From a1f47a7f34ba286270c49f1e51247e5602a34461 Mon Sep 17 00:00:00 2001 From: henryleduc <55436491+henryleduc@users.noreply.github.com> Date: Mon, 7 Oct 2019 14:31:56 +0100 Subject: [PATCH 01/10] chore(docs) update code of conduct #5090 (#5098) --- CODE_OF_CONDUCT.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index b1b9a25c2ec2..0e556447559b 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -55,7 +55,7 @@ further defined and clarified by project maintainers. ## Enforcement Instances of abusive, harassing, or otherwise unacceptable behavior may be -reported by contacting the project team at support@mashape.com. All +reported by contacting the project team at support@konghq.com. All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. From ac3f43abd08f7ac06d80c7d65ba04496b586927a Mon Sep 17 00:00:00 2001 From: SinithH <45849343+SinithH@users.noreply.github.com> Date: Mon, 7 Oct 2019 19:03:17 +0530 Subject: [PATCH 02/10] chore(changelog) fix typos (#5096) --- CHANGELOG.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 480fb7de0199..c071662c6de5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -157,7 +157,7 @@ repository will allow you to do both easily. directives. We have high hopes that this will remove the occasional need for custom Nginx configuration templates. [#4382](https://github.com/Kong/kong/pull/4382) -- :fireworks: New configuration properties allow for controling the behavior of +- :fireworks: New configuration properties allow for controlling the behavior of upstream keepalive connections. `nginx_http_upstream_keepalive_requests` and `nginx_http_upstream_keepalive_timeout` respectively control the maximum number of proxied requests and idle timeout of an upstream connection. @@ -295,7 +295,7 @@ bugfixes. There are no new features nor breaking changes. ##### Core -- Case sentitivity fix when clearing the Upgrade header. +- Case sensitivity fix when clearing the Upgrade header. [#4779](https://github.com/kong/kong/issues/4779) ### Performance From 7f6c09e03369b0e6e461dd32bdfd0389e1bc9cf6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Iv=C3=A1n=20Arjona?= Date: Mon, 7 Oct 2019 15:39:05 +0200 Subject: [PATCH 03/10] chore(github) comment tags to pr template & issue template (#5091) --- .github/ISSUE_TEMPLATE.md | 3 ++- .github/PULL_REQUEST_TEMPLATE.md | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md index f844d3d3ffcc..9a95fb43f8ad 100644 --- a/.github/ISSUE_TEMPLATE.md +++ b/.github/ISSUE_TEMPLATE.md @@ -1,7 +1,8 @@ + ### Summary diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index 6095128d3a75..c83367527502 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -1,7 +1,8 @@ + ### Summary From 28382411e48511d52b43d0647f72bb67fa3da7ee Mon Sep 17 00:00:00 2001 From: veetow Date: Thu, 3 Oct 2019 15:38:54 -0400 Subject: [PATCH 04/10] tests(helpers) avoid deleting prefix in 'start_kong()' with 'KONG_DONT_CLEAN' env From #5092 Signed-off-by: Thibault Charbonnier --- spec/helpers.lua | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/spec/helpers.lua b/spec/helpers.lua index 7c1adafb0233..563ddc7e6aa9 100644 --- a/spec/helpers.lua +++ b/spec/helpers.lua @@ -1480,15 +1480,13 @@ local function kong_exec(cmd, env, pl_returns, env_vars) return exec(env_vars .. " " .. BIN_PATH .. " " .. cmd, pl_returns) end ---- Prepare the Kong environment. --- creates the workdirectory and deletes any existing one. +--- Prepares the Kong environment. +-- Creates the working directory if it does not exist. -- @param prefix (optional) path to the working directory, if omitted the test -- configuration will be used -- @name prepare_prefix local function prepare_prefix(prefix) - prefix = prefix or conf.prefix - exec("rm -rf " .. prefix .. "/*") - return pl_dir.makepath(prefix) + return pl_dir.makepath(prefix or conf.prefix) end --- Cleans the Kong environment. @@ -1653,11 +1651,15 @@ local function start_kong(env, tables, preserve_prefix, fixtures) end env = env or {} local prefix = env.prefix or conf.prefix - if not preserve_prefix then - local ok, err = prepare_prefix(prefix) - if not ok then return nil, err end + + -- note: set env var "KONG_TEST_DONT_CLEAN" !! the "_TEST" will be dropped + if not (preserve_prefix or os.getenv("KONG_DONT_CLEAN")) then + clean_prefix(prefix) end + local ok, err = prepare_prefix(prefix) + if not ok then return nil, err end + truncate_tables(db, tables) local nginx_conf = "" From 893740ec7d6d59d81e7eedd9f930e9ff159c0e12 Mon Sep 17 00:00:00 2001 From: Travis Raines Date: Mon, 23 Sep 2019 16:18:04 -0700 Subject: [PATCH 05/10] fix(conf_loader) escape '#' characters in 'KONG_*' environment variables Automatically escape any unescaped `#` characters in parsed `KONG_*` environment variables. The configuration parser normally strips `#` and all text after to remove comments from `kong.conf` specified values. However, environment variables should never include comments, so this stripping is unnecessary for them, and mangles intended configuration values (e.g. an issue with passwords specified via env variables). Add test helper functions to set and unset environment variables. Fix #4525 From #5062 Signed-off-by: Thibault Charbonnier --- kong/conf_loader.lua | 13 +++++++ spec/01-unit/03-conf_loader_spec.lua | 55 ++++++++++++++++++++++++++++ spec/helpers.lua | 13 +++++++ 3 files changed, 81 insertions(+) diff --git a/kong/conf_loader.lua b/kong/conf_loader.lua index f2a7edaa1119..4ee34e5432b9 100644 --- a/kong/conf_loader.lua +++ b/kong/conf_loader.lua @@ -536,6 +536,7 @@ local function overrides(k, default_v, opts, file_conf, arg_conf) opts = opts or {} local value -- definitive value for this property + local escape -- whether to escape a value's octothorpes -- default values have lowest priority @@ -563,12 +564,24 @@ local function overrides(k, default_v, opts, file_conf, arg_conf) end log.debug('%s ENV found with "%s"', env_name, to_print) + value = env + escape = true end -- arg_conf have highest priority if arg_conf and arg_conf[k] ~= nil then value = arg_conf[k] + escape = true + end + + if escape and type(value) == "string" then + -- Escape "#" in env vars or overrides to avoid them being mangled by + -- comments stripping logic. + repeat + local s, n = string.gsub(value, [[([^\])#]], [[%1\#]]) + value = s + until n == 0 end return value, k diff --git a/spec/01-unit/03-conf_loader_spec.lua b/spec/01-unit/03-conf_loader_spec.lua index 9b89f416c17e..666ea5f287d5 100644 --- a/spec/01-unit/03-conf_loader_spec.lua +++ b/spec/01-unit/03-conf_loader_spec.lua @@ -229,6 +229,61 @@ describe("Configuration loader", function() local conf = assert(conf_loader("spec/fixtures/to-strip.conf")) assert.equal("test#123", conf.pg_password) end) + it("escapes unescaped octothorpes in environment variables", function() + finally(function() + helpers.unsetenv("KONG_PG_PASSWORD") + end) + helpers.setenv("KONG_PG_PASSWORD", "test#123") + local conf = assert(conf_loader()) + assert.equal("test#123", conf.pg_password) + + helpers.setenv("KONG_PG_PASSWORD", "test#12#3") + local conf = assert(conf_loader()) + assert.equal("test#12#3", conf.pg_password) + + helpers.setenv("KONG_PG_PASSWORD", "test##12##3#") + local conf = assert(conf_loader()) + assert.equal("test##12##3#", conf.pg_password) + end) + it("escapes unescaped octothorpes in custom_conf overrides", function() + local conf = assert(conf_loader(nil, { + pg_password = "test#123", + })) + assert.equal("test#123", conf.pg_password) + + local conf = assert(conf_loader(nil, { + pg_password = "test#12#3", + })) + assert.equal("test#12#3", conf.pg_password) + + local conf = assert(conf_loader(nil, { + pg_password = "test##12##3#", + })) + assert.equal("test##12##3#", conf.pg_password) + end) + it("does not modify existing escaped octothorpes in environment variables", function() + finally(function() + helpers.unsetenv("KONG_PG_PASSWORD") + end) + helpers.setenv("KONG_PG_PASSWORD", [[test\#123]]) + local conf = assert(conf_loader()) + assert.equal("test#123", conf.pg_password) + + helpers.setenv("KONG_PG_PASSWORD", [[test\#\#12\#\#3\#]]) + local conf = assert(conf_loader()) + assert.equal("test##12##3#", conf.pg_password) + end) + it("does not modify existing escaped octothorpes in custom_conf overrides", function() + local conf = assert(conf_loader(nil, { + pg_password = [[test\#123]], + })) + assert.equal("test#123", conf.pg_password) + + local conf = assert(conf_loader(nil, { + pg_password = [[test\#\#12\#\#3\#]], + })) + assert.equal("test##12##3#", conf.pg_password) + end) describe("dynamic directives", function() it("loads flexible prefix based configs from a file", function() diff --git a/spec/helpers.lua b/spec/helpers.lua index 563ddc7e6aa9..577af6d40fc3 100644 --- a/spec/helpers.lua +++ b/spec/helpers.lua @@ -46,6 +46,13 @@ local http = require "resty.http" local nginx_signals = require "kong.cmd.utils.nginx_signals" local log = require "kong.cmd.utils.log" local DB = require "kong.db" +local ffi = require "ffi" + + +ffi.cdef [[ + int setenv(const char *name, const char *value, int overwrite); + int unsetenv(const char *name); +]] log.set_lvl(log.levels.quiet) -- disable stdout logs in tests @@ -1970,6 +1977,12 @@ return { wait_pid(pid_path, timeout) end end, + setenv = function(env, value) + return ffi.C.setenv(env, value, 1) == 0 + end, + unsetenv = function(env) + return ffi.C.unsetenv(env) == 0 + end, make_yaml_file = make_yaml_file, } From 4939dc88ff69a1623f5dce97370d7e4a37edf150 Mon Sep 17 00:00:00 2001 From: jeremyjpj0916 <31913027+jeremyjpj0916@users.noreply.github.com> Date: Mon, 14 Oct 2019 10:04:58 -0400 Subject: [PATCH 06/10] fix(jwt) handle empty string claims (#5123) Fixes jwt plugin from throwing a 500, and throws a 401 instead. --- kong/plugins/jwt/handler.lua | 4 +++- spec/03-plugins/16-jwt/03-access_spec.lua | 16 ++++++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/kong/plugins/jwt/handler.lua b/kong/plugins/jwt/handler.lua index 6278406a9aa3..dc5e8b1d6c04 100644 --- a/kong/plugins/jwt/handler.lua +++ b/kong/plugins/jwt/handler.lua @@ -114,7 +114,7 @@ local function set_consumer(consumer, credential, token) if credential then kong.ctx.shared.authenticated_jwt_token = token -- TODO: wrap in a PDK function? - ngx.ctx.authenticated_jwt_token = token -- backward compatibilty only + ngx.ctx.authenticated_jwt_token = token -- backward compatibility only if credential.username then set_header(constants.HEADERS.CREDENTIAL_USERNAME, credential.username) @@ -161,6 +161,8 @@ local function do_authentication(conf) local jwt_secret_key = claims[conf.key_claim_name] or header[conf.key_claim_name] if not jwt_secret_key then return false, { status = 401, message = "No mandatory '" .. conf.key_claim_name .. "' in claims" } + elseif jwt_secret_key == "" then + return false, { status = 401, message = "Invalid '" .. conf.key_claim_name .. "' in claims" } end -- Retrieve the secret diff --git a/spec/03-plugins/16-jwt/03-access_spec.lua b/spec/03-plugins/16-jwt/03-access_spec.lua index 39c78a1d3e97..413d7352b91f 100644 --- a/spec/03-plugins/16-jwt/03-access_spec.lua +++ b/spec/03-plugins/16-jwt/03-access_spec.lua @@ -221,6 +221,22 @@ for _, strategy in helpers.each_strategy() do local json = cjson.decode(body) assert.same({ message = "No mandatory 'iss' in claims" }, json) end) + it("returns 401 if the claims do not contain a valid key to identify a secret", function() + PAYLOAD.iss = "" + local jwt = jwt_encoder.encode(PAYLOAD, "foo") + local authorization = "Bearer " .. jwt + local res = assert(proxy_client:send { + method = "GET", + path = "/request", + headers = { + ["Authorization"] = authorization, + ["Host"] = "jwt1.com", + } + }) + local body = assert.res_status(401, res) + local json = cjson.decode(body) + assert.same({ message = "Invalid 'iss' in claims" }, json) + end) it("returns 401 Unauthorized if the iss does not match a credential", function() PAYLOAD.iss = "123456789" local jwt = jwt_encoder.encode(PAYLOAD, jwt_secret.secret) From 8edc44536b09d8ddf474136a29082b97376dc163 Mon Sep 17 00:00:00 2001 From: Travis Raines Date: Mon, 30 Sep 2019 17:40:59 -0700 Subject: [PATCH 07/10] fix(tags) use entity count as entity index For tag-filtered queries in Cassandra, use the current entity count as the entity table index rather than the row iteration counter. If some entities are excluded from the table, this ensures that no table indices have a nil value. Kong Enterprise filters these results to exclude entities in other workspaces. --- kong/db/strategies/cassandra/init.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kong/db/strategies/cassandra/init.lua b/kong/db/strategies/cassandra/init.lua index e97fbe59ba53..4f4fdd2d28e4 100644 --- a/kong/db/strategies/cassandra/init.lua +++ b/kong/db/strategies/cassandra/init.lua @@ -1131,8 +1131,8 @@ do clear_tab(current_entity_ids) current_entity_count = 0 for i, row in ipairs(rows) do - current_entity_ids[i] = row.entity_id current_entity_count = current_entity_count + 1 + current_entity_ids[current_entity_count] = row.entity_id end end end From 53c8c0ea652d72e934cf9aaa1afe090ae9b024e3 Mon Sep 17 00:00:00 2001 From: Travis Raines Date: Mon, 7 Oct 2019 11:45:48 -0700 Subject: [PATCH 08/10] fix(dao) skip deleted entities during C* tag query Exclude entities that cannot be dereferenced from the result of dereference_rows. Tag queries in C* are a two-step process to retrieve IDs and then retrieve complete objects, and it's possible to delete entities between these steps. Returning these entities (or rather, null entries where they would be) causes errors down the line when the admin API attempts to serialize them. Because this excludes some entities that were previously in a page, this can return fewer entities than requested in a page, though offset/next page information will still be included. --- kong/db/strategies/cassandra/init.lua | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/kong/db/strategies/cassandra/init.lua b/kong/db/strategies/cassandra/init.lua index 4f4fdd2d28e4..6362984444d7 100644 --- a/kong/db/strategies/cassandra/init.lua +++ b/kong/db/strategies/cassandra/init.lua @@ -1008,6 +1008,7 @@ do if not entity_ids then return {}, nil, nil end + local entity_index = 0 entity_count = entity_count or #entity_ids local entities = new_tab(entity_count, 0) -- TODO: send one query using IN @@ -1017,7 +1018,10 @@ do if err then return nil, err, err_t end - entities[i] = entity + if entity then + entity_index = entity_index + 1 + entities[entity_index] = entity + end end return entities, nil, nil end From 062bae8c3cc66fb45f10ecddddb3abfd06582670 Mon Sep 17 00:00:00 2001 From: Darren Jennings Date: Tue, 15 Oct 2019 12:30:08 -0400 Subject: [PATCH 09/10] fix(dao) make C* serializer use "number", not "float" (#5129) * float doesn't exist as a schema field. Aligns C* with postgres --- kong/db/strategies/cassandra/init.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kong/db/strategies/cassandra/init.lua b/kong/db/strategies/cassandra/init.lua index 6362984444d7..e8f148146c87 100644 --- a/kong/db/strategies/cassandra/init.lua +++ b/kong/db/strategies/cassandra/init.lua @@ -285,7 +285,7 @@ local function serialize_arg(field, arg) elseif field.type == "integer" then serialized_arg = cassandra.int(arg) - elseif field.type == "float" then + elseif field.type == "number" then serialized_arg = cassandra.float(arg) elseif field.type == "boolean" then From 20a75750c079941ce04c95952d09ad05f844810e Mon Sep 17 00:00:00 2001 From: Hisham Muhammad Date: Tue, 15 Oct 2019 17:18:33 -0300 Subject: [PATCH 10/10] hotfix(tests) initialize global `kong` for PDK based plugins (#5130) Fix build error triggered by update of response-transformer plugin. --- spec/01-unit/01-db/01-schema/07-plugins_spec.lua | 1 + spec/01-unit/12-plugins_order_spec.lua | 1 + spec/01-unit/13-plugins_version_spec.lua | 1 + 3 files changed, 3 insertions(+) diff --git a/spec/01-unit/01-db/01-schema/07-plugins_spec.lua b/spec/01-unit/01-db/01-schema/07-plugins_spec.lua index 71b76ef1280d..18491b6d4e8d 100644 --- a/spec/01-unit/01-db/01-schema/07-plugins_spec.lua +++ b/spec/01-unit/01-db/01-schema/07-plugins_spec.lua @@ -1,3 +1,4 @@ +require "spec.helpers" -- initializes 'kong' global for plugins local Entity = require "kong.db.schema.entity" local typedefs = require "kong.db.schema.typedefs" local utils = require "kong.tools.utils" diff --git a/spec/01-unit/12-plugins_order_spec.lua b/spec/01-unit/12-plugins_order_spec.lua index 5f172b81fa29..86628b3ae3eb 100644 --- a/spec/01-unit/12-plugins_order_spec.lua +++ b/spec/01-unit/12-plugins_order_spec.lua @@ -1,3 +1,4 @@ +require "spec.helpers" -- initializes 'kong' global for plugins local conf_loader = require "kong.conf_loader" diff --git a/spec/01-unit/13-plugins_version_spec.lua b/spec/01-unit/13-plugins_version_spec.lua index 06a7c635652b..dcccb7deff41 100644 --- a/spec/01-unit/13-plugins_version_spec.lua +++ b/spec/01-unit/13-plugins_version_spec.lua @@ -1,3 +1,4 @@ +require "spec.helpers" -- initializes 'kong' global for plugins local conf_loader = require "kong.conf_loader"