conf/customized_config_path.yaml
echo ".customized_config_path should be removed"
exit 1
fi
# start with invalied config
echo "abc" > conf/customized_config.yaml
if ./bin/apisix start -c conf/customized_config.yaml ; then
rm conf/customized_config.yaml
echo "start should be failed"
exit 1
fi
# check if apisix can be started use correctly default config. (https://github.com/apache/apisix/issues/9700)
./bin/apisix start
sleep 1
admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g')
echo "look here" $admin_key
code=$(curl -k -i -m 20 -o /dev/null -s -w %{http_code} http://127.0.0.1:9180/apisix/admin/routes -H "X-API-KEY: $admin_key")
if [ ! $code -eq 200 ]; then
rm conf/customized_config.yaml
echo "failed: should use default config"
exit 1
fi
make stop
# check if apisix can be started after multiple start failures. (https://github.com/apache/apisix/issues/9171)
echo "
deployment:
admin:
admin_listen:
port: 9180
https_admin: true
admin_api_mtls:
admin_ssl_cert: '../t/certs/apisix_admin_ssl.crt'
admin_ssl_cert_key: '../t/certs/apisix_admin_ssl.key'
etcd:
host:
- http://127.0.0.1:22379
" > conf/customized_config.yaml
./bin/apisix start -c conf/customized_config.yaml || true
./bin/apisix start -c conf/customized_config.yaml || true
./bin/apisix start -c conf/customized_config.yaml || true
echo "
deployment:
admin:
admin_listen:
port: 9180
https_admin: true
admin_api_mtls:
admin_ssl_cert: '../t/certs/apisix_admin_ssl.crt'
admin_ssl_cert_key: '../t/certs/apisix_admin_ssl.key'
admin_key_required: true # Enable Admin API authentication by default for security.
admin_key:
-
name: admin # admin: write access to configurations.
key: edd1c9f034335f136f87ad84b625c8f1
role: admin
" > conf/customized_config.yaml
./bin/apisix start -c conf/customized_config.yaml
code=$(curl -k -i -m 20 -o /dev/null -s -w %{http_code} https://127.0.0.1:9180/apisix/admin/routes -H "X-API-KEY: edd1c9f034335f136f87ad84b625c8f1")
if [ ! $code -eq 200 ]; then
rm conf/customized_config.yaml
echo "failed: should use default config"
exit 1
fi
rm conf/customized_config.yaml
echo "passed: test customized config successful"
# test quit command
bin/apisix start
if ! ps -ef | grep "apisix" | grep "master process" | grep -v "grep"; then
echo "apisix not started"
exit 1
fi
bin/apisix quit
sleep 2
if ps -ef | grep "worker process is shutting down" | grep -v "grep"; then
echo "all workers should exited"
exit 1
fi
echo "passed: test quit command successful"
# test reload command
bin/apisix start
if ! ps -ef | grep "apisix" | grep "master process" | grep -v "grep"; then
echo "apisix not started"
exit 1
fi
bin/apisix reload
sleep 3
if ps -ef | grep "worker process is shutting down" | grep -v "grep"; then
echo "old workers should exited"
exit 1
fi
echo "passed: test reload command successful"

181
CloudronPackages/APISIX/apisix-source/t/cli/test_control.sh Executable file
View File

@@ -0,0 +1,181 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
. ./t/cli/common.sh
# control server
echo '
apisix:
enable_control: true
' > conf/config.yaml
make init
if ! grep "listen 127.0.0.1:9090;" conf/nginx.conf > /dev/null; then
echo "failed: find default address for control server"
exit 1
fi
make run
sleep 0.1
set +e
times=1
code=000
while [ $code -eq 000 ] && [ $times -lt 10 ]
do
code=$(curl -v -k -i -m 20 -o /dev/null -s -w %{http_code} http://127.0.0.1:9090/v1/schema)
sleep 0.2
times=$(($times+1))
done
set -e
if [ ! $code -eq 200 ]; then
echo "failed: access control server"
exit 1
fi
code=$(curl -v -k -i -m 20 -o /dev/null -s -w %{http_code} http://127.0.0.1:9090/v0/schema)
if [ ! $code -eq 404 ]; then
echo "failed: handle route not found"
exit 1
fi
make stop
echo '
apisix:
enable_control: true
control:
ip: 127.0.0.2
' > conf/config.yaml
make init
if ! grep "listen 127.0.0.2:9090;" conf/nginx.conf > /dev/null; then
echo "failed: customize address for control server"
exit 1
fi
make run
sleep 0.1
set +e
times=1
code=000
while [ $code -eq 000 ] && [ $times -lt 10 ]
do
code=$(curl -v -k -i -m 20 -o /dev/null -s -w %{http_code} http://127.0.0.2:9090/v1/schema)
sleep 0.2
times=$(($times+1))
done
set -e
if [ ! $code -eq 200 ]; then
echo "failed: access control server"
exit 1
fi
make stop
echo '
apisix:
enable_control: true
control:
port: 9092
' > conf/config.yaml
make init
if ! grep "listen 127.0.0.1:9092;" conf/nginx.conf > /dev/null; then
echo "failed: customize address for control server"
exit 1
fi
make run
sleep 0.1
set +e
times=1
code=000
while [ $code -eq 000 ] && [ $times -lt 10 ]
do
code=$(curl -v -k -i -m 20 -o /dev/null -s -w %{http_code} http://127.0.0.1:9092/v1/schema)
sleep 0.2
times=$(($times+1))
done
set -e
if [ ! $code -eq 200 ]; then
echo "failed: access control server"
exit 1
fi
make stop
echo '
apisix:
enable_control: false
' > conf/config.yaml
make init
if grep "listen 127.0.0.1:9090;" conf/nginx.conf > /dev/null; then
echo "failed: disable control server"
exit 1
fi
echo '
apisix:
node_listen: 9090
enable_control: true
control:
port: 9090
' > conf/config.yaml
out=$(make init 2>&1 || true)
if ! echo "$out" | grep "http listen port 9090 conflicts with control"; then
echo "failed: can't detect port conflicts"
exit 1
fi
echo '
apisix:
node_listen: 9080
enable_control: true
control:
port: 9091
plugin_attr:
prometheus:
export_addr:
ip: "127.0.0.1"
port: 9091
' > conf/config.yaml
out=$(make init 2>&1 || true)
if ! echo "$out" | grep "prometheus port 9091 conflicts with control"; then
echo "failed: can't detect port conflicts"
exit 1
fi
echo "pass: access control server"

73
CloudronPackages/APISIX/apisix-source/t/cli/test_core_config.sh Executable file
View File

@@ -0,0 +1,73 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
. ./t/cli/common.sh
echo "
nginx_config:
max_pending_timers: 10240
max_running_timers: 2561
" > conf/config.yaml
make init
count=$(grep -c "lua_max_pending_timers 10240;" conf/nginx.conf)
if [ "$count" -ne 1 ]; then
echo "failed: failed to set lua_max_pending_timers"
exit 1
fi
echo "passed: set lua_max_pending_timers successfully"
count=$(grep -c "lua_max_running_timers 2561;" conf/nginx.conf)
if [ "$count" -ne 1 ]; then
echo "failed: failed to set lua_max_running_timers"
exit 1
fi
echo "passed: set lua_max_running_timers successfully"
echo "
apisix:
proxy_mode: http&stream
stream_proxy:
tcp:
- addr: 9100
nginx_config:
max_pending_timers: 10240
max_running_timers: 2561
" > conf/config.yaml
make init
count=$(grep -c "lua_max_pending_timers 10240;" conf/nginx.conf)
if [ "$count" -ne 2 ]; then
echo "failed: failed to set lua_max_pending_timers in stream proxy"
exit 1
fi
echo "passed: set lua_max_pending_timers successfully in stream proxy"
count=$(grep -c "lua_max_running_timers 2561;" conf/nginx.conf)
if [ "$count" -ne 2 ]; then
echo "failed: failed to set lua_max_running_timers in stream proxy"
exit 1
fi
echo "passed: set lua_max_running_timers successfully in stream proxy"

69
CloudronPackages/APISIX/apisix-source/t/cli/test_deployment_control_plane.sh Executable file
View File

@@ -0,0 +1,69 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
. ./t/cli/common.sh
# The 'admin.apisix.dev' is injected by ci/common.sh@set_coredns
echo '
apisix:
enable_admin: false
deployment:
role: control_plane
role_control_plane:
config_provider: etcd
etcd:
prefix: "/apisix"
host:
- http://127.0.0.1:2379
' > conf/config.yaml
make run
sleep 1
admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g')
code=$(curl -o /dev/null -s -w %{http_code} http://127.0.0.1:9180/apisix/admin/routes -H "X-API-KEY: $admin_key")
if [ ! $code -eq 200 ]; then
echo "failed: control_plane should enable Admin API"
exit 1
fi
echo "passed: control_plane should enable Admin API"
admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g')
curl -i http://127.0.0.1:9180/apisix/admin/routes/1 -H "X-API-KEY: $admin_key" -X PUT -d '
{
"upstream": {
"nodes": {
"httpbin.org:80": 1
},
"type": "roundrobin"
},
"uri": "/*"
}'
admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g')
code=$(curl -o /dev/null -s -w %{http_code} http://127.0.0.1:9180/c -H "X-API-KEY: $admin_key")
make stop
if [ ! $code -eq 404 ]; then
echo "failed: should disable request proxy"
exit 1
fi
echo "passed: should disable request proxy"

83
CloudronPackages/APISIX/apisix-source/t/cli/test_deployment_data_plane.sh Executable file
View File

@@ -0,0 +1,83 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
. ./t/cli/common.sh
# clean etcd data
etcdctl del / --prefix
# data_plane does not write data to etcd
echo '
deployment:
role: data_plane
role_data_plane:
config_provider: etcd
etcd:
host:
- https://127.0.0.1:12379
prefix: "/apisix"
timeout: 30
tls:
verify: false
' > conf/config.yaml
make run
sleep 1
res=$(etcdctl get / --prefix | wc -l)
if [ ! $res -eq 0 ]; then
echo "failed: data_plane should not write data to etcd"
exit 1
fi
echo "passed: data_plane does not write data to etcd"
admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g')
code=$(curl -o /dev/null -s -w %{http_code} http://127.0.0.1:9080/apisix/admin/routes -H "X-API-KEY: $admin_key")
make stop
if [ ! $code -eq 404 ]; then
echo "failed: data_plane should not enable Admin API"
exit 1
fi
echo "passed: data_plane should not enable Admin API"
echo '
deployment:
role: data_plane
role_data_plane:
config_provider: etcd
etcd:
host:
- https://127.0.0.1:12379
prefix: "/apisix"
timeout: 30
' > conf/config.yaml
out=$(make run 2>&1 || true)
make stop
if ! echo "$out" | grep 'failed to load the configuration: https://127.0.0.1:12379: certificate verify failed'; then
echo "failed: should verify certificate by default"
exit 1
fi
echo "passed: should verify certificate by default"

178
CloudronPackages/APISIX/apisix-source/t/cli/test_deployment_data_plane_with_readonly_etcd.sh Executable file
View File

@@ -0,0 +1,178 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
. ./t/cli/common.sh
# clean etcd data
etcdctl del / --prefix
# non data_plane can prepare dirs when init etcd
echo '
deployment:
role: traditional
role_traditional:
config_provider: etcd
etcd:
host:
- http://127.0.0.1:2379
prefix: /apisix
timeout: 30
' >conf/config.yaml
out=$(make init 2>&1 || true)
if ! echo "$out" | grep 'trying to initialize the data of etcd'; then
echo "failed: non data_plane should init the data of etcd"
exit 1
fi
echo "passed: non data_plane can init the data of etcd"
# start apisix to test non data_plane can work with etcd
make run
sleep 3
admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g')
curl -o /dev/null -s -w %{http_code} -i http://127.0.0.1:9180/apisix/admin/routes/1 -H "X-API-KEY: $admin_key" -X PUT -d '
{
"upstream": {
"nodes": {
"127.0.0.1:1980": 1
},
"type": "roundrobin"
},
"uri": "/hello",
"plugins": {
"serverless-pre-function": {
"phase": "rewrite",
"functions": ["
return function(conf, ctx)
local core = require(\"apisix.core\")
return core.response.exit(200)
end
"]
}
}
}'
# check can access the route
code=$(curl -o /dev/null -s -w %{http_code} http://127.0.0.1:9080/hello)
if [ ! "$code" -eq 200 ]; then
echo "failed: non data_plane should be able to access the route"
exit 1
fi
echo "passed: non data_plane can work with etcd"
# prepare for data_plane with etcd
# stop apisix
make stop
sleep 3
# data_plane can skip initializing the data of etcd
echo '
deployment:
role: data_plane
role_data_plane:
config_provider: etcd
etcd:
host:
- http://127.0.0.1:2379
prefix: /apisix
timeout: 30
' >conf/config.yaml
out=$(make init 2>&1 || true)
if echo "$out" | grep 'trying to initialize the data of etcd'; then
echo "failed: data_plane should not init the data of etcd"
exit 1
fi
if ! echo "$out" | grep 'access from the data plane to etcd should be read-only, skip initializing the data of etcd'; then
echo "failed: data_plane should skip initializing the data of etcd"
exit 1
fi
echo "passed: data_plane can skip initializing the data of etcd"
# start apisix to test data_plane can work with etcd
make run
sleep 3
code=$(curl -o /dev/null -s -w %{http_code} http://127.0.0.1:9080/hello)
if [ ! "$code" -eq 200 ]; then
echo "failed: data_plane should be able to access the route when using etcd"
exit 1
fi
echo "passed: data_plane can work with etcd"
# prepare for data_plane with read-only etcd
# stop apisix
make stop
sleep 3
# add root user to help disable auth
etcdctl user add "root:test"
etcdctl role add root
etcdctl user grant-role root root
# add readonly user
etcdctl user add "apisix-data-plane:test"
etcdctl role add data-plane-role
etcdctl role grant-permission --prefix=true data-plane-role read /apisix
etcdctl user grant-role apisix-data-plane data-plane-role
# enable auth
etcdctl auth enable
# data_plane can skip initializing the data when using read-only etcd
echo '
deployment:
role: data_plane
role_data_plane:
config_provider: etcd
etcd:
host:
- http://127.0.0.1:2379
user: apisix-data-plane
password: test
prefix: /apisix
timeout: 30
' >conf/config.yaml
out=$(make init 2>&1 || true)
if echo "$out" | grep 'trying to initialize the data of etcd'; then
echo "failed: data_plane should not init the data of etcd (read-only)"
exit 1
fi
if ! echo "$out" | grep 'access from the data plane to etcd should be read-only, skip initializing the data of etcd'; then
echo "failed: data_plane should skip initializing the data of etcd (read-only)"
exit 1
fi
echo "passed: data_plane can skip initializing the data of etcd (read-only)"
# start apisix to test data_plane can work with read-only etcd
make run
sleep 3
code=$(curl -o /dev/null -s -w %{http_code} http://127.0.0.1:9080/hello)
if [ ! "$code" -eq 200 ]; then
echo "failed: data_plane should be able to access the route when using read-only etcd"
exit 1
fi
echo "passed: data_plane can work with read-only etcd"
# clean up
etcdctl --user=root:test auth disable
etcdctl user delete apisix-data-plane
etcdctl role delete data-plane-role
etcdctl user delete root
etcdctl role delete root

124
CloudronPackages/APISIX/apisix-source/t/cli/test_deployment_traditional.sh Executable file
View File

@@ -0,0 +1,124 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
. ./t/cli/common.sh
# HTTP
echo '
deployment:
role: traditional
role_traditional:
config_provider: etcd
etcd:
prefix: "/apisix"
host:
- http://127.0.0.1:2379
' > conf/config.yaml
make run
sleep 1
admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g')
code=$(curl -o /dev/null -s -w %{http_code} http://127.0.0.1:9180/apisix/admin/routes -H "X-API-KEY: $admin_key")
make stop
if [ ! $code -eq 200 ]; then
echo "failed: could not connect to etcd with http enabled"
exit 1
fi
# Both HTTP and Stream
echo '
apisix:
proxy_mode: http&stream
enable_admin: true
stream_proxy:
tcp:
- addr: 9100
deployment:
role: traditional
role_traditional:
config_provider: etcd
etcd:
prefix: "/apisix"
host:
- http://127.0.0.1:2379
' > conf/config.yaml
make run
sleep 1
admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g')
code=$(curl -o /dev/null -s -w %{http_code} http://127.0.0.1:9180/apisix/admin/routes -H "X-API-KEY: $admin_key")
make stop
if [ ! $code -eq 200 ]; then
echo "failed: could not connect to etcd with http & stream enabled"
exit 1
fi
# Stream
echo '
apisix:
enable_admin: false
proxy_mode: stream
stream_proxy:
tcp:
- addr: 9100
deployment:
role: traditional
role_traditional:
config_provider: etcd
etcd:
prefix: "/apisix"
host:
- http://127.0.0.1:2379
' > conf/config.yaml
make run
sleep 1
make stop
if grep '\[error\]' logs/error.log; then
echo "failed: could not connect to etcd with stream enabled"
exit 1
fi
echo "passed: could connect to etcd"
echo '
deployment:
role: traditional
role_traditional:
config_provider: etcd
etcd:
host:
- "https://admin.apisix.dev:22379"
prefix: "/apisix"
tls:
verify: false
' > conf/config.yaml
out=$(make init 2>&1 || echo "ouch")
if ! echo "$out" | grep "bad certificate"; then
echo "failed: apisix should echo \"bad certificate\""
exit 1
fi
echo "passed: certificate verify fail expectedly"

175
CloudronPackages/APISIX/apisix-source/t/cli/test_dns.sh Executable file
View File

@@ -0,0 +1,175 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# 'make init' operates scripts and related configuration files in the current directory
# The 'apisix' command is a command in the /usr/local/apisix,
# and the configuration file for the operation is in the /usr/local/apisix/conf
. ./t/cli/common.sh
# dns_resolver_valid
echo '
apisix:
dns_resolver:
- 127.0.0.1
- "[::1]:5353"
dns_resolver_valid: 30
' > conf/config.yaml
make init
if ! grep "resolver 127.0.0.1 \[::1\]:5353 valid=30 ipv6=on;" conf/nginx.conf > /dev/null; then
echo "failed: dns_resolver_valid doesn't take effect"
exit 1
fi
echo '
apisix:
proxy_mode: http&stream
stream_proxy:
tcp:
- 9100
dns_resolver:
- 127.0.0.1
- "[::1]:5353"
dns_resolver_valid: 30
' > conf/config.yaml
make init
count=$(grep -c "resolver 127.0.0.1 \[::1\]:5353 valid=30 ipv6=on;" conf/nginx.conf)
if [ "$count" -ne 2 ]; then
echo "failed: dns_resolver_valid doesn't take effect"
exit 1
fi
echo "pass: dns_resolver_valid takes effect"
echo '
apisix:
proxy_mode: http&stream
stream_proxy:
tcp:
- 9100
dns_resolver:
- 127.0.0.1
- "::1"
- "[::2]"
' > conf/config.yaml
make init
count=$(grep -c "resolver 127.0.0.1 \[::1\] \[::2\] ipv6=on;" conf/nginx.conf)
if [ "$count" -ne 2 ]; then
echo "failed: can't handle IPv6 resolver w/o bracket"
exit 1
fi
echo "pass: handle IPv6 resolver w/o bracket"
# ipv6 config test
echo '
apisix:
enable_ipv6: false
dns_resolver:
- 127.0.0.1
dns_resolver_valid: 30
' > conf/config.yaml
make init
if ! grep "resolver 127.0.0.1 valid=30 ipv6=off;" conf/nginx.conf > /dev/null; then
echo "failed: ipv6 config doesn't take effect"
exit 1
fi
# check dns resolver address
echo '
apisix:
dns_resolver:
- 127.0.0.1
- "fe80::21c:42ff:fe00:18%eth0"
' > conf/config.yaml
out=$(make init 2>&1 || true)
if ! echo "$out" | grep "unsupported DNS resolver"; then
echo "failed: should check dns resolver is unsupported"
exit 1
fi
if ! grep "resolver 127.0.0.1 ipv6=on;" conf/nginx.conf > /dev/null; then
echo "failed: should skip unsupported DNS resolver"
exit 1
fi
if grep "fe80::21c:42ff:fe00:18%eth0" conf/nginx.conf > /dev/null; then
echo "failed: should skip unsupported DNS resolver"
exit 1
fi
echo "passed: check dns resolver"
# dns resolver in stream subsystem
rm logs/error.log || true
echo "
apisix:
enable_admin: true
proxy_mode: http&stream
stream_proxy:
tcp:
- addr: 9100
dns_resolver:
- 127.0.0.1:1053
nginx_config:
error_log_level: info
" > conf/config.yaml
make run
sleep 0.5
admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g')
curl -v -k -i -m 20 -o /dev/null -s -X PUT http://127.0.0.1:9180/apisix/admin/stream_routes/1 \
-H "X-API-KEY: $admin_key" \
-d '{
"upstream": {
"type": "roundrobin",
"nodes": [{
"host": "sd.test.local",
"port": 1995,
"weight": 1
}]
}
}'
curl http://127.0.0.1:9100 || true
make stop
sleep 0.1 # wait for logs output
if grep -E 'dns client error: 101 empty record received while prereading client data' logs/error.log; then
echo "failed: resolve upstream host in stream subsystem should works fine"
exit 1
fi
if ! grep -E 'dns resolver domain: sd.test.local to 127.0.0.(1|2) while prereading client data' logs/error.log; then
echo "failed: resolve upstream host in preread phase should works fine"
exit 1
fi
echo "success: resolve upstream host in stream subsystem works fine"

55
CloudronPackages/APISIX/apisix-source/t/cli/test_dubbo.sh Executable file
View File

@@ -0,0 +1,55 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
. ./t/cli/common.sh
exit_if_not_customed_nginx
# enable dubbo
echo '
plugins:
- dubbo-proxy
' > conf/config.yaml
make init
if ! grep "location @dubbo_pass " conf/nginx.conf > /dev/null; then
echo "failed: dubbo location not found in nginx.conf"
exit 1
fi
echo "passed: found dubbo location in nginx.conf"
# dubbo multiplex configuration
echo '
plugins:
- dubbo-proxy
plugin_attr:
dubbo-proxy:
upstream_multiplex_count: 16
' > conf/config.yaml
make init
if ! grep "multi 16;" conf/nginx.conf > /dev/null; then
echo "failed: dubbo multiplex configuration not found in nginx.conf"
exit 1
fi
echo "passed: found dubbo multiplex configuration in nginx.conf"

201
CloudronPackages/APISIX/apisix-source/t/cli/test_etcd.sh Executable file
View File

@@ -0,0 +1,201 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
. ./t/cli/common.sh
# check etcd while enable auth
git checkout conf/config.yaml
export ETCDCTL_API=3
etcdctl version
etcdctl --endpoints=127.0.0.1:2379 user add "root:apache-api6"
etcdctl --endpoints=127.0.0.1:2379 role add root
etcdctl --endpoints=127.0.0.1:2379 user grant-role root root
etcdctl --endpoints=127.0.0.1:2379 user get root
etcdctl --endpoints=127.0.0.1:2379 auth enable
etcdctl --endpoints=127.0.0.1:2379 --user=root:apache-api6 del /apisix --prefix
echo '
deployment:
role: traditional
role_traditional:
config_provider: etcd
etcd:
host:
- http://127.0.0.1:2379
prefix: /apisix
timeout: 30
user: root
password: apache-api6
' > conf/config.yaml
make init
cmd_res=`etcdctl --endpoints=127.0.0.1:2379 --user=root:apache-api6 get /apisix --prefix`
etcdctl --endpoints=127.0.0.1:2379 --user=root:apache-api6 auth disable
etcdctl --endpoints=127.0.0.1:2379 role delete root
etcdctl --endpoints=127.0.0.1:2379 user delete root
init_kv=(
"/apisix/consumers/ init_dir"
"/apisix/global_rules/ init_dir"
"/apisix/plugin_metadata/ init_dir"
"/apisix/plugins/ init_dir"
"/apisix/protos/ init_dir"
"/apisix/routes/ init_dir"
"/apisix/services/ init_dir"
"/apisix/ssls/ init_dir"
"/apisix/stream_routes/ init_dir"
"/apisix/upstreams/ init_dir"
)
IFS=$'\n'
for kv in ${init_kv[@]}
do
count=`echo $cmd_res | grep -c ${kv} || true`
if [ $count -ne 1 ]; then
echo "failed: failed to match ${kv}"
exit 1
fi
done
echo "passed: etcd auth enabled and init kv has been set up correctly"
out=$(make init 2>&1 || true)
if ! echo "$out" | grep 'authentication is not enabled'; then
echo "failed: properly handle the error when connecting to etcd without auth"
exit 1
fi
echo "passed: properly handle the error when connecting to etcd without auth"
# Check etcd retry if connect failed
git checkout conf/config.yaml
echo '
deployment:
role: traditional
role_traditional:
config_provider: etcd
etcd:
host:
- http://127.0.0.1:2389
prefix: /apisix
' > conf/config.yaml
out=$(make init 2>&1 || true)
if ! echo "$out" | grep "retry time"; then
echo "failed: apisix should echo \"retry time\""
exit 1
fi
echo "passed: Show retry time info successfully"
# Check etcd connect refused
git checkout conf/config.yaml
echo '
deployment:
role: traditional
role_traditional:
config_provider: etcd
etcd:
host:
- http://127.0.0.1:2389
prefix: /apisix
' > conf/config.yaml
out=$(make init 2>&1 || true)
if ! echo "$out" | grep "connection refused"; then
echo "failed: apisix should echo \"connection refused\""
exit 1
fi
echo "passed: Show connection refused info successfully"
# Check etcd auth error
git checkout conf/config.yaml
export ETCDCTL_API=3
etcdctl version
etcdctl --endpoints=127.0.0.1:2379 user add "root:apache-api6"
etcdctl --endpoints=127.0.0.1:2379 role add root
etcdctl --endpoints=127.0.0.1:2379 user grant-role root root
etcdctl --endpoints=127.0.0.1:2379 user get root
etcdctl --endpoints=127.0.0.1:2379 auth enable
etcdctl --endpoints=127.0.0.1:2379 --user=root:apache-api6 del /apisix --prefix
echo '
deployment:
role: traditional
role_traditional:
config_provider: etcd
etcd:
host:
- http://127.0.0.1:2379
prefix: /apisix
timeout: 30
user: root
password: apache-api7
' > conf/config.yaml
out=$(make init 2>&1 || true)
if ! echo "$out" | grep "invalid user ID or password"; then
echo "failed: should echo \"invalid user ID or password\""
exit 1
fi
echo "passed: show password error successfully"
# clean etcd auth
etcdctl --endpoints=127.0.0.1:2379 --user=root:apache-api6 auth disable
etcdctl --endpoints=127.0.0.1:2379 role delete root
etcdctl --endpoints=127.0.0.1:2379 user delete root
# check connect to etcd with ipv6 address
git checkout conf/config.yaml
echo '
deployment:
role: traditional
role_traditional:
config_provider: etcd
etcd:
host:
- http://[::1]:2379
prefix: /apisix
timeout: 30
' > conf/config.yaml
rm logs/error.log || true
make run
sleep 0.1
if grep "update endpoint: http://\[::1\]:2379 to unhealthy" logs/error.log; then
echo "failed: connect to etcd via ipv6 address failed"
exit 1
fi
if grep "host or service not provided, or not known" logs/error.log; then
echo "failed: luasocket resolve ipv6 addresses failed"
exit 1
fi
make stop
echo "passed: connect to etcd via ipv6 address successfully"

145
CloudronPackages/APISIX/apisix-source/t/cli/test_etcd_healthcheck.sh Executable file
View File

@@ -0,0 +1,145 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
. ./t/cli/common.sh
# create 3 node etcd cluster in docker
ETCD_NAME_0=etcd0
ETCD_NAME_1=etcd1
ETCD_NAME_2=etcd2
HEALTH_CHECK_RETRY_TIMEOUT=10
if [ -z "logs/error.log" ]; then
git checkout logs/error.log
fi
echo '
deployment:
role: traditional
role_traditional:
config_provider: etcd
etcd:
host:
- "http://127.0.0.1:23790"
- "http://127.0.0.1:23791"
- "http://127.0.0.1:23792"
health_check_timeout: '"$HEALTH_CHECK_RETRY_TIMEOUT"'
timeout: 2
' > conf/config.yaml
docker compose -f ./t/cli/docker-compose-etcd-cluster.yaml up -d
# case 1: Check apisix not got effected when one etcd node disconnected
make init && make run
docker stop ${ETCD_NAME_0}
admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g')
code=$(curl -o /dev/null -s -w %{http_code} http://127.0.0.1:9180/apisix/admin/routes -H "X-API-KEY: $admin_key")
if [ ! $code -eq 200 ]; then
echo "failed: apisix got effect when one etcd node out of a cluster disconnected"
exit 1
fi
docker start ${ETCD_NAME_0}
docker stop ${ETCD_NAME_1}
admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g')
code=$(curl -o /dev/null -s -w %{http_code} http://127.0.0.1:9180/apisix/admin/routes -H "X-API-KEY: $admin_key")
if [ ! $code -eq 200 ]; then
echo "failed: apisix got effect when one etcd node out of a cluster disconnected"
exit 1
fi
docker start ${ETCD_NAME_1}
make stop
echo "passed: apisix not got effected when one etcd node disconnected"
# case 2: Check when all etcd nodes disconnected, apisix trying to reconnect with backoff, and could successfully recover when reconnected
make init && make run
docker stop ${ETCD_NAME_0} && docker stop ${ETCD_NAME_1} && docker stop ${ETCD_NAME_2}
sleep_till=$(date +%s -d "$DATE + $HEALTH_CHECK_RETRY_TIMEOUT second")
admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g')
code=$(curl -o /dev/null -s -w %{http_code} http://127.0.0.1:9180/apisix/admin/routes -H "X-API-KEY: $admin_key")
if [ $code -eq 200 ]; then
echo "failed: apisix not got effect when all etcd nodes disconnected"
exit 1
fi
docker start ${ETCD_NAME_0} && docker start ${ETCD_NAME_1} && docker start ${ETCD_NAME_2}
# case 3: sleep till etcd health check try to check again
current_time=$(date +%s)
sleep_seconds=$(( $sleep_till - $current_time + 3))
if [ "$sleep_seconds" -gt 0 ]; then
sleep $sleep_seconds
fi
admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g')
code=$(curl -o /dev/null -s -w %{http_code} http://127.0.0.1:9180/apisix/admin/routes -H "X-API-KEY: $admin_key")
if [ ! $code -eq 200 ]; then
echo "failed: apisix could not recover when etcd node recover"
docker ps
cat logs/error.log
exit 1
fi
make stop
echo "passed: when all etcd nodes disconnected, apisix trying to reconnect with backoff, and could successfully recover when reconnected"
# case 4: stop one etcd node (result: start successful)
docker stop ${ETCD_NAME_0}
out=$(make init 2>&1)
if echo "$out" | grep "23790" | grep "connection refused"; then
echo "passed: APISIX successfully to start, stop only one etcd node"
else
echo "failed: stop only one etcd node APISIX should start normally"
exit 1
fi
# case 5: stop two etcd nodes (result: start failure)
docker stop ${ETCD_NAME_1}
out=$(make init 2>&1 || true)
if echo "$out" | grep "23791" | grep "connection refused"; then
echo "passed: APISIX failed to start, etcd cluster must have two or more healthy nodes"
else
echo "failed: two etcd nodes have been stopped, APISIX should fail to start"
exit 1
fi
# case 6: stop all etcd nodes (result: start failure)
docker stop ${ETCD_NAME_2}
out=$(make init 2>&1 || true)
if echo "$out" | grep "23792" | grep "connection refused"; then
echo "passed: APISIX failed to start, all etcd nodes have stopped"
else
echo "failed: all etcd nodes have stopped, APISIX should not be able to start"
exit 1
fi
# stop etcd docker container
docker compose -f ./t/cli/docker-compose-etcd-cluster.yaml down

210
CloudronPackages/APISIX/apisix-source/t/cli/test_etcd_mtls.sh Executable file
View File

@@ -0,0 +1,210 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
. ./t/cli/common.sh
exit_if_not_customed_nginx
# The 'admin.apisix.dev' is injected by ci/common.sh@set_coredns
# etcd mTLS verify
echo '
deployment:
role: traditional
role_traditional:
config_provider: etcd
etcd:
host:
- "https://admin.apisix.dev:22379"
prefix: "/apisix"
tls:
cert: t/certs/mtls_client.crt
key: t/certs/mtls_client.key
verify: false
' > conf/config.yaml
out=$(make init 2>&1 || echo "ouch")
if echo "$out" | grep "bad certificate"; then
echo "failed: apisix should not echo \"bad certificate\""
exit 1
fi
echo "passed: certificate verify success expectedly"
echo '
deployment:
role: traditional
role_traditional:
config_provider: etcd
etcd:
host:
- "https://admin.apisix.dev:22379"
prefix: "/apisix"
tls:
verify: false
' > conf/config.yaml
out=$(make init 2>&1 || echo "ouch")
if ! echo "$out" | grep "bad certificate"; then
echo "failed: apisix should echo \"bad certificate\""
exit 1
fi
echo "passed: certificate verify fail expectedly"
# etcd mTLS verify with CA
echo '
apisix:
ssl:
ssl_trusted_certificate: t/certs/mtls_ca.crt
deployment:
role: traditional
role_traditional:
config_provider: etcd
etcd:
host:
- "https://admin.apisix.dev:22379"
prefix: "/apisix"
tls:
cert: t/certs/mtls_client.crt
key: t/certs/mtls_client.key
' > conf/config.yaml
out=$(make init 2>&1 || echo "ouch")
if echo "$out" | grep "certificate verify failed"; then
echo "failed: apisix should not echo \"certificate verify failed\""
exit 1
fi
if echo "$out" | grep "ouch"; then
echo "failed: apisix should not fail"
exit 1
fi
echo "passed: certificate verify with CA success expectedly"
# etcd mTLS in stream subsystem
echo '
apisix:
proxy_mode: http&stream
stream_proxy:
tcp:
- addr: 9100
ssl:
ssl_trusted_certificate: t/certs/mtls_ca.crt
deployment:
role: traditional
role_traditional:
config_provider: etcd
etcd:
host:
- "https://admin.apisix.dev:22379"
prefix: "/apisix"
tls:
cert: t/certs/mtls_client.crt
key: t/certs/mtls_client.key
' > conf/config.yaml
out=$(make init 2>&1 || echo "ouch")
if echo "$out" | grep "certificate verify failed"; then
echo "failed: apisix should not echo \"certificate verify failed\""
exit 1
fi
if echo "$out" | grep "ouch"; then
echo "failed: apisix should not fail"
exit 1
fi
rm logs/error.log || true
make run
sleep 1
make stop
if grep "\[error\]" logs/error.log; then
echo "failed: veirfy etcd certificate during sync should not fail"
fi
echo "passed: certificate verify in stream subsystem successfully"
# use host in etcd.host as sni by default
git checkout conf/config.yaml
echo '
apisix:
ssl:
ssl_trusted_certificate: t/certs/mtls_ca.crt
deployment:
role: traditional
role_traditional:
config_provider: etcd
etcd:
host:
- "https://127.0.0.1:22379"
prefix: "/apisix"
tls:
cert: t/certs/mtls_client.crt
key: t/certs/mtls_client.key
' > conf/config.yaml
rm logs/error.log || true
make init
make run
sleep 1
make stop
if ! grep -F 'certificate host mismatch' logs/error.log; then
echo "failed: should got certificate host mismatch when use host in etcd.host as sni"
exit 1
fi
echo "passed: use host in etcd.host as sni by default"
# specify custom sni instead of using etcd.host
git checkout conf/config.yaml
echo '
apisix:
ssl:
ssl_trusted_certificate: t/certs/mtls_ca.crt
deployment:
role: traditional
role_traditional:
config_provider: etcd
etcd:
host:
- "https://127.0.0.1:22379"
prefix: "/apisix"
tls:
cert: t/certs/mtls_client.crt
key: t/certs/mtls_client.key
sni: "admin.apisix.dev"
' > conf/config.yaml
rm logs/error.log || true
make init
make run
sleep 1
make stop
if grep -E 'certificate host mismatch' logs/error.log; then
echo "failed: should use specify custom sni"
exit 1
fi
echo "passed: specify custom sni instead of using etcd.host"

133
CloudronPackages/APISIX/apisix-source/t/cli/test_etcd_sync_event_handle.sh Executable file
View File

@@ -0,0 +1,133 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
. ./t/cli/common.sh
# check etcd while enable auth
git checkout conf/config.yaml
# Make new routes
etcdctl --endpoints=127.0.0.1:2379 del --prefix /apisix/routes/
etcdctl --endpoints=127.0.0.1:2379 put /apisix/routes/ init_dir
etcdctl --endpoints=127.0.0.1:2379 put /apisix/routes/1 '{"uri":"/1","plugins":{}}'
etcdctl --endpoints=127.0.0.1:2379 put /apisix/routes/2 '{"uri":"/2","plugins":{}}'
etcdctl --endpoints=127.0.0.1:2379 put /apisix/routes/3 '{"uri":"/3","plugins":{}}'
etcdctl --endpoints=127.0.0.1:2379 put /apisix/routes/4 '{"uri":"/4","plugins":{}}'
etcdctl --endpoints=127.0.0.1:2379 put /apisix/routes/5 '{"uri":"/5","plugins":{}}'
# Connect by unauthenticated
echo '
deployment:
role: traditional
role_traditional:
config_provider: etcd
etcd:
host:
- http://127.0.0.1:2379
prefix: /apisix
nginx_config:
error_log_level: info
worker_processes: 1
' > conf/config.yaml
# Initialize and start APISIX without password
make init
make run
# Test request
curl -s -o /dev/null -w "%{http_code}" http://127.0.0.1:9080/1 | grep 503 || (echo "failed: Round 1 Request 1 unexpected"; exit 1)
curl -s -o /dev/null -w "%{http_code}" http://127.0.0.1:9080/2 | grep 503 || (echo "failed: Round 1 Request 2 unexpected"; exit 1)
curl -s -o /dev/null -w "%{http_code}" http://127.0.0.1:9080/3 | grep 503 || (echo "failed: Round 1 Request 3 unexpected"; exit 1)
curl -s -o /dev/null -w "%{http_code}" http://127.0.0.1:9080/4 | grep 503 || (echo "failed: Round 1 Request 4 unexpected"; exit 1)
curl -s -o /dev/null -w "%{http_code}" http://127.0.0.1:9080/5 | grep 503 || (echo "failed: Round 1 Request 5 unexpected"; exit 1)
curl -s -o /dev/null -w "%{http_code}" http://127.0.0.1:9080/6 | grep 404 || (echo "failed: Round 1 Request 6 unexpected"; exit 1)
# Enable auth to block APISIX connect
export ETCDCTL_API=3
etcdctl version
etcdctl --endpoints=127.0.0.1:2379 user add "root:apache-api6-sync"
etcdctl --endpoints=127.0.0.1:2379 role add root
etcdctl --endpoints=127.0.0.1:2379 user grant-role root root
etcdctl --endpoints=127.0.0.1:2379 user get root
etcdctl --endpoints=127.0.0.1:2379 auth enable
sleep 3
# Restart etcd services to make sure that APISIX cannot be synchronized
project_compose_ci=ci/pod/docker-compose.common.yml make ci-env-stop
project_compose_ci=ci/pod/docker-compose.common.yml make ci-env-up
# Make some changes when APISIX cannot be synchronized
# Authentication ensures that only etcdctl can access etcd at this time
etcdctl --endpoints=127.0.0.1:2379 --user=root:apache-api6-sync put /apisix/routes/1 '{"uri":"/1","plugins":{"fault-injection":{"abort":{"http_status":204}}}}'
etcdctl --endpoints=127.0.0.1:2379 --user=root:apache-api6-sync put /apisix/routes/2 '{"uri":"/2"}' ## set incorrect configuration
etcdctl --endpoints=127.0.0.1:2379 --user=root:apache-api6-sync put /apisix/routes/3 '{"uri":"/3","plugins":{"fault-injection":{"abort":{"http_status":204}}}}'
etcdctl --endpoints=127.0.0.1:2379 --user=root:apache-api6-sync put /apisix/routes/4 '{"uri":"/4","plugins":{"fault-injection":{"abort":{"http_status":204}}}}'
etcdctl --endpoints=127.0.0.1:2379 --user=root:apache-api6-sync put /apisix/routes/5 '{"uri":"/5","plugins":{"fault-injection":{"abort":{"http_status":204}}}}'
# Resume APISIX synchronization by disable auth
# Since APISIX will not be able to access etcd until authentication is disable,
# watch will be temporarily disabled, so when authentication is disable,
# the backlog events will be sent at once at an offset from when APISIX disconnects.
# When APISIX resumes the connection, it still has not met its mandatory full
# synchronization condition, so it will be "watch" that resumes, not "readdir".
etcdctl --endpoints=127.0.0.1:2379 --user=root:apache-api6-sync auth disable
etcdctl --endpoints=127.0.0.1:2379 user delete root
etcdctl --endpoints=127.0.0.1:2379 role delete root
sleep 5 # wait resync by watch
# Test request
# All but the intentionally incoming misconfigurations should be applied,
# and non-existent routes will remain non-existent.
curl -s -o /dev/null -w "%{http_code}" http://127.0.0.1:9080/1 | grep 204 || (echo "failed: Round 2 Request 1 unexpected"; exit 1)
curl -s -o /dev/null -w "%{http_code}" http://127.0.0.1:9080/2 | grep 503 || (echo "failed: Round 2 Request 2 unexpected"; exit 1)
curl -s -o /dev/null -w "%{http_code}" http://127.0.0.1:9080/3 | grep 204 || (echo "failed: Round 2 Request 3 unexpected"; exit 1)
curl -s -o /dev/null -w "%{http_code}" http://127.0.0.1:9080/4 | grep 204 || (echo "failed: Round 2 Request 4 unexpected"; exit 1)
curl -s -o /dev/null -w "%{http_code}" http://127.0.0.1:9080/5 | grep 204 || (echo "failed: Round 2 Request 5 unexpected"; exit 1)
curl -s -o /dev/null -w "%{http_code}" http://127.0.0.1:9080/6 | grep 404 || (echo "failed: Round 2 Request 6 unexpected"; exit 1)
# Check logs
## Case1: Ensure etcd is disconnected
cat logs/error.log | grep "watchdir err: has no healthy etcd endpoint available" || (echo "Log case 1 unexpected"; exit 1)
## Case2: Ensure events are sent in bulk after connection is restored
## It is extracted from the structure of following type
## result = {
## events = { {
## {
## kv = {
## key = "/apisix/routes/1",
## ...
## }
#### }, {
## kv = {
## key = "/apisix/routes/2",
## ...
## }
## },
## ...
## } },
## header = {
## ...
## }
## }
## After check, it only appears when watch recovers and returns events in bulk.
cat logs/error.log | grep "}, {" || (echo "failed: Log case 2 unexpected"; exit 1)
## Case3: Ensure that the check schema error is actually triggered.
cat logs/error.log | grep "failed to check item data" || (echo "failed: Log case 3 unexpected"; exit 1)

74
CloudronPackages/APISIX/apisix-source/t/cli/test_etcd_tls.sh Executable file
View File

@@ -0,0 +1,74 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# 'make init' operates scripts and related configuration files in the current directory
# The 'apisix' command is a command in the /usr/local/apisix,
# and the configuration file for the operation is in the /usr/local/apisix/conf
. ./t/cli/common.sh
# Check etcd tls verify failure
git checkout conf/config.yaml
echo '
apisix:
ssl:
ssl_trusted_certificate: t/certs/mtls_ca.crt
deployment:
role: traditional
role_traditional:
config_provider: etcd
etcd:
host:
- "https://127.0.0.1:12379"
prefix: "/apisix"
' > conf/config.yaml
out=$(make init 2>&1 || true)
if ! echo "$out" | grep "certificate verify failed"; then
echo "failed: apisix should echo \"certificate verify failed\""
exit 1
fi
echo "passed: Show certificate verify failed info successfully"
# Check etcd tls without verification
git checkout conf/config.yaml
echo '
deployment:
role: traditional
role_traditional:
config_provider: etcd
etcd:
host:
- "https://127.0.0.1:12379"
prefix: "/apisix"
tls:
verify: false
' > conf/config.yaml
out=$(make init 2>&1 || true)
if echo "$out" | grep "certificate verify failed"; then
echo "failed: apisix should not echo \"certificate verify failed\""
exit 1
fi
echo "passed: Certificate verification successfully"

66
CloudronPackages/APISIX/apisix-source/t/cli/test_http_config.sh Executable file
View File

@@ -0,0 +1,66 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
. ./t/cli/common.sh
git checkout conf/config.yaml
echo '
nginx_config:
http:
custom_lua_shared_dict:
my_dict: 1m
' > conf/config.yaml
make init
if ! grep "lua_shared_dict my_dict 1m;" conf/nginx.conf > /dev/null; then
echo "failed: define custom shdict"
exit 1
fi
echo "passed: define custom shdict"
git checkout conf/config.yaml
echo "
plugins:
- ip-restriction
" > conf/config.yaml
make init
if grep "plugin-limit-conn" conf/nginx.conf > /dev/null; then
echo "failed: enable shdict on demand"
exit 1
fi
echo "
plugins:
- limit-conn
" > conf/config.yaml
make init
if ! grep "plugin-limit-conn" conf/nginx.conf > /dev/null; then
echo "failed: enable shdict on demand"
exit 1
fi
echo "passed: enable shdict on demand"

113
CloudronPackages/APISIX/apisix-source/t/cli/test_kubernetes.sh Executable file
View File

@@ -0,0 +1,113 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
. ./t/cli/common.sh
echo '
discovery:
kubernetes:
service:
host: ${HOST_ENV}
client:
token: ${TOKEN_ENV}
' >conf/config.yaml
make init
if ! grep "env HOST_ENV" conf/nginx.conf; then
echo "kubernetes discovery env inject failed"
exit 1
fi
if ! grep "env KUBERNETES_SERVICE_PORT" conf/nginx.conf; then
echo "kubernetes discovery env inject failed"
exit 1
fi
if ! grep "env TOKEN_ENV" conf/nginx.conf; then
echo "kubernetes discovery env inject failed"
exit 1
fi
if ! grep "lua_shared_dict kubernetes 1m;" conf/nginx.conf; then
echo "kubernetes discovery lua_shared_dict inject failed"
exit 1
fi
echo '
discovery:
kubernetes:
- id: dev
service:
host: ${DEV_HOST}
port: ${DEV_PORT}
client:
token: ${DEV_TOKEN}
- id: pro
service:
host: ${PRO_HOST}
port: ${PRO_PORT}
client:
token: ${PRO_TOKEN}
shared_size: 2m
' >conf/config.yaml
make init
if ! grep "env DEV_HOST" conf/nginx.conf; then
echo "kubernetes discovery env inject failed"
exit 1
fi
if ! grep "env DEV_PORT" conf/nginx.conf; then
echo "kubernetes discovery env inject failed"
exit 1
fi
if ! grep "env DEV_TOKEN" conf/nginx.conf; then
echo "kubernetes discovery env inject failed"
exit 1
fi
if ! grep "env PRO_HOST" conf/nginx.conf; then
echo "kubernetes discovery env inject failed"
exit 1
fi
if ! grep "env PRO_PORT" conf/nginx.conf; then
echo "kubernetes discovery env inject failed"
exit 1
fi
if ! grep "env PRO_TOKEN" conf/nginx.conf; then
echo "kubernetes discovery env inject failed"
exit 1
fi
if ! grep "lua_shared_dict kubernetes-dev 1m;" conf/nginx.conf; then
echo "kubernetes discovery lua_shared_dict inject failed"
exit 1
fi
if ! grep "lua_shared_dict kubernetes-pro 2m;" conf/nginx.conf; then
echo "kubernetes discovery lua_shared_dict inject failed"
exit 1
fi
echo "kubernetes discovery inject success"

1002
CloudronPackages/APISIX/apisix-source/t/cli/test_main.sh Executable file
View File

File diff suppressed because it is too large Load Diff

42
CloudronPackages/APISIX/apisix-source/t/cli/test_makefile.sh Executable file
View File

@@ -0,0 +1,42 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
. ./t/cli/common.sh
make run
echo "
deployment:
admin:
admin_listen:
ip: 127.0.0.2
port: 9181
apisix:
enable_admin: true
" > conf/config.yaml
make reload
make stop
if ! grep "listen 127.0.0.2:9181;" conf/nginx.conf > /dev/null; then
echo "failed: regenerate nginx conf in 'make reload'"
exit 1
fi
echo "passed: regenerate nginx conf in 'make reload'"

48
CloudronPackages/APISIX/apisix-source/t/cli/test_opentelemetry_set_ngx_var.sh Executable file
View File

@@ -0,0 +1,48 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
. ./t/cli/common.sh
echo '
plugins:
- opentelemetry
plugin_attr:
opentelemetry:
set_ngx_var: true
' > conf/config.yaml
make init
if ! grep "set \$opentelemetry_context_traceparent '';" conf/nginx.conf > /dev/null; then
echo "failed: opentelemetry_context_traceparent not found in nginx.conf"
exit 1
fi
if ! grep "set \$opentelemetry_trace_id '';" conf/nginx.conf > /dev/null; then
echo "failed: opentelemetry_trace_id not found in nginx.conf"
exit 1
fi
if ! grep "set \$opentelemetry_span_id '';" conf/nginx.conf > /dev/null; then
echo "failed: opentelemetry_span_id not found in nginx.conf"
exit 1
fi
echo "passed: opentelemetry_set_ngx_var configuration is validated"

181
CloudronPackages/APISIX/apisix-source/t/cli/test_prometheus.sh Executable file
View File

@@ -0,0 +1,181 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
. ./t/cli/common.sh
git checkout conf/config.yaml
sleep 1
make run
code=$(curl -v -k -i -m 20 -o /dev/null -s -w %{http_code} http://127.0.0.1:9080/apisix/prometheus/metrics)
if [ ! $code -eq 404 ]; then
echo "failed: should listen at default prometheus address"
exit 1
fi
code=$(curl -v -k -i -m 20 -o /dev/null -s -w %{http_code} http://127.0.0.1:9091/apisix/prometheus/metrics)
if [ ! $code -eq 200 ]; then
echo "failed: should listen at default prometheus address"
exit 1
fi
if ! curl -i http://127.0.0.1:9091/apisix/prometheus/metrics | grep "apisix_nginx_http_current_connections" > /dev/null; then
echo "failed: should listen at default prometheus address"
exit 1
fi
make stop
echo "passed: should listen at default prometheus address"
echo '
plugin_attr:
prometheus:
export_addr:
ip: ${{IP}}
port: ${{PORT}}
' > conf/config.yaml
IP=127.0.0.1 PORT=9092 make run
code=$(curl -v -k -i -m 20 -o /dev/null -s -w %{http_code} http://127.0.0.1:9092/apisix/prometheus/metrics)
if [ ! $code -eq 200 ]; then
echo "failed: should listen at configured prometheus address"
exit 1
fi
make stop
echo "passed: should listen at configured prometheus address"
echo '
plugin_attr:
prometheus:
enable_export_server: false
export_uri: /prometheus/metrics
export_addr:
ip: ${{IP}}
port: ${{PORT}}
' > conf/config.yaml
IP=127.0.0.1 PORT=9092 make run
admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g')
# initialize prometheus metrics public API route #1
code=$(curl -v -k -i -m 20 -o /dev/null -s -w %{http_code} -X PUT http://127.0.0.1:9180/apisix/admin/routes/metrics1 \
-H "X-API-KEY: $admin_key" \
-d "{
\"uri\": \"/prometheus/metrics\",
\"plugins\": {
\"public-api\": {}
}
}")
if [ ! $code -eq 201 ]; then
echo "failed: initialize prometheus metrics public API failed #1"
exit 1
fi
sleep 0.5
code=$(curl -v -k -i -m 20 -o /dev/null -s http://127.0.0.1:9092/prometheus/metrics || echo 'ouch')
if [ "$code" != "ouch" ]; then
echo "failed: should listen at previous prometheus address"
exit 1
fi
code=$(curl -v -k -i -m 20 -o /dev/null -s -w %{http_code} http://127.0.0.1:9080/prometheus/metrics)
if [ ! $code -eq 200 ]; then
echo "failed: should listen at previous prometheus address"
exit 1
fi
make stop
echo "passed: should listen at previous prometheus address"
echo '
plugin_attr:
prometheus:
export_addr:
ip: ${{IP}}
port: ${{PORT}}
' > conf/config.yaml
out=$(IP=127.0.0.1 PORT=9090 make init 2>&1 || true)
if ! echo "$out" | grep "prometheus port 9090 conflicts with control"; then
echo "failed: can't detect port conflicts"
exit 1
fi
echo '
apisix:
node_listen: ${{PORT}}
plugin_attr:
prometheus:
export_addr:
ip: ${{IP}}
port: ${{PORT}}
' > conf/config.yaml
out=$(IP=127.0.0.1 PORT=9092 make init 2>&1 || true)
if ! echo "$out" | grep "http listen port 9092 conflicts with prometheus"; then
echo "failed: can't detect port conflicts"
exit 1
fi
echo "passed: should detect port conflicts"
echo '
plugin_attr:
prometheus:
metric_prefix: apisix_ci_prefix_
export_addr:
ip: ${{IP}}
port: ${{PORT}}
' > conf/config.yaml
IP=127.0.0.1 PORT=9092 make run
admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g')
# initialize prometheus metrics public API route #2
code=$(curl -v -k -i -m 20 -o /dev/null -s -w %{http_code} -X PUT http://127.0.0.1:9180/apisix/admin/routes/metrics2 \
-H "X-API-KEY: $admin_key" \
-d "{
\"uri\": \"/apisix/prometheus/metrics\",
\"plugins\": {
\"public-api\": {}
}
}")
if [ ! $code -eq 201 ]; then
echo "failed: initialize prometheus metrics public API failed #2"
exit 1
fi
sleep 0.5
if ! curl -s http://127.0.0.1:9092/apisix/prometheus/metrics | grep "apisix_ci_prefix_" | wc -l; then
echo "failed: should use custom metric prefix"
exit 1
fi
make stop
echo "passed: should use custom metric prefix"

91
CloudronPackages/APISIX/apisix-source/t/cli/test_prometheus_reload.sh Executable file
View File

@@ -0,0 +1,91 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
. ./t/cli/common.sh
git checkout conf/config.yaml
make run
sleep 2
echo "removing prometheus from the plugins list"
echo '
deployment:
role: traditional
role_traditional:
config_provider: etcd
admin:
admin_key: null
apisix:
node_listen: 1984
plugins:
- ip-restriction' > conf/config.yaml
echo "fetch metrics, should not contain {}"
if curl -i http://127.0.0.1:9091/apisix/prometheus/metrics | grep "{}" > /dev/null; then
echo "failed: metrics should not contain '{}' when prometheus is enabled"
exit 1
fi
echo "calling reload API to actually disable prometheus"
curl -i http://127.0.0.1:9090/v1/plugins/reload -XPUT
sleep 2
echo "fetch metrics after reload should contain {}"
if ! curl -i http://127.0.0.1:9091/apisix/prometheus/metrics | grep "{}" > /dev/null; then
echo "failed: metrics should contain '{}' when prometheus is disabled"
exit 1
fi
echo "re-enable prometheus"
echo '
deployment:
role: traditional
role_traditional:
config_provider: etcd
admin:
admin_key: null
apisix:
node_listen: 1984
plugins:
- prometheus' > conf/config.yaml
echo "fetching metrics without reloading should give same result as before"
if ! curl -i http://127.0.0.1:9091/apisix/prometheus/metrics | grep "{}" > /dev/null; then
echo "failed: metrics should contain '{}' when prometheus is disabled"
exit 1
fi
echo "calling reload API to actually enable prometheus"
curl -i http://127.0.0.1:9090/v1/plugins/reload -XPUT
sleep 2
if curl -i http://127.0.0.1:9091/apisix/prometheus/metrics | grep "{}" > /dev/null; then
echo "failed: metrics should not contain '{}' when prometheus is enabled"
exit 1
fi

113
CloudronPackages/APISIX/apisix-source/t/cli/test_prometheus_run_in_privileged.sh Executable file
View File

@@ -0,0 +1,113 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
. ./t/cli/common.sh
git checkout conf/config.yaml
exit_if_not_customed_nginx
# prometheus run in privileged works when only http is enabled
sleep 0.5
rm logs/error.log || true
echo '
apisix:
extra_lua_path: "$prefix/t/lib/?.lua"
nginx_config:
error_log_level: info
' > conf/config.yaml
make run
sleep 0.1
curl -s -o /dev/null http://127.0.0.1:9091/apisix/prometheus/metrics
if ! grep -E "process type: privileged agent" logs/error.log; then
echo "failed: prometheus run in privileged can't work when only http is enabled"
exit 1
fi
make stop
echo "prometheus run in privileged agent successfully when only http is enabled"
# prometheus run in privileged works when both http & stream are enabled
sleep 0.5
rm logs/error.log || true
echo '
apisix:
proxy_mode: "http&stream"
extra_lua_path: "$prefix/t/lib/?.lua"
enable_admin: true
stream_proxy:
tcp:
- addr: 9100
stream_plugins:
- prometheus
nginx_config:
error_log_level: info
' > conf/config.yaml
make run
sleep 0.1
curl -s -o /dev/null http://127.0.0.1:9091/apisix/prometheus/metrics
if ! grep -E " process type: privileged agent" logs/error.log; then
echo "failed: prometheus run in privileged can't work when both http & stream are enabled"
exit 1
fi
echo "passed: prometheus run in privileged agent successfully when both http & stream are enabled"
make stop
# prometheus run in privileged works when only stream is enabled
sleep 0.5
rm logs/error.log || true
echo '
apisix:
proxy_mode: "http&stream"
extra_lua_path: "$prefix/t/lib/?.lua"
enable_admin: false
stream_proxy:
tcp:
- addr: 9100
stream_plugins:
- prometheus
nginx_config:
error_log_level: info
' > conf/config.yaml
make run
sleep 0.1
curl -s -o /dev/null http://127.0.0.1:9091/apisix/prometheus/metrics
if ! grep -E " process type: privileged agent" logs/error.log; then
echo "failed: prometheus run in privileged can't work when only stream is enabled"
exit 1
fi
echo "passed: prometheus run in privileged agent successfully when only stream is enabled"

96
CloudronPackages/APISIX/apisix-source/t/cli/test_prometheus_stream.sh Executable file
View File

@@ -0,0 +1,96 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
. ./t/cli/common.sh
exit_if_not_customed_nginx
echo "
apisix:
proxy_mode: http&stream
enable_admin: true
stream_proxy:
tcp:
- addr: 9100
stream_plugins:
- prometheus
" > conf/config.yaml
make run
sleep 0.5
admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g')
curl -v -k -i -m 20 -o /dev/null -s -X PUT http://127.0.0.1:9180/apisix/admin/stream_routes/1 \
-H "X-API-KEY: $admin_key" \
-d '{
"plugins": {
"prometheus": {}
},
"upstream": {
"type": "roundrobin",
"nodes": [{
"host": "127.0.0.1",
"port": 1995,
"weight": 1
}]
}
}'
curl http://127.0.0.1:9100 || true
sleep 1 # wait for sync
out="$(curl http://127.0.0.1:9091/apisix/prometheus/metrics)"
if ! echo "$out" | grep "apisix_stream_connection_total{route=\"1\"} 1" > /dev/null; then
echo "failed: prometheus can't work in stream subsystem"
exit 1
fi
make stop
echo "passed: prometheus works when both http & stream are enabled"
echo "
apisix:
proxy_mode: stream
enable_admin: false
stream_proxy:
tcp:
- addr: 9100
stream_plugins:
- prometheus
" > conf/config.yaml
make run
sleep 0.5
curl http://127.0.0.1:9100 || true
sleep 1 # wait for sync
out="$(curl http://127.0.0.1:9091/apisix/prometheus/metrics)"
if ! echo "$out" | grep "apisix_stream_connection_total{route=\"1\"} 1" > /dev/null; then
echo "failed: prometheus can't work in stream subsystem"
exit 1
fi
if ! echo "$out" | grep "apisix_node_info{hostname=" > /dev/null; then
echo "failed: prometheus can't work in stream subsystem"
exit 1
fi
echo "passed: prometheus works when only stream is enabled"

43
CloudronPackages/APISIX/apisix-source/t/cli/test_proxy_mirror_timeout.sh Executable file
View File

@@ -0,0 +1,43 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
. ./t/cli/common.sh
echo '
plugin_attr:
proxy-mirror:
timeout:
connect: 2000ms
read: 2s
send: 2000ms
' > conf/config.yaml
make init
if ! grep "proxy_connect_timeout 2000ms;" conf/nginx.conf > /dev/null; then
echo "failed: proxy_connect_timeout not found in nginx.conf"
exit 1
fi
if ! grep "proxy_read_timeout 2s;" conf/nginx.conf > /dev/null; then
echo "failed: proxy_read_timeout not found in nginx.conf"
exit 1
fi
echo "passed: proxy timeout configuration is validated"

98
CloudronPackages/APISIX/apisix-source/t/cli/test_route_match_with_graphql.sh Executable file
View File

@@ -0,0 +1,98 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
. ./t/cli/common.sh
echo '
deployment:
role: data_plane
role_data_plane:
config_provider: yaml
apisix:
router:
http: radixtree_uri
nginx_config:
worker_processes: 1
' > conf/config.yaml
echo '
routes:
- uri: "/hello"
hosts:
- test.com
vars:
- - "graphql_name"
- "=="
- "createAccount"
priority: 30
id: "graphql1"
upstream_id: "invalid"
- uri: "/hello"
hosts:
- test.com
plugins:
echo:
body: "test server"
priority: 20
id: "graphql2"
upstream_id: "invalid"
- uri: "/hello"
hosts:
- test2.com
plugins:
echo:
body: "test2"
priority: 20
id: "graphql3"
upstream_id: "invalid"
upstreams:
- nodes:
127.0.0.1:1999: 1
id: "invalid"
#END
' > conf/apisix.yaml
make run
dd if=/dev/urandom of=tmp_data.json bs=300K count=1
for i in {1..100}; do
curl -s http://127.0.0.1:9080/hello -H "Host: test.com" -H "Content-Type: application/json" -X POST -d @tmp_data.json > /tmp/graphql_request1.txt &
curl -s http://127.0.0.1:9080/hello -H "Host: test2.com" -H "Content-Type: application/json" -X POST -d @tmp_data.json > /tmp/graphql_request2.txt &
wait
if diff /tmp/graphql_request1.txt /tmp/graphql_request2.txt > /dev/null; then
make stop
echo "failed: route match error in GraphQL requests, route should not be the same"
exit 1
fi
done
make stop
rm tmp_data.json /tmp/graphql_request1.txt /tmp/graphql_request2.txt
echo "passed: GraphQL requests can be correctly matched to the route"

107
CloudronPackages/APISIX/apisix-source/t/cli/test_serverless.sh Executable file
View File

@@ -0,0 +1,107 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
. ./t/cli/common.sh
serverless_clean_up() {
clean_up
git checkout conf/apisix.yaml
}
trap serverless_clean_up EXIT
rm logs/error.log || echo ''
echo '
apisix:
enable_admin: false
deployment:
role: data_plane
role_data_plane:
config_provider: yaml
' > conf/config.yaml
make init
echo '
routes:
-
uri: /log_request
plugins:
serverless-pre-function:
phase: before_proxy
functions:
- "return function(conf, ctx) ctx.count = (ctx.count or 0) + 1 end"
- "return function(conf, ctx) ngx.log(ngx.WARN, \"run before_proxy phase \", ctx.count, \" with \", ctx.balancer_ip) end"
upstream:
nodes:
"127.0.0.1:1980": 1
"0.0.0.0:1979": 100000
type: chash
key: remote_addr
#END
' > conf/apisix.yaml
make run
sleep 0.1
curl -v -k -i -m 20 -o /dev/null http://127.0.0.1:9080/log_request
if ! grep "run before_proxy phase 1 with 0.0.0.0" logs/error.log; then
echo "failed: before_proxy phase runs incorrect time"
exit 1
fi
if ! grep "run before_proxy phase 2 with 127.0.0.1" logs/error.log; then
echo "failed: before_proxy phase runs incorrect time"
exit 1
fi
make stop
echo '
routes:
-
uri: /log_request
plugins:
serverless-pre-function:
phase: before_proxy
functions:
- "return function(conf, ctx) ngx.exit(403) end"
upstream:
nodes:
"127.0.0.1:1980": 1
"0.0.0.0:1979": 100000
type: chash
key: remote_addr
#END
' > conf/apisix.yaml
make run
sleep 0.1
code=$(curl -v -k -i -m 20 -o /dev/null -s -w %{http_code} http://127.0.0.1:9080/log_request)
make stop
if [ ! $code -eq 403 ]; then
echo "failed: failed to exit in the before_proxy phase"
exit 1
fi
make stop
echo "pass: run code in the before_proxy phase of serverless plugin"

131
CloudronPackages/APISIX/apisix-source/t/cli/test_snippet.sh Executable file
View File

@@ -0,0 +1,131 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
. ./t/cli/common.sh
# allow injecting configuration snippets
echo '
apisix:
node_listen: 9080
enable_admin: true
proxy_mode: http&stream
stream_proxy:
tcp:
- 9100
nginx_config:
main_configuration_snippet: |
daemon on;
http_configuration_snippet: |
chunked_transfer_encoding on;
http_server_configuration_snippet: |
set $my "var";
http_server_location_configuration_snippet: |
set $upstream_name -;
http_admin_configuration_snippet: |
log_format admin "$request_time $pipe";
http_end_configuration_snippet: |
server_names_hash_bucket_size 128;
stream_configuration_snippet: |
tcp_nodelay off;
' > conf/config.yaml
make init
grep "daemon on;" -A 2 conf/nginx.conf | grep "configuration snippet ends" > /dev/null
if [ ! $? -eq 0 ]; then
echo "failed: can't inject main configuration"
exit 1
fi
grep "chunked_transfer_encoding on;" -A 2 conf/nginx.conf | grep "configuration snippet ends" > /dev/null
if [ ! $? -eq 0 ]; then
echo "failed: can't inject http configuration"
exit 1
fi
grep 'set $my "var";' -A 2 conf/nginx.conf | grep "configuration snippet ends" > /dev/null
if [ ! $? -eq 0 ]; then
echo "failed: can't inject http server configuration"
exit 1
fi
grep 'set $upstream_name -;' -A 2 conf/nginx.conf | grep "configuration snippet ends" > /dev/null
if [ ! $? -eq 0 ]; then
echo "failed: can't inject http server location configuration"
exit 1
fi
grep 'log_format admin "$request_time $pipe";' -A 2 conf/nginx.conf | grep "configuration snippet ends" > /dev/null
if [ ! $? -eq 0 ]; then
echo "failed: can't inject admin server configuration"
exit 1
fi
grep 'server_names_hash_bucket_size 128;' -A 2 conf/nginx.conf | grep "configuration snippet ends" > /dev/null
if [ ! $? -eq 0 ]; then
echo "failed: can't inject http end configuration"
exit 1
fi
grep 'server_names_hash_bucket_size 128;' -A 3 conf/nginx.conf | grep "}" > /dev/null
if [ ! $? -eq 0 ]; then
echo "failed: can't inject http end configuration"
exit 1
fi
grep 'tcp_nodelay off;' -A 2 conf/nginx.conf | grep "configuration snippet ends" > /dev/null
if [ ! $? -eq 0 ]; then
echo "failed: can't inject stream configuration"
exit 1
fi
# use the builtin server by default
echo '
apisix:
node_listen: 9080
nginx_config:
http_configuration_snippet: |
server {
listen 9080;
server_name qa.com www.qa.com;
location / {
return 503 "ouch";
}
}
' > conf/config.yaml
make run
sleep 1
code=$(curl -k -i -o /dev/null -s -w %{http_code} http://127.0.0.1:9080 -H 'Host: m.qa.com')
if [ ! $code -eq 404 ]; then
echo "failed: use the builtin server by default"
exit 1
fi
code=$(curl -k -i -o /dev/null -s -w %{http_code} http://127.0.0.1:9080 -H 'Host: www.qa.com')
if [ ! $code -eq 503 ]; then
echo "failed: use the builtin server by default"
exit 1
fi
make stop
echo "passed: use the builtin server by default"

157
CloudronPackages/APISIX/apisix-source/t/cli/test_standalone.sh Executable file
View File

@@ -0,0 +1,157 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
. ./t/cli/common.sh
standalone() {
rm -f conf/apisix.yaml.link
clean_up
git checkout conf/apisix.yaml
}
trap standalone EXIT
# support environment variables in yaml values
echo '
apisix:
enable_admin: false
deployment:
role: data_plane
role_data_plane:
config_provider: yaml
' > conf/config.yaml
echo '
routes:
-
uri: ${{var_test_path}}
plugins:
proxy-rewrite:
uri: ${{var_test_proxy_rewrite_uri:=/apisix/nginx_status}}
upstream:
nodes:
"127.0.0.1:9091": 1
type: roundrobin
#END
' > conf/apisix.yaml
# check for resolve variables
var_test_path=/test make init
if ! grep "env var_test_path;" conf/nginx.conf > /dev/null; then
echo "failed: failed to resolve variables"
exit 1
fi
# variable is valid
var_test_path=/test make run
sleep 0.1
code=$(curl -o /dev/null -s -m 5 -w %{http_code} http://127.0.0.1:9080/test)
if [ ! $code -eq 200 ]; then
echo "failed: resolve variables in apisix.yaml conf failed"
exit 1
fi
echo "passed: resolve variables in apisix.yaml conf success"
# support environment variables in yaml keys
echo '
routes:
-
uri: "/test"
plugins:
proxy-rewrite:
uri: "/apisix/nginx_status"
upstream:
nodes:
"${{HOST_IP}}:${{PORT}}": 1
type: roundrobin
#END
' > conf/apisix.yaml
# variable is valid
HOST_IP="127.0.0.1" PORT="9091" make init
HOST_IP="127.0.0.1" PORT="9091" make run
sleep 0.1
code=$(curl -o /dev/null -s -m 5 -w %{http_code} http://127.0.0.1:9080/test)
if [ ! $code -eq 200 ]; then
echo "failed: resolve variables in apisix.yaml conf failed"
fi
echo "passed: resolve variables in apisix.yaml conf success"
# configure standalone via deployment
echo '
deployment:
role: data_plane
role_data_plane:
config_provider: yaml
' > conf/config.yaml
var_test_path=/test make run
sleep 0.1
code=$(curl -o /dev/null -s -m 5 -w %{http_code} http://127.0.0.1:9080/apisix/admin/routes)
if [ ! $code -eq 404 ]; then
echo "failed: admin API should be disabled automatically"
exit 1
fi
echo "passed: admin API should be disabled automatically"
# support environment variables
echo '
routes:
-
uri: ${{var_test_path}}
plugins:
proxy-rewrite:
uri: ${{var_test_proxy_rewrite_uri:=/apisix/nginx_status}}
upstream:
nodes:
"127.0.0.1:9091": 1
type: roundrobin
#END
' > conf/apisix.yaml
var_test_path=/test make run
sleep 0.1
code=$(curl -o /dev/null -s -m 5 -w %{http_code} http://127.0.0.1:9080/test)
if [ ! $code -eq 200 ]; then
echo "failed: resolve variables in apisix.yaml conf failed"
exit 1
fi
echo "passed: resolve variables in apisix.yaml conf success"
# Avoid unnecessary config reloads
## Wait for a second else `st_ctime` won't increase
sleep 1
expected_config_reloads=$(grep "config file $(pwd)/conf/apisix.yaml reloaded." logs/error.log | wc -l)
## Create a symlink to change the link count and as a result `st_ctime`
ln conf/apisix.yaml conf/apisix.yaml.link
sleep 1
actual_config_reloads=$(grep "config file $(pwd)/conf/apisix.yaml reloaded." logs/error.log | wc -l)
if [ $expected_config_reloads -ne $actual_config_reloads ]; then
echo "failed: apisix.yaml was reloaded"
exit 1
fi
echo "passed: apisix.yaml was not reloaded"

78
CloudronPackages/APISIX/apisix-source/t/cli/test_status_api.sh Executable file
View File

@@ -0,0 +1,78 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
. ./t/cli/common.sh
git checkout conf/config.yaml
echo '
deployment:
role: traditional
role_traditional:
config_provider: etcd
etcd:
host:
- "http://127.0.0.1:23790"
- "http://127.0.0.1:23791"
- "http://127.0.0.1:23792"
prefix: /apisix
nginx_config:
error_log_level: info
apisix:
status:
ip: 127.0.0.1
port: 7085
' > conf/config.yaml
# create 3 node etcd cluster in docker
ETCD_NAME_0=etcd0
ETCD_NAME_1=etcd1
ETCD_NAME_2=etcd2
docker compose -f ./t/cli/docker-compose-etcd-cluster.yaml up -d
make run
sleep 0.5
curl -s -o /dev/null -w "%{http_code}" http://127.0.0.1:7085/status | grep 200 \
|| (echo "failed: status api didn't return 200"; exit 1)
sleep 2
curl -s -o /dev/null -w "%{http_code}" http://127.0.0.1:7085/status/ready | grep 200 \
|| (echo "failed: status/ready api didn't return 200"; exit 1)
# stop two etcd endpoints but status api should return 200 as all workers are synced
docker stop ${ETCD_NAME_0}
docker stop ${ETCD_NAME_1}
curl -s -o /dev/null -w "%{http_code}" http://127.0.0.1:7085/status | grep 200 \
|| (echo "failed: status api didn't return 200"; exit 1)
curl -s -o /dev/null -w "%{http_code}" http://127.0.0.1:7085/status/ready | grep 200 \
|| (echo "failed: status/ready api didn't return 200"; exit 1)
docker stop ${ETCD_NAME_2}
echo "/status/ready returns 200 even when etcd endpoints are down as all workers are synced"
curl -s -o /dev/null -w "%{http_code}" http://127.0.0.1:7085/status/ready | grep 200 \
|| (echo "failed: status/ready api didn't return 200"; exit 1)
docker compose -f ./t/cli/docker-compose-etcd-cluster.yaml down

111
CloudronPackages/APISIX/apisix-source/t/cli/test_stream_config.sh Executable file
View File

@@ -0,0 +1,111 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
. ./t/cli/common.sh
echo "
apisix:
enable_admin: false
proxy_mode: stream
stream_proxy:
tcp:
- addr: 9100
" > conf/config.yaml
make init
count=$(grep -c "lua_package_path" conf/nginx.conf)
if [ "$count" -ne 1 ]; then
echo "failed: failed to enable stream proxy only by default"
exit 1
fi
echo "passed: enable stream proxy only by default"
echo "
apisix:
enable_admin: false
proxy_mode: http&stream
stream_proxy:
tcp:
- addr: 9100
" > conf/config.yaml
make init
count=$(grep -c "lua_package_path" conf/nginx.conf)
if [ "$count" -ne 2 ]; then
echo "failed: failed to enable stream proxy and http proxy"
exit 1
fi
echo "
apisix:
enable_admin: true
proxy_mode: http&stream
stream_proxy:
tcp:
- addr: 9100
" > conf/config.yaml
make init
count=$(grep -c "lua_package_path" conf/nginx.conf)
if [ "$count" -ne 2 ]; then
echo "failed: failed to enable stream proxy and http proxy when admin is enabled"
exit 1
fi
echo "passed: enable stream proxy and http proxy"
echo "
apisix:
proxy_mode: http&stream
stream_proxy:
tcp:
- addr: 9100
stream_plugins:
- ip-restriction
" > conf/config.yaml
make init
if grep "plugin-limit-conn-stream" conf/nginx.conf > /dev/null; then
echo "failed: enable shdict on demand"
exit 1
fi
echo "
apisix:
proxy_mode: http&stream
stream_proxy:
tcp:
- addr: 9100
stream_plugins:
- limit-conn
" > conf/config.yaml
make init
if ! grep "plugin-limit-conn-stream" conf/nginx.conf > /dev/null; then
echo "failed: enable shdict on demand"
exit 1
fi
echo "passed: enable shdict on demand"

67
CloudronPackages/APISIX/apisix-source/t/cli/test_tls_over_tcp.sh Executable file
View File

@@ -0,0 +1,67 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
. ./t/cli/common.sh
# check tls over tcp proxy
echo "
apisix:
proxy_mode: http&stream
stream_proxy:
tcp:
- addr: 9100
tls: true
nginx_config:
stream_configuration_snippet: |
server {
listen 9101;
return \"OK FROM UPSTREAM\";
}
" > conf/config.yaml
make run
sleep 0.1
admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g')
curl http://127.0.0.1:9180/apisix/admin/ssls/1 \
-H "X-API-KEY: $admin_key" -X PUT -d '
{
"cert" : "'"$(cat t/certs/mtls_server.crt)"'",
"key": "'"$(cat t/certs/mtls_server.key)"'",
"snis": ["test.com"]
}'
admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g')
curl -k -i http://127.0.0.1:9180/apisix/admin/stream_routes/1 \
-H "X-API-KEY: $admin_key" -X PUT -d \
'{"upstream":{"nodes":{"127.0.0.1:9101":1},"type":"roundrobin"}}'
sleep 0.1
if ! echo -e 'mmm' | \
openssl s_client -connect 127.0.0.1:9100 -servername test.com -CAfile t/certs/mtls_ca.crt \
-ign_eof | \
grep 'OK FROM UPSTREAM';
then
echo "failed: should proxy tls over tcp"
exit 1
fi
make stop
echo "passed: proxy tls over tcp"

211
CloudronPackages/APISIX/apisix-source/t/cli/test_upstream_mtls.sh Executable file
View File

@@ -0,0 +1,211 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# validate the config.yaml
. ./t/cli/common.sh
# test proxy_ssl_trusted_certificate success
git checkout conf/config.yaml
exit_if_not_customed_nginx
echo '
apisix:
ssl:
ssl_trusted_certificate: t/certs/apisix.crt
nginx_config:
http_configuration_snippet: |
server {
listen 1983 ssl;
server_name test.com;
ssl_certificate ../t/certs/apisix.crt;
ssl_certificate_key ../t/certs/apisix.key;
location /hello {
return 200 "hello world";
}
}
http_server_configuration_snippet: |
proxy_ssl_verify on;
' > conf/config.yaml
rm logs/error.log || true
make init
make run
sleep 0.1
admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g')
curl -k -i http://127.0.0.1:9180/apisix/admin/routes/1 -H "X-API-KEY: $admin_key" -X PUT -d '
{
"uri": "/hello",
"upstream": {
"pass_host": "rewrite",
"nodes": {
"127.0.0.1:1983": 1
},
"scheme": "https",
"hash_on": "vars",
"upstream_host": "test.com",
"type": "roundrobin",
"tls": {
"client_cert": "-----BEGIN CERTIFICATE-----\nMIIEojCCAwqgAwIBAgIJAK253pMhgCkxMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV\nBAYTAkNOMRIwEAYDVQQIDAlHdWFuZ0RvbmcxDzANBgNVBAcMBlpodUhhaTEPMA0G\nA1UECgwGaXJlc3R5MREwDwYDVQQDDAh0ZXN0LmNvbTAgFw0xOTA2MjQyMjE4MDVa\nGA8yMTE5MDUzMTIyMTgwNVowVjELMAkGA1UEBhMCQ04xEjAQBgNVBAgMCUd1YW5n\nRG9uZzEPMA0GA1UEBwwGWmh1SGFpMQ8wDQYDVQQKDAZpcmVzdHkxETAPBgNVBAMM\nCHRlc3QuY29tMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAyCM0rqJe\ncvgnCfOw4fATotPwk5Ba0gC2YvIrO+gSbQkyxXF5jhZB3W6BkWUWR4oNFLLSqcVb\nVDPitz/Mt46Mo8amuS6zTbQetGnBARzPLtmVhJfoeLj0efMiOepOSZflj9Ob4yKR\n2bGdEFOdHPjm+4ggXU9jMKeLqdVvxll/JiVFBW5smPtW1Oc/BV5terhscJdOgmRr\nabf9xiIis9/qVYfyGn52u9452V0owUuwP7nZ01jt6iMWEGeQU6mwPENgvj1olji2\nWjdG2UwpUVp3jp3l7j1ekQ6mI0F7yI+LeHzfUwiyVt1TmtMWn1ztk6FfLRqwJWR/\nEvm95vnfS3Le4S2ky3XAgn2UnCMyej3wDN6qHR1onpRVeXhrBajbCRDRBMwaNw/1\n/3Uvza8QKK10PzQR6OcQ0xo9psMkd9j9ts/dTuo2fzaqpIfyUbPST4GdqNG9NyIh\n/B9g26/0EWcjyO7mYVkaycrtLMaXm1u9jyRmcQQI1cGrGwyXbrieNp63AgMBAAGj\ncTBvMB0GA1UdDgQWBBSZtSvV8mBwl0bpkvFtgyiOUUcbszAfBgNVHSMEGDAWgBSZ\ntSvV8mBwl0bpkvFtgyiOUUcbszAMBgNVHRMEBTADAQH/MB8GA1UdEQQYMBaCCHRl\nc3QuY29tggoqLnRlc3QuY29tMA0GCSqGSIb3DQEBCwUAA4IBgQAHGEul/x7ViVgC\ntC8CbXEslYEkj1XVr2Y4hXZXAXKd3W7V3TC8rqWWBbr6L/tsSVFt126V5WyRmOaY\n1A5pju8VhnkhYxYfZALQxJN2tZPFVeME9iGJ9BE1wPtpMgITX8Rt9kbNlENfAgOl\nPYzrUZN1YUQjX+X8t8/1VkSmyZysr6ngJ46/M8F16gfYXc9zFj846Z9VST0zCKob\nrJs3GtHOkS9zGGldqKKCj+Awl0jvTstI4qtS1ED92tcnJh5j/SSXCAB5FgnpKZWy\nhme45nBQj86rJ8FhN+/aQ9H9/2Ib6Q4wbpaIvf4lQdLUEcWAeZGW6Rk0JURwEog1\n7/mMgkapDglgeFx9f/XztSTrkHTaX4Obr+nYrZ2V4KOB4llZnK5GeNjDrOOJDk2y\nIJFgBOZJWyS93dQfuKEj42hA79MuX64lMSCVQSjX+ipR289GQZqFrIhiJxLyA+Ve\nU/OOcSRr39Kuis/JJ+DkgHYa/PWHZhnJQBxcqXXk1bJGw9BNbhM=\n-----END CERTIFICATE-----\n",
"client_key": "HrMHUvE9Esvn7GnZ+vAynaIg/8wlB3r0zm0htmnwofYLp1VhtLeU1EmMJkPLUkcn2+v6Uav9bOQMkPdSpUMcEpRplLSXs+miu+B07CCUnsMrXkfQawRMIoePJZSLH5+PfDAlWIK2Q+ruYnjtnpNziiAtXf/HRRwHHMelnfedXqD8kn3Toe46ZYyBir99o/r/do5ludez5oY7qhOgNSWKCfnZE8Ip82g7t7n7jsAf5tTdRulUGBQ4ITV2zM3cxpD0PWnWMbOfygZIDxR8QU9wj8ihuFL1s1NM8PplcKbUxC4QlrSN+ZNkr6mxy+akPmXlABwcFIiSK7c/xvU1NjoILnhPpL6aRpbhmQX/a1XUCl+2INlQ5QbXbTN+JmDBhrU9NiYecRJMfmA1N/lhwgt01tUnxMoAhfpUVgEbZNalCJt+wn8TC+Xp3DZ0bCpXrfzqsprGKan9qC3mCN03jj50JyGFL+xt8wX8D0uaIsu4cVk4et7kbTIj9rvucsh0cfKn8va8/cdjw5QhFSRBkW5Vuz9NwvzVQ6DHWs1a8VZbN/hERxcbWNk/p1VgGLHioqZZTOd5CYdN4dGjnksjXa0Z77mTSoNx3U79FQPAgUMEA1phnO/jdryM3g5M+UvESXA/75we435xg5tLRDvNwJw2NlosQsGY7fzUi2+HFo436htydRFv8ChHezs2v99mjfCUijrWYoeJ5OB2+KO9XiOIz7gpqhTef9atajSYRhxhcwdCVupC1PrPGn9MzhdQLeqQCJj3kyazPfO3xPkNpMAqd2lXnLR4HGd9SBHe75Sik3jW9W1sUqrn2fDjyWd0jz57pl4qyHjbzjd3uE5qbH/QuYZBIzI9tEn7tj12brWrwHsMt+/4M7zp8Opsia64V3Y7ICLIi7fiYfr70RujXyn8Ik5TB1QC98JrnDjgQlTPDhHLk1r8XhZXqIIg6DmaN7UUjIuZhKxARTs8b5WMPvVV4GownlPN28sHIMAX84BNbP0597Fxipwp2oTMFKTzvxm+QUtbWvIPzF3n25L4sPCyUx5PRIRCJ5kDNQfhiN6o3Y/fAY0PyxI06PWYoNvSn3uO24XNXbF3RkpwKtV8n/iNo5dyM1VqFPWDuKRSLHY7E4lQTdqx4/n+rrnoH6SlmQ0zwxwxBeAz/TvkmiW7WLe3C5cUDKF9yYwvAe8ek4oTR3GxaiDWjNFsu7DUoDjpH5f3IxrX2IN4FyzE47hMeg4muPov7h74WwosqgnfmwoAEFV4+ldmzpdSjghZoF2M9EZI24Xa9rVdd6j2t6IjX20oL+SLQL/9HppMi1nC+3Zby1WOvuTR4g8K1QP75OeY4xTD1iEAXpd0WOX7C3ndceVF4THLCI4Imcf9FH9MBrE55FPMEsAk54HiAoyMd6tgqv/akRqmuAmnSsrWALhqiCnAVh2uzk644gSzmsFbh7zF33qrcafPpU4PxUEvpqbLz7asoNUDf4YB4gCcgZx30eK/w9FpMaLveiNq77EW7qcvJQPcjZ4uLaKkQVODJsd+1CbZF6370aiLxouXLFT3eQI7Ovu6be8D3MmazRPgCV36qzMwONqrXE/JbMFMKe5l1e4Y6avMejrj43BMgGo2u8LimCWkBeNwqIjH7plwbpDKo4OKZVbrzSZ0hplUDd/jMrb6Ulbc04uMeEigehrhSsZ0ZwoDiZcf/fDIclaTGNMl40N2wBiqdnw9uKTqD1YxzqDQ7vgiXG55ae31lvevPTgk/lLvpwzlyitjGs+6LJPu/wSCKA2VIyhJfK+8EnItEKjBUrXdOklBdOmTpUpdQ+zfd2NCrFRDJZKl26Uh412adFEkqY37O/0FbSCpAIsUCvaItcqK7qh5Rq26hVR0nS1MRs+MjGBzGqudXPQZHy+Yp7AlAa5UgJUaAwn2b/id6kNdv6hNWqSzHvOAVKdgC9/j0yN1VJD92+IoJTTiXsMQELcgm1Ehj2GZpTHu+GPuaOovHBnZMq/Kg4nUS+ig86X01jV28uGGtglERf1HqVQpdZwbrXtUqH0cbjlvUwQ1j7zp9yhs+0ta87v0I+elAZhXzqvehMiLJu2o9/k2+4dPvkEscduHOU6jZqe8ndNEMQWiaZEYJKxNWPTaQ6nZSlFTsT7GlENeJlFzlw8QkyRJPMBWkXuaymQUcu43Pm+gAjinHSAGUeaSaIdL2Yb0M88qNwG+UlNEslx/J37pA1oMJyxb7XOeySxkP7dXi5JvygLIfkEA3ENC4NHU9nsUvTvp5AZidZCxxtYCNYfjY6xyrlfnE+V+us31LA9Wc/tKa4y3Ldj30IT2sssUrdZ0l7UbwfcZT42ZeJpxDofpZ2rjgswTs0Upr72VuOCzjpKa1CJwxhVVtPVJJovcXp4bsNPJers+yIYfTl1aqaf4qSzU5OL/cze2e6qAh7622zEa/q6klpUx9b1f8YGlQhjQcy3++JnwwsHR71Ofh9woXq57LDCHFA6f95zdkadDDhwgRcvWVnbA2Szps8iJv7h2m25qZPFtN6puJj3RlmT6hnfBeYCjpfy/2TxyCqm6bG3HZxGuhzWs2ZGxzsjBJ3ueO1pAOjtDhkRqzoWt/v2o367IYP7iTcp4pi+qJHIWCN1ElDI0BVoZ+Xq9iLfKmjrjcxQ7EYGHfQDE52QaCQ3nMB7oiqncZ1Q5n/ICDHha9RkPP9V9vWiJIZwgOJtPfGzsGQ9AigH6po65IJyxmY5upuhg7DTmsLQnKC/fwjkBF9So/4cdZuqDbxGrDDOgpL7uvWXANRNMrqYoMFUG7M90QJHj7NgSL+B6mSNwa9ctTua7Estkoyvavda3Bl3qHQ0Hva5gjSg6elL6PQ4ksqhESvjztuy58qk9aZHsQB8ZKRu8VSay40a/3ueX6bnd0hwsYy42aWJR1z+uie3yTWPuG2JZ7DjkgDduWdC+cxfvTVTG58E5luafy5j/t85UVoB2nr46VHlt/vg4M9G8/4F0d0Y6ThI4/XTfg6l1vq5ouzhQxd+SRwnuXieZy+4/2XKJnrV6t+JbNAvwdGR1V9VPLlnb+IqpvOCYyL1YLYSlNubb9HU0wxVPppGSpJLmi+njQzl71PBgMm6QV9j889wPUo387fRbJjXbSSVLon61xk/4dNvjsgfv9rF+/qEML0q4tXBJVOJ1iwKjn84Nk6vdHM3Hu8knp0hYFa4AECYKInSTVXajWAKFx4SOq8G8MA/0YlIN872LBjUm2GKs17wsJuWID+mSyVE5pV5gQ+r92YvPcC+yIvB8hTTaRclAP/KyJesDTA=="
}
}
}'
sleep 1
code=$(curl -v -k -i -m 20 -o /dev/null -s -w %{http_code} http://127.0.0.1:9080/hello)
if [ ! $code -eq 200 ]; then
echo "failed: connection to upstream with mTLS failed"
exit 1
fi
sleep 0.1
make stop
echo "passed: connection to upstream with mTLS success"
# test proxy_ssl_trusted_certificate and use incorrect ca cert
echo '
apisix:
ssl:
ssl_trusted_certificate: t/certs/apisix_ecc.crt
nginx_config:
http_configuration_snippet: |
server {
listen 1983 ssl;
server_name test.com;
ssl_certificate ../t/certs/apisix.crt;
ssl_certificate_key ../t/certs/apisix.key;
location /hello {
return 200 "hello world";
}
}
http_server_configuration_snippet: |
proxy_ssl_verify on;
' > conf/config.yaml
rm logs/error.log || true
make init
make run
sleep 0.1
admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g')
curl -k -i http://127.0.0.1:9180/apisix/admin/routes/1 -H "X-API-KEY: $admin_key" -X PUT -d '
{
"uri": "/hello",
"upstream": {
"pass_host": "rewrite",
"nodes": {
"127.0.0.1:1983": 1
},
"scheme": "https",
"hash_on": "vars",
"upstream_host": "test.com",
"type": "roundrobin",
"tls": {
"client_cert": "-----BEGIN CERTIFICATE-----\nMIIEojCCAwqgAwIBAgIJAK253pMhgCkxMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV\nBAYTAkNOMRIwEAYDVQQIDAlHdWFuZ0RvbmcxDzANBgNVBAcMBlpodUhhaTEPMA0G\nA1UECgwGaXJlc3R5MREwDwYDVQQDDAh0ZXN0LmNvbTAgFw0xOTA2MjQyMjE4MDVa\nGA8yMTE5MDUzMTIyMTgwNVowVjELMAkGA1UEBhMCQ04xEjAQBgNVBAgMCUd1YW5n\nRG9uZzEPMA0GA1UEBwwGWmh1SGFpMQ8wDQYDVQQKDAZpcmVzdHkxETAPBgNVBAMM\nCHRlc3QuY29tMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAyCM0rqJe\ncvgnCfOw4fATotPwk5Ba0gC2YvIrO+gSbQkyxXF5jhZB3W6BkWUWR4oNFLLSqcVb\nVDPitz/Mt46Mo8amuS6zTbQetGnBARzPLtmVhJfoeLj0efMiOepOSZflj9Ob4yKR\n2bGdEFOdHPjm+4ggXU9jMKeLqdVvxll/JiVFBW5smPtW1Oc/BV5terhscJdOgmRr\nabf9xiIis9/qVYfyGn52u9452V0owUuwP7nZ01jt6iMWEGeQU6mwPENgvj1olji2\nWjdG2UwpUVp3jp3l7j1ekQ6mI0F7yI+LeHzfUwiyVt1TmtMWn1ztk6FfLRqwJWR/\nEvm95vnfS3Le4S2ky3XAgn2UnCMyej3wDN6qHR1onpRVeXhrBajbCRDRBMwaNw/1\n/3Uvza8QKK10PzQR6OcQ0xo9psMkd9j9ts/dTuo2fzaqpIfyUbPST4GdqNG9NyIh\n/B9g26/0EWcjyO7mYVkaycrtLMaXm1u9jyRmcQQI1cGrGwyXbrieNp63AgMBAAGj\ncTBvMB0GA1UdDgQWBBSZtSvV8mBwl0bpkvFtgyiOUUcbszAfBgNVHSMEGDAWgBSZ\ntSvV8mBwl0bpkvFtgyiOUUcbszAMBgNVHRMEBTADAQH/MB8GA1UdEQQYMBaCCHRl\nc3QuY29tggoqLnRlc3QuY29tMA0GCSqGSIb3DQEBCwUAA4IBgQAHGEul/x7ViVgC\ntC8CbXEslYEkj1XVr2Y4hXZXAXKd3W7V3TC8rqWWBbr6L/tsSVFt126V5WyRmOaY\n1A5pju8VhnkhYxYfZALQxJN2tZPFVeME9iGJ9BE1wPtpMgITX8Rt9kbNlENfAgOl\nPYzrUZN1YUQjX+X8t8/1VkSmyZysr6ngJ46/M8F16gfYXc9zFj846Z9VST0zCKob\nrJs3GtHOkS9zGGldqKKCj+Awl0jvTstI4qtS1ED92tcnJh5j/SSXCAB5FgnpKZWy\nhme45nBQj86rJ8FhN+/aQ9H9/2Ib6Q4wbpaIvf4lQdLUEcWAeZGW6Rk0JURwEog1\n7/mMgkapDglgeFx9f/XztSTrkHTaX4Obr+nYrZ2V4KOB4llZnK5GeNjDrOOJDk2y\nIJFgBOZJWyS93dQfuKEj42hA79MuX64lMSCVQSjX+ipR289GQZqFrIhiJxLyA+Ve\nU/OOcSRr39Kuis/JJ+DkgHYa/PWHZhnJQBxcqXXk1bJGw9BNbhM=\n-----END CERTIFICATE-----\n",
"client_key": "HrMHUvE9Esvn7GnZ+vAynaIg/8wlB3r0zm0htmnwofYLp1VhtLeU1EmMJkPLUkcn2+v6Uav9bOQMkPdSpUMcEpRplLSXs+miu+B07CCUnsMrXkfQawRMIoePJZSLH5+PfDAlWIK2Q+ruYnjtnpNziiAtXf/HRRwHHMelnfedXqD8kn3Toe46ZYyBir99o/r/do5ludez5oY7qhOgNSWKCfnZE8Ip82g7t7n7jsAf5tTdRulUGBQ4ITV2zM3cxpD0PWnWMbOfygZIDxR8QU9wj8ihuFL1s1NM8PplcKbUxC4QlrSN+ZNkr6mxy+akPmXlABwcFIiSK7c/xvU1NjoILnhPpL6aRpbhmQX/a1XUCl+2INlQ5QbXbTN+JmDBhrU9NiYecRJMfmA1N/lhwgt01tUnxMoAhfpUVgEbZNalCJt+wn8TC+Xp3DZ0bCpXrfzqsprGKan9qC3mCN03jj50JyGFL+xt8wX8D0uaIsu4cVk4et7kbTIj9rvucsh0cfKn8va8/cdjw5QhFSRBkW5Vuz9NwvzVQ6DHWs1a8VZbN/hERxcbWNk/p1VgGLHioqZZTOd5CYdN4dGjnksjXa0Z77mTSoNx3U79FQPAgUMEA1phnO/jdryM3g5M+UvESXA/75we435xg5tLRDvNwJw2NlosQsGY7fzUi2+HFo436htydRFv8ChHezs2v99mjfCUijrWYoeJ5OB2+KO9XiOIz7gpqhTef9atajSYRhxhcwdCVupC1PrPGn9MzhdQLeqQCJj3kyazPfO3xPkNpMAqd2lXnLR4HGd9SBHe75Sik3jW9W1sUqrn2fDjyWd0jz57pl4qyHjbzjd3uE5qbH/QuYZBIzI9tEn7tj12brWrwHsMt+/4M7zp8Opsia64V3Y7ICLIi7fiYfr70RujXyn8Ik5TB1QC98JrnDjgQlTPDhHLk1r8XhZXqIIg6DmaN7UUjIuZhKxARTs8b5WMPvVV4GownlPN28sHIMAX84BNbP0597Fxipwp2oTMFKTzvxm+QUtbWvIPzF3n25L4sPCyUx5PRIRCJ5kDNQfhiN6o3Y/fAY0PyxI06PWYoNvSn3uO24XNXbF3RkpwKtV8n/iNo5dyM1VqFPWDuKRSLHY7E4lQTdqx4/n+rrnoH6SlmQ0zwxwxBeAz/TvkmiW7WLe3C5cUDKF9yYwvAe8ek4oTR3GxaiDWjNFsu7DUoDjpH5f3IxrX2IN4FyzE47hMeg4muPov7h74WwosqgnfmwoAEFV4+ldmzpdSjghZoF2M9EZI24Xa9rVdd6j2t6IjX20oL+SLQL/9HppMi1nC+3Zby1WOvuTR4g8K1QP75OeY4xTD1iEAXpd0WOX7C3ndceVF4THLCI4Imcf9FH9MBrE55FPMEsAk54HiAoyMd6tgqv/akRqmuAmnSsrWALhqiCnAVh2uzk644gSzmsFbh7zF33qrcafPpU4PxUEvpqbLz7asoNUDf4YB4gCcgZx30eK/w9FpMaLveiNq77EW7qcvJQPcjZ4uLaKkQVODJsd+1CbZF6370aiLxouXLFT3eQI7Ovu6be8D3MmazRPgCV36qzMwONqrXE/JbMFMKe5l1e4Y6avMejrj43BMgGo2u8LimCWkBeNwqIjH7plwbpDKo4OKZVbrzSZ0hplUDd/jMrb6Ulbc04uMeEigehrhSsZ0ZwoDiZcf/fDIclaTGNMl40N2wBiqdnw9uKTqD1YxzqDQ7vgiXG55ae31lvevPTgk/lLvpwzlyitjGs+6LJPu/wSCKA2VIyhJfK+8EnItEKjBUrXdOklBdOmTpUpdQ+zfd2NCrFRDJZKl26Uh412adFEkqY37O/0FbSCpAIsUCvaItcqK7qh5Rq26hVR0nS1MRs+MjGBzGqudXPQZHy+Yp7AlAa5UgJUaAwn2b/id6kNdv6hNWqSzHvOAVKdgC9/j0yN1VJD92+IoJTTiXsMQELcgm1Ehj2GZpTHu+GPuaOovHBnZMq/Kg4nUS+ig86X01jV28uGGtglERf1HqVQpdZwbrXtUqH0cbjlvUwQ1j7zp9yhs+0ta87v0I+elAZhXzqvehMiLJu2o9/k2+4dPvkEscduHOU6jZqe8ndNEMQWiaZEYJKxNWPTaQ6nZSlFTsT7GlENeJlFzlw8QkyRJPMBWkXuaymQUcu43Pm+gAjinHSAGUeaSaIdL2Yb0M88qNwG+UlNEslx/J37pA1oMJyxb7XOeySxkP7dXi5JvygLIfkEA3ENC4NHU9nsUvTvp5AZidZCxxtYCNYfjY6xyrlfnE+V+us31LA9Wc/tKa4y3Ldj30IT2sssUrdZ0l7UbwfcZT42ZeJpxDofpZ2rjgswTs0Upr72VuOCzjpKa1CJwxhVVtPVJJovcXp4bsNPJers+yIYfTl1aqaf4qSzU5OL/cze2e6qAh7622zEa/q6klpUx9b1f8YGlQhjQcy3++JnwwsHR71Ofh9woXq57LDCHFA6f95zdkadDDhwgRcvWVnbA2Szps8iJv7h2m25qZPFtN6puJj3RlmT6hnfBeYCjpfy/2TxyCqm6bG3HZxGuhzWs2ZGxzsjBJ3ueO1pAOjtDhkRqzoWt/v2o367IYP7iTcp4pi+qJHIWCN1ElDI0BVoZ+Xq9iLfKmjrjcxQ7EYGHfQDE52QaCQ3nMB7oiqncZ1Q5n/ICDHha9RkPP9V9vWiJIZwgOJtPfGzsGQ9AigH6po65IJyxmY5upuhg7DTmsLQnKC/fwjkBF9So/4cdZuqDbxGrDDOgpL7uvWXANRNMrqYoMFUG7M90QJHj7NgSL+B6mSNwa9ctTua7Estkoyvavda3Bl3qHQ0Hva5gjSg6elL6PQ4ksqhESvjztuy58qk9aZHsQB8ZKRu8VSay40a/3ueX6bnd0hwsYy42aWJR1z+uie3yTWPuG2JZ7DjkgDduWdC+cxfvTVTG58E5luafy5j/t85UVoB2nr46VHlt/vg4M9G8/4F0d0Y6ThI4/XTfg6l1vq5ouzhQxd+SRwnuXieZy+4/2XKJnrV6t+JbNAvwdGR1V9VPLlnb+IqpvOCYyL1YLYSlNubb9HU0wxVPppGSpJLmi+njQzl71PBgMm6QV9j889wPUo387fRbJjXbSSVLon61xk/4dNvjsgfv9rF+/qEML0q4tXBJVOJ1iwKjn84Nk6vdHM3Hu8knp0hYFa4AECYKInSTVXajWAKFx4SOq8G8MA/0YlIN872LBjUm2GKs17wsJuWID+mSyVE5pV5gQ+r92YvPcC+yIvB8hTTaRclAP/KyJesDTA=="
}
}
}'
sleep 0.1
code=$(curl -v -k -i -m 20 -o /dev/null -s -w %{http_code} http://127.0.0.1:9080/hello)
if [ ! $code -eq 502 ]; then
echo "failed: should fail when proxy_ssl_verify is enabled and ssl_trusted_certificate is wrong ca cert"
exit 1
fi
sleep 0.1
make stop
if ! grep -E 'self-signed certificate' logs/error.log; then
echo "failed: should got 'self-signed certificate' when ssl_trusted_certificate is wrong ca cert"
exit 1
fi
echo "passed: when proxy_ssl_verify is enabled and ssl_trusted_certificate is wrong ca cert, got 502"
# test combined proxy_ssl_trusted_certificate success
echo '
apisix:
ssl:
ssl_trusted_certificate: t/certs/apisix.crt
nginx_config:
http_configuration_snippet: |
server {
listen 1983 ssl;
server_name test.com;
ssl_certificate ../t/certs/apisix.crt;
ssl_certificate_key ../t/certs/apisix.key;
location /hello {
return 200 "hello world";
}
}
http_server_configuration_snippet: |
proxy_ssl_verify on;
' > conf/config.yaml
rm logs/error.log || true
make init
make run
sleep 0.1
curl -k -i http://127.0.0.1:9180/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
{
"uri": "/hello",
"upstream": {
"pass_host": "rewrite",
"nodes": {
"127.0.0.1:1983": 1
},
"scheme": "https",
"hash_on": "vars",
"upstream_host": "test.com",
"type": "roundrobin",
"tls": {
"client_cert": "-----BEGIN CERTIFICATE-----\nMIIEojCCAwqgAwIBAgIJAK253pMhgCkxMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV\nBAYTAkNOMRIwEAYDVQQIDAlHdWFuZ0RvbmcxDzANBgNVBAcMBlpodUhhaTEPMA0G\nA1UECgwGaXJlc3R5MREwDwYDVQQDDAh0ZXN0LmNvbTAgFw0xOTA2MjQyMjE4MDVa\nGA8yMTE5MDUzMTIyMTgwNVowVjELMAkGA1UEBhMCQ04xEjAQBgNVBAgMCUd1YW5n\nRG9uZzEPMA0GA1UEBwwGWmh1SGFpMQ8wDQYDVQQKDAZpcmVzdHkxETAPBgNVBAMM\nCHRlc3QuY29tMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAyCM0rqJe\ncvgnCfOw4fATotPwk5Ba0gC2YvIrO+gSbQkyxXF5jhZB3W6BkWUWR4oNFLLSqcVb\nVDPitz/Mt46Mo8amuS6zTbQetGnBARzPLtmVhJfoeLj0efMiOepOSZflj9Ob4yKR\n2bGdEFOdHPjm+4ggXU9jMKeLqdVvxll/JiVFBW5smPtW1Oc/BV5terhscJdOgmRr\nabf9xiIis9/qVYfyGn52u9452V0owUuwP7nZ01jt6iMWEGeQU6mwPENgvj1olji2\nWjdG2UwpUVp3jp3l7j1ekQ6mI0F7yI+LeHzfUwiyVt1TmtMWn1ztk6FfLRqwJWR/\nEvm95vnfS3Le4S2ky3XAgn2UnCMyej3wDN6qHR1onpRVeXhrBajbCRDRBMwaNw/1\n/3Uvza8QKK10PzQR6OcQ0xo9psMkd9j9ts/dTuo2fzaqpIfyUbPST4GdqNG9NyIh\n/B9g26/0EWcjyO7mYVkaycrtLMaXm1u9jyRmcQQI1cGrGwyXbrieNp63AgMBAAGj\ncTBvMB0GA1UdDgQWBBSZtSvV8mBwl0bpkvFtgyiOUUcbszAfBgNVHSMEGDAWgBSZ\ntSvV8mBwl0bpkvFtgyiOUUcbszAMBgNVHRMEBTADAQH/MB8GA1UdEQQYMBaCCHRl\nc3QuY29tggoqLnRlc3QuY29tMA0GCSqGSIb3DQEBCwUAA4IBgQAHGEul/x7ViVgC\ntC8CbXEslYEkj1XVr2Y4hXZXAXKd3W7V3TC8rqWWBbr6L/tsSVFt126V5WyRmOaY\n1A5pju8VhnkhYxYfZALQxJN2tZPFVeME9iGJ9BE1wPtpMgITX8Rt9kbNlENfAgOl\nPYzrUZN1YUQjX+X8t8/1VkSmyZysr6ngJ46/M8F16gfYXc9zFj846Z9VST0zCKob\nrJs3GtHOkS9zGGldqKKCj+Awl0jvTstI4qtS1ED92tcnJh5j/SSXCAB5FgnpKZWy\nhme45nBQj86rJ8FhN+/aQ9H9/2Ib6Q4wbpaIvf4lQdLUEcWAeZGW6Rk0JURwEog1\n7/mMgkapDglgeFx9f/XztSTrkHTaX4Obr+nYrZ2V4KOB4llZnK5GeNjDrOOJDk2y\nIJFgBOZJWyS93dQfuKEj42hA79MuX64lMSCVQSjX+ipR289GQZqFrIhiJxLyA+Ve\nU/OOcSRr39Kuis/JJ+DkgHYa/PWHZhnJQBxcqXXk1bJGw9BNbhM=\n-----END CERTIFICATE-----\n",
"client_key": "HrMHUvE9Esvn7GnZ+vAynaIg/8wlB3r0zm0htmnwofYLp1VhtLeU1EmMJkPLUkcn2+v6Uav9bOQMkPdSpUMcEpRplLSXs+miu+B07CCUnsMrXkfQawRMIoePJZSLH5+PfDAlWIK2Q+ruYnjtnpNziiAtXf/HRRwHHMelnfedXqD8kn3Toe46ZYyBir99o/r/do5ludez5oY7qhOgNSWKCfnZE8Ip82g7t7n7jsAf5tTdRulUGBQ4ITV2zM3cxpD0PWnWMbOfygZIDxR8QU9wj8ihuFL1s1NM8PplcKbUxC4QlrSN+ZNkr6mxy+akPmXlABwcFIiSK7c/xvU1NjoILnhPpL6aRpbhmQX/a1XUCl+2INlQ5QbXbTN+JmDBhrU9NiYecRJMfmA1N/lhwgt01tUnxMoAhfpUVgEbZNalCJt+wn8TC+Xp3DZ0bCpXrfzqsprGKan9qC3mCN03jj50JyGFL+xt8wX8D0uaIsu4cVk4et7kbTIj9rvucsh0cfKn8va8/cdjw5QhFSRBkW5Vuz9NwvzVQ6DHWs1a8VZbN/hERxcbWNk/p1VgGLHioqZZTOd5CYdN4dGjnksjXa0Z77mTSoNx3U79FQPAgUMEA1phnO/jdryM3g5M+UvESXA/75we435xg5tLRDvNwJw2NlosQsGY7fzUi2+HFo436htydRFv8ChHezs2v99mjfCUijrWYoeJ5OB2+KO9XiOIz7gpqhTef9atajSYRhxhcwdCVupC1PrPGn9MzhdQLeqQCJj3kyazPfO3xPkNpMAqd2lXnLR4HGd9SBHe75Sik3jW9W1sUqrn2fDjyWd0jz57pl4qyHjbzjd3uE5qbH/QuYZBIzI9tEn7tj12brWrwHsMt+/4M7zp8Opsia64V3Y7ICLIi7fiYfr70RujXyn8Ik5TB1QC98JrnDjgQlTPDhHLk1r8XhZXqIIg6DmaN7UUjIuZhKxARTs8b5WMPvVV4GownlPN28sHIMAX84BNbP0597Fxipwp2oTMFKTzvxm+QUtbWvIPzF3n25L4sPCyUx5PRIRCJ5kDNQfhiN6o3Y/fAY0PyxI06PWYoNvSn3uO24XNXbF3RkpwKtV8n/iNo5dyM1VqFPWDuKRSLHY7E4lQTdqx4/n+rrnoH6SlmQ0zwxwxBeAz/TvkmiW7WLe3C5cUDKF9yYwvAe8ek4oTR3GxaiDWjNFsu7DUoDjpH5f3IxrX2IN4FyzE47hMeg4muPov7h74WwosqgnfmwoAEFV4+ldmzpdSjghZoF2M9EZI24Xa9rVdd6j2t6IjX20oL+SLQL/9HppMi1nC+3Zby1WOvuTR4g8K1QP75OeY4xTD1iEAXpd0WOX7C3ndceVF4THLCI4Imcf9FH9MBrE55FPMEsAk54HiAoyMd6tgqv/akRqmuAmnSsrWALhqiCnAVh2uzk644gSzmsFbh7zF33qrcafPpU4PxUEvpqbLz7asoNUDf4YB4gCcgZx30eK/w9FpMaLveiNq77EW7qcvJQPcjZ4uLaKkQVODJsd+1CbZF6370aiLxouXLFT3eQI7Ovu6be8D3MmazRPgCV36qzMwONqrXE/JbMFMKe5l1e4Y6avMejrj43BMgGo2u8LimCWkBeNwqIjH7plwbpDKo4OKZVbrzSZ0hplUDd/jMrb6Ulbc04uMeEigehrhSsZ0ZwoDiZcf/fDIclaTGNMl40N2wBiqdnw9uKTqD1YxzqDQ7vgiXG55ae31lvevPTgk/lLvpwzlyitjGs+6LJPu/wSCKA2VIyhJfK+8EnItEKjBUrXdOklBdOmTpUpdQ+zfd2NCrFRDJZKl26Uh412adFEkqY37O/0FbSCpAIsUCvaItcqK7qh5Rq26hVR0nS1MRs+MjGBzGqudXPQZHy+Yp7AlAa5UgJUaAwn2b/id6kNdv6hNWqSzHvOAVKdgC9/j0yN1VJD92+IoJTTiXsMQELcgm1Ehj2GZpTHu+GPuaOovHBnZMq/Kg4nUS+ig86X01jV28uGGtglERf1HqVQpdZwbrXtUqH0cbjlvUwQ1j7zp9yhs+0ta87v0I+elAZhXzqvehMiLJu2o9/k2+4dPvkEscduHOU6jZqe8ndNEMQWiaZEYJKxNWPTaQ6nZSlFTsT7GlENeJlFzlw8QkyRJPMBWkXuaymQUcu43Pm+gAjinHSAGUeaSaIdL2Yb0M88qNwG+UlNEslx/J37pA1oMJyxb7XOeySxkP7dXi5JvygLIfkEA3ENC4NHU9nsUvTvp5AZidZCxxtYCNYfjY6xyrlfnE+V+us31LA9Wc/tKa4y3Ldj30IT2sssUrdZ0l7UbwfcZT42ZeJpxDofpZ2rjgswTs0Upr72VuOCzjpKa1CJwxhVVtPVJJovcXp4bsNPJers+yIYfTl1aqaf4qSzU5OL/cze2e6qAh7622zEa/q6klpUx9b1f8YGlQhjQcy3++JnwwsHR71Ofh9woXq57LDCHFA6f95zdkadDDhwgRcvWVnbA2Szps8iJv7h2m25qZPFtN6puJj3RlmT6hnfBeYCjpfy/2TxyCqm6bG3HZxGuhzWs2ZGxzsjBJ3ueO1pAOjtDhkRqzoWt/v2o367IYP7iTcp4pi+qJHIWCN1ElDI0BVoZ+Xq9iLfKmjrjcxQ7EYGHfQDE52QaCQ3nMB7oiqncZ1Q5n/ICDHha9RkPP9V9vWiJIZwgOJtPfGzsGQ9AigH6po65IJyxmY5upuhg7DTmsLQnKC/fwjkBF9So/4cdZuqDbxGrDDOgpL7uvWXANRNMrqYoMFUG7M90QJHj7NgSL+B6mSNwa9ctTua7Estkoyvavda3Bl3qHQ0Hva5gjSg6elL6PQ4ksqhESvjztuy58qk9aZHsQB8ZKRu8VSay40a/3ueX6bnd0hwsYy42aWJR1z+uie3yTWPuG2JZ7DjkgDduWdC+cxfvTVTG58E5luafy5j/t85UVoB2nr46VHlt/vg4M9G8/4F0d0Y6ThI4/XTfg6l1vq5ouzhQxd+SRwnuXieZy+4/2XKJnrV6t+JbNAvwdGR1V9VPLlnb+IqpvOCYyL1YLYSlNubb9HU0wxVPppGSpJLmi+njQzl71PBgMm6QV9j889wPUo387fRbJjXbSSVLon61xk/4dNvjsgfv9rF+/qEML0q4tXBJVOJ1iwKjn84Nk6vdHM3Hu8knp0hYFa4AECYKInSTVXajWAKFx4SOq8G8MA/0YlIN872LBjUm2GKs17wsJuWID+mSyVE5pV5gQ+r92YvPcC+yIvB8hTTaRclAP/KyJesDTA=="
}
}
}'
sleep 1
code=$(curl -v -k -i -m 20 -o /dev/null -s -w %{http_code} http://127.0.0.1:9080/hello)
if [ ! $code -eq 200 ]; then
echo "failed: connection to upstream with mTLS failed"
exit 1
fi
sleep 0.1
make stop
echo "passed: connection to upstream with mTLS success"

206
CloudronPackages/APISIX/apisix-source/t/cli/test_validate_config.sh Executable file
View File

@@ -0,0 +1,206 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# validate the config.yaml
. ./t/cli/common.sh
echo '
discovery:
nacos:
host: "127.0.0.1"
' > conf/config.yaml
out=$(make init 2>&1 || true)
if ! echo "$out" | grep 'property "host" validation failed: wrong type: expected array, got string'; then
echo "failed: should check discovery schema during init"
exit 1
fi
echo '
discovery:
unknown:
host: "127.0.0.1"
' > conf/config.yaml
if ! make init; then
echo "failed: should ignore discovery without schema"
exit 1
fi
echo "passed: check discovery schema during init"
echo '
apisix:
dns_resolver_valid: "/apisix"
' > conf/config.yaml
out=$(make init 2>&1 || true)
if ! echo "$out" | grep 'property "dns_resolver_valid" validation failed: wrong type: expected integer, got string'; then
echo "failed: dns_resolver_valid should be a number"
exit 1
fi
echo "passed: dns_resolver_valid should be a number"
echo '
apisix:
ssl:
ssl_trusted_certificate: t/certs/mtls_ca.crt
' > conf/config.yaml
out=$(make run 2>&1)
if echo "$out" | grep 'no such file'; then
echo "failed: find the certificate correctly"
exit 1
fi
make stop
echo "passed: find the certificate correctly"
echo '
deployment:
admin:
admin_listen:
port: 9180
apisix:
node_listen: 9080
enable_admin: true
proxy_mode: http&stream
stream_proxy:
tcp:
- "localhost:9100"
udp:
- "127.0.0.1:9101"
' > conf/config.yaml
out=$(make run 2>&1 || echo "ouch")
if echo "$out" | grep 'ouch'; then
echo "failed: allow configuring address in stream_proxy"
exit 1
fi
make stop
echo "passed: allow configuring address in stream_proxy"
# apisix test
git checkout conf/config.yaml
out=$(./bin/apisix test 2>&1 || true)
if ! echo "$out" | grep "configuration test is successful"; then
echo "failed: configuration test should be successful"
exit 1
fi
echo "pass: apisix test"
./bin/apisix start
sleep 1 # wait for apisix starts
# set invalid configuration
echo '
nginx_config:
main_configuration_snippet: |
notexist on;
' > conf/config.yaml
# apisix restart
out=$(./bin/apisix restart 2>&1 || true)
if ! (echo "$out" | grep "\[emerg\] unknown directive \"notexist\"") && ! (echo "$out" | grep "the old APISIX is still running"); then
echo "failed: should restart failed when configuration invalid"
exit 1
fi
echo "passed: apisix restart"
# apisix test - failure scenario
out=$(./bin/apisix test 2>&1 || true)
if ! echo "$out" | grep "configuration test failed"; then
echo "failed: should test failed when configuration invalid"
exit 1
fi
# apisix test failure should not affect apisix stop
out=$(./bin/apisix stop 2>&1 || true)
if echo "$out" | grep "\[emerg\] unknown directive \"notexist\""; then
echo "failed: `apisix test` failure should not affect `apisix stop`"
exit 1
fi
echo "passed: apisix test(failure scenario)"
# apisix plugin batch-requests real_ip_from invalid - failure scenario
echo '
plugins:
- batch-requests
nginx_config:
http:
real_ip_from:
- "128.0.0.2"
' > conf/config.yaml
out=$(make init 2>&1 || true)
if ! echo "$out" | grep "missing loopback or unspecified in the nginx_config.http.real_ip_from for plugin batch-requests"; then
echo "failed: should check the realip configuration for batch-requests"
exit 1
fi
echo "passed: apisix plugin batch-requests real_ip_from(failure scenario)"
# apisix plugin batch-requests real_ip_from valid
echo '
plugins:
- batch-requests
nginx_config:
http:
real_ip_from:
- "127.0.0.1"
- "127.0.0.2/8"
- "0.0.0.0"
- "0.0.0.0/0"
- "::"
- "::/0"
- "unix:"
' > conf/config.yaml
out=$(make init 2>&1)
if echo "$out" | grep "missing loopback or unspecified in the nginx_config.http.real_ip_from for plugin batch-requests"; then
echo "failed: should check the realip configuration for batch-requests"
exit 1
fi
echo "passed: check the realip configuration for batch-requests"
echo '
deployment:
role: traditional
role_traditional:
config_provider: etcd
etcd:
host:
- 127.0.0.1
' > conf/config.yaml
out=$(make init 2>&1 || true)
if ! echo "$out" | grep 'property "host" validation failed'; then
echo "failed: should check etcd schema during init"
exit 1
fi
echo "passed: check etcd schema during init"

66
CloudronPackages/APISIX/apisix-source/t/cli/test_wasm.sh Executable file
View File

@@ -0,0 +1,66 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
. ./t/cli/common.sh
exit_if_not_customed_nginx
echo '
wasm:
plugins:
- name: wasm_log
file: t/wasm/log/main.go.wasm
' > conf/config.yaml
out=$(make init 2>&1 || true)
if ! echo "$out" | grep 'property "priority" is required'; then
echo "failed: priority is required"
exit 1
fi
echo '
wasm:
plugins:
- name: wasm_log
priority: 888
' > conf/config.yaml
out=$(make init 2>&1 || true)
if ! echo "$out" | grep 'property "file" is required'; then
echo "failed: file is required"
exit 1
fi
echo "passed: wasm configuration is validated"
echo '
wasm:
plugins:
- name: wasm_log
priority: 7999
file: t/wasm/log/main.go.wasm
' > conf/config.yaml
make init
if ! grep "wasm_vm " conf/nginx.conf; then
echo "failed: wasm isn't enabled"
exit 1
fi
echo "passed: wasm is enabled"

48
CloudronPackages/APISIX/apisix-source/t/cli/test_zipkin_set_ngx_var.sh Executable file
View File

@@ -0,0 +1,48 @@
#!/usr/bin/env bash
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
. ./t/cli/common.sh
echo '
plugins:
- zipkin
plugin_attr:
zipkin:
set_ngx_var: true
' > conf/config.yaml
make init
if ! grep "set \$zipkin_context_traceparent '';" conf/nginx.conf > /dev/null; then
echo "failed: zipkin_context_traceparent not found in nginx.conf"
exit 1
fi
if ! grep "set \$zipkin_trace_id '';" conf/nginx.conf > /dev/null; then
echo "failed: zipkin_trace_id not found in nginx.conf"
exit 1
fi
if ! grep "set \$zipkin_span_id '';" conf/nginx.conf > /dev/null; then
echo "failed: zipkin_span_id not found in nginx.conf"
exit 1
fi
echo "passed: zipkin_set_ngx_var configuration is validated"