feat(clustering/rpc): add support for cert details (#14050)

Follow up of #14046 KAG-6084
Kong · Dec 30, 2024 · 0ebc358 · 0ebc358 · github-actions · Dec 30, 2024
1 parent d303ae6
commit 0ebc358
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 12 deletions.
diff --git a/kong/clustering/rpc/manager.lua b/kong/clustering/rpc/manager.lua
@@ -146,7 +146,7 @@ end
 
 
 -- CP => DP
-function _M:_handle_meta_call(c)
+function _M:_handle_meta_call(c, cert)
   local data, typ, err = c:recv_frame()
   if err then
     return nil, err
@@ -226,11 +226,17 @@ function _M:_handle_meta_call(c)
     end
   end
 
+  -- values in cert_details must be strings
+  local cert_details = {
+    expiry_timestamp = cert:get_not_after(),
+  }
+
   -- store DP's ip addr
   self.client_info[node_id] = {
     ip = ngx_var.remote_addr,
     version = info.kong_version,
     labels = labels,
+    cert_details = cert_details,
   }
 
   return node_id
@@ -450,7 +456,7 @@ function _M:handle_websocket()
   end
 
   -- if timeout (default is 5s) we will close the connection
-  local node_id, err = self:_handle_meta_call(wb)
+  local node_id, err = self:_handle_meta_call(wb, cert)
   if not node_id then
     ngx_log(ngx_ERR, _log_prefix, "unable to handshake with client: ", err)
     return ngx_exit(ngx.HTTP_CLOSE)

diff --git a/kong/clustering/services/sync/rpc.lua b/kong/clustering/services/sync/rpc.lua
@@ -86,6 +86,7 @@ function _M:init_cp(manager)
       ip = node_info.ip,   -- get the correct ip
       version = node_info.version,    -- get from rpc call
       labels = node_info.labels,    -- get from rpc call
+      cert_details = node_info.cert_details,  -- get from rpc call
       sync_status = CLUSTERING_SYNC_STATUS.NORMAL,
       config_hash = fmt("%032d", default_namespace_version),
       rpc_capabilities = rpc_peers and rpc_peers[node_id] or {},

diff --git a/spec/02-integration/09-hybrid_mode/01-sync_spec.lua b/spec/02-integration/09-hybrid_mode/01-sync_spec.lua
@@ -861,11 +861,7 @@ describe("CP/DP cert details(cluster_mtls = shared) #" .. strategy, function()
 
         for _, v in pairs(json.data) do
           if v.ip == "127.0.0.1" then
-            -- TODO: The API output does include labels and certs when the
-            --       rpc sync is enabled.
-            if rpc_sync == "off" then
-              assert.equal(1888983905, v.cert_details.expiry_timestamp)
-            end
+            assert.equal(1888983905, v.cert_details.expiry_timestamp)
             return true
           end
         end
@@ -930,11 +926,7 @@ describe("CP/DP cert details(cluster_mtls = pki) #" .. strategy, function()
 
         for _, v in pairs(json.data) do
           if v.ip == "127.0.0.1" then
-            -- TODO: The API output does include labels and certs when the
-            --       rpc sync is enabled.
-            if rpc_sync == "off" then
-              assert.equal(1897136778, v.cert_details.expiry_timestamp)
-            end
+            assert.equal(1897136778, v.cert_details.expiry_timestamp)
             return true
           end
         end