Skip to content

Commit

Permalink
change: creating core resources does not allow passing in `create_tim…
Browse files Browse the repository at this point in the history 
…e` and `update_time` (#10232)
  • Loading branch information
@Sn0rt
Sn0rt authored Oct 7, 2023
1 parent 105993f commit 4c5a109
Show file tree
Hide file tree
Showing 8 changed files with 92 additions and 138 deletions.
45 changes: 43 additions & 2 deletions apisix/admin/resource.lua
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ local utils = require("apisix.admin.utils")
local apisix_ssl = require("apisix.ssl")
local setmetatable = setmetatable
local tostring = tostring
local ipairs = ipairs
local type = type


Expand Down Expand Up @@ -49,7 +50,38 @@ local function split_typ_and_id(id, sub_path)
end


function _M:check_conf(id, conf, need_id, typ)
local function check_forbidden_properties(conf, forbidden_properties)
local not_allow_properties = "the property is forbidden: "

if conf then
for _, v in ipairs(forbidden_properties) do
if conf[v] then
return not_allow_properties .. " " .. v
end
end

if conf.upstream then
for _, v in ipairs(forbidden_properties) do
if conf.upstream[v] then
return not_allow_properties .. " upstream." .. v
end
end
end

if conf.plugins then
for _, v in ipairs(forbidden_properties) do
if conf.plugins[v] then
return not_allow_properties .. " plugins." .. v
end
end
end
end

return nil
end


function _M:check_conf(id, conf, need_id, typ, allow_time)
if self.name == "secrets" then
id = typ .. "/" .. id
end
Expand All @@ -76,6 +108,15 @@ function _M:check_conf(id, conf, need_id, typ)
conf.id = id
end

-- check create time and update time
if not allow_time then
local forbidden_properties = {"create_time", "update_time"}
local err = check_forbidden_properties(conf, forbidden_properties)
if err then
return nil, {error_msg = err}
end
end

core.log.info("conf : ", core.json.delay_encode(conf))

-- check the resource own rules
Expand Down Expand Up @@ -355,7 +396,7 @@ function _M:patch(id, conf, sub_path, args)

core.log.info("new conf: ", core.json.delay_encode(node_value, true))

local ok, err = self:check_conf(id, node_value, true, typ)
local ok, err = self:check_conf(id, node_value, true, typ, true)
if not ok then
return 400, err
end
Expand Down
24 changes: 3 additions & 21 deletions docs/en/latest/admin-api.md
View file

Large diffs are not rendered by default.

16 changes: 0 additions & 16 deletions docs/zh/latest/admin-api.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -326,8 +326,6 @@ Route 也称之为路由,可以通过定义一些规则来匹配客户端的
| timeout | 否 | 辅助 | 为 Route 设置 Upstream 连接、发送消息和接收消息的超时时间(单位为秒)。该配置将会覆盖在 Upstream 中配置的 [timeout](#upstream) 选项。 | {"connect": 3, "send": 3, "read": 3} |
| enable_websocket | 否 | 辅助 | 当设置为 `true` 时,启用 `websocket`(boolean), 默认值为 `false`。 | |
| status | 否 | 辅助 | 当设置为 `1` 时,启用该路由,默认值为 `1`。 | `1` 表示启用,`0` 表示禁用。 |
| create_time | 否 | 辅助 | epoch 时间戳,单位为秒。如果不指定则自动创建。 | 1602883670 |
| update_time | 否 | 辅助 | epoch 时间戳,单位为秒。如果不指定则自动创建。 | 1602883670 |

:::note 注意

Expand Down Expand Up @@ -637,8 +635,6 @@ Service 是某类 API 的抽象(也可以理解为一组 Route 的抽象)。
| labels | 否 | 匹配规则 | 标识附加属性的键值对。 | {"version":"v2","build":"16","env":"production"} |
| enable_websocket | 否 | 辅助 | `websocket`(boolean) 配置,默认值为 `false`。 | |
| hosts | 否 | 匹配规则 | 非空列表形态的 `host`,表示允许有多个不同 `host`,匹配其中任意一个即可。| ["foo.com", "\*.bar.com"] |
| create_time | 否 | 辅助 | epoch 时间戳,单位为秒。如果不指定则自动创建。 | 1602883670 |
| update_time | 否 | 辅助 | epoch 时间戳,单位为秒。如果不指定则自动创建。 | 1602883670 |

Service 对象 JSON 配置示例:

Expand Down Expand Up @@ -822,8 +818,6 @@ Consumer 资源请求地址:/apisix/admin/consumers/{username}
| plugins | 否 | Plugin | 该 Consumer 对应的插件配置,它的优先级是最高的:Consumer > Route > Plugin Config > Service。对于具体插件配置,请参考 [Plugins](#plugin)。 | |
| desc | 否 | 辅助 | consumer 描述。 | |
| labels | 否 | 匹配规则 | 标识附加属性的键值对。 | {"version":"v2","build":"16","env":"production"} |
| create_time | 否 | 辅助 | epoch 时间戳,单位为秒。如果不指定则自动创建。 | 1602883670 |
| update_time | 否 | 辅助 | epoch 时间戳,单位为秒。如果不指定则自动创建。 | 1602883670 |

Consumer 对象 JSON 配置示例:

Expand Down Expand Up @@ -919,8 +913,6 @@ APISIX 的 Upstream 除了基本的负载均衡算法选择外,还支持对上
| upstream_host | 否 | 辅助 | 指定上游请求的 host,只在 `pass_host` 配置为 `rewrite` 时有效。 | |
| scheme | 否 | 辅助 | 跟上游通信时使用的 scheme。对于 7 层代理,可选值为 [`http`, `https`, `grpc`, `grpcs`]。对于 4 层代理,可选值为 [`tcp`, `udp`, `tls`]。默认值为 `http`,详细信息请参考下文。 |
| labels | 否 | 匹配规则 | 标识附加属性的键值对。 | {"version":"v2","build":"16","env":"production"} |
| create_time | 否 | 辅助 | epoch 时间戳,单位为秒。如果不指定则自动创建。 | 1602883670 |
| update_time | 否 | 辅助 | epoch 时间戳,单位为秒。如果不指定则自动创建。 | 1602883670 |
| tls.client_cert | 否,不能和 `tls.client_cert_id` 一起使用 | https 证书 | 设置跟上游通信时的客户端证书,详细信息请参考下文。 | |
| tls.client_key | 否,不能和 `tls.client_cert_id` 一起使用 | https 证书私钥 | 设置跟上游通信时的客户端私钥,详细信息请参考下文。 | |
| tls.client_cert_id | 否,不能和 `tls.client_cert`、`tls.client_key` 一起使用 | SSL | 设置引用的 SSL id,详见 [SSL](#ssl)。 | |
Expand Down Expand Up @@ -1210,8 +1202,6 @@ SSL 资源请求地址:/apisix/admin/ssls/{id}
| client.skip_mtls_uri_regex || PCRE 正则表达式数组 | 用来匹配请求的 URI,如果匹配,则该请求将绕过客户端证书的检查,也就是跳过 MTLS。 | ["/hello[0-9]+", "/foobar"] |
| snis || 匹配规则 | 非空数组形式,可以匹配多个 SNI。 | |
| labels || 匹配规则 | 标识附加属性的键值对。 | {"version":"v2","build":"16","env":"production"} |
| create_time || 辅助 | epoch 时间戳,单位为秒。如果不指定则自动创建。 | 1602883670 |
| update_time || 辅助 | epoch 时间戳,单位为秒。如果不指定则自动创建。 | 1602883670 |
| type || 辅助 | 标识证书的类型,默认值为 `server`| `client` 表示证书是客户端证书,APISIX 访问上游时使用;`server` 表示证书是服务端证书,APISIX 验证客户端请求时使用。 |
| status || 辅助 | 当设置为 `1` 时,启用此 SSL,默认值为 `1`| `1` 表示启用,`0` 表示禁用 |
| ssl_protocols || tls 协议字符串数组 | 用于控制服务器与客户端之间使用的 SSL/TLS 协议版本。更多的配置示例,请参考[SSL 协议](./ssl-protocol.md)。 | |
Expand Down Expand Up @@ -1253,8 +1243,6 @@ Global Rule 资源请求地址:/apisix/admin/global_rules/{id}
| 名称 | 必选项 | 类型 | 描述 | 示例值 |
| ----------- | ------ | ------ | ------------------------------------------------- | ---------- |
| plugins || Plugin | 插件配置。详细信息请参考 [Plugin](terminology/plugin.md)。 | |
| create_time || 辅助 | epoch 时间戳,单位为秒,如果不指定则自动创建。 | 1602883670 |
| update_time || 辅助 | epoch 时间戳,单位为秒,如果不指定则自动创建。 | 1602883670 |

## Consumer Group

Expand Down Expand Up @@ -1282,8 +1270,6 @@ Consumer Group 资源请求地址:/apisix/admin/consumer_groups/{id}
|plugins ||Plugin| 插件配置。详细信息请参考 [Plugin](terminology/plugin.md)。 | |
|desc || 辅助 | 标识描述、使用场景等。 | Consumer 测试。|
|labels || 辅助 | 标识附加属性的键值对。 |{"version":"v2","build":"16","env":"production"}|
|create_time|| 辅助 | epoch 时间戳,单位为秒,如果不指定则自动创建。 |1602883670|
|update_time|| 辅助 | epoch 时间戳,单位为秒,如果不指定则自动创建。 |1602883670|

## Plugin Config

Expand Down Expand Up @@ -1311,8 +1297,6 @@ Plugin Config 资源请求地址:/apisix/admin/plugin_configs/{id}
|plugins ||Plugin| 更多信息请参考 [Plugin](terminology/plugin.md)。||
|desc || 辅助 | 标识描述、使用场景等。 |customer xxxx|
|labels || 辅助 | 标识附加属性的键值对。 |{"version":"v2","build":"16","env":"production"}|
|create_time|| 辅助 | epoch 时间戳,单位为秒,如果不指定则自动创建。 |1602883670|
|update_time|| 辅助 | epoch 时间戳,单位为秒,如果不指定则自动创建。 |1602883670|

## Plugin Metadata

Expand Down
26 changes: 3 additions & 23 deletions t/admin/consumers.t
View file
Original file line number Diff line number Diff line change
Expand Up @@ -335,26 +335,6 @@ GET /t
}
--- request
GET /t
--- response_body
passed



=== TEST 11: delete test consumer(pony)
--- config
location /t {
content_by_lua_block {
ngx.sleep(0.3)
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/consumers/pony',
ngx.HTTP_DELETE
)

ngx.status = code
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
--- error_code: 400
--- response_body eval
qr/\{"error_msg":"the property is forbidden:.*"\}/
21 changes: 3 additions & 18 deletions t/admin/routes4.t
View file
Original file line number Diff line number Diff line change
Expand Up @@ -790,21 +790,6 @@ passed
ngx.say(body)
}
}
--- response_body
passed
=== TEST 23: delete test route(id : 1)
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, message = t('/apisix/admin/routes/1',
ngx.HTTP_DELETE
)
ngx.say("[delete] code: ", code, " message: ", message)
}
}
--- response_body
[delete] code: 200 message: passed
--- error_code: 400
--- response_body eval
qr/\{"error_msg":"the property is forbidden:.*"\}/
59 changes: 29 additions & 30 deletions t/admin/services.t
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1171,54 +1171,53 @@ GET /t
local code, body = t('/apisix/admin/services/1',
ngx.HTTP_PUT,
[[{
"upstream": {
"nodes": {
"127.0.0.1:8080": 1
},
"type": "roundrobin",
"create_time": 1602883670,
"update_time": 1602893670
}
}]],
[[{
"value": {
"upstream": {
"nodes": {
"127.0.0.1:8080": 1
},
"type": "roundrobin",
"create_time": 1602883670,
"update_time": 1602893670
}
"upstream": {
"nodes": {
"127.0.0.1:8080": 1
},
"key": "/apisix/services/1"
}]]
)

"type": "roundrobin"
},
"create_time": 1602883670,
"update_time": 1602893670
}]])
ngx.status = code
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
--- error_code: 400
--- response_body eval
qr/\{"error_msg":"the property is forbidden:.*"\}/



=== TEST 35: delete test service(id: 1)
=== TEST 35: create service and the built-in resource with create_time and update_time(id: 1)
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, message = t('/apisix/admin/services/1', ngx.HTTP_DELETE)
ngx.say("[delete] code: ", code, " message: ", message)
local code, body = t('/apisix/admin/services/1',
ngx.HTTP_PUT,
[[{
"upstream": {
"type": "roundrobin",
"nodes": {
"127.0.0.1:8080": 1
},
"create_time": 1602883670,
"update_time": 1602893670
}
}]])
ngx.status = code
ngx.say(body)
}
}
--- request
GET /t
--- response_body
[delete] code: 200 message: passed
--- error_code: 400
--- response_body eval
qr/\{"error_msg":"the property is forbidden:.*"\}/



Expand Down
4 changes: 0 additions & 4 deletions t/admin/ssl.t
View file
Original file line number Diff line number Diff line change
Expand Up @@ -555,8 +555,6 @@ GET /t
cert = ssl_cert,
key = ssl_key,
sni = "test.com",
create_time = 1602883670,
update_time = 1602893670,
validity_start = 1602873670,
validity_end = 1603893670
}
Expand All @@ -567,8 +565,6 @@ GET /t
[[{
"value": {
"sni": "test.com",
"create_time": 1602883670,
"update_time": 1602893670,
"validity_start": 1602873670,
"validity_end": 1603893670
},
Expand Down
Loading

0 comments on commit 4c5a109

Please sign in to comment.