diff --git a/.bazelrc b/.bazelrc index 4b6f5b0aca84..4e9527d3ce19 100644 --- a/.bazelrc +++ b/.bazelrc @@ -44,6 +44,7 @@ build:release --//:debug=false build:release --//:licensing=true build:release --action_env=BUILD_NAME=kong-dev build:release --action_env=INSTALL_DESTDIR=/usr/local +build:release --compilation_mode=opt build --spawn_strategy=local diff --git a/.github/matrix-commitly.yml b/.github/matrix-commitly.yml index 4b8db4195121..ca0328973cbe 100644 --- a/.github/matrix-commitly.yml +++ b/.github/matrix-commitly.yml @@ -15,6 +15,7 @@ smoke-tests: - label: ubuntu scan-vulnerabilities: +- label: ubuntu release-packages: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index fdf49e3d3edc..407ff0063460 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -123,7 +123,7 @@ jobs: if: matrix.label == 'centos-7' || matrix.label == 'rhel-7' run: | echo "/usr/local/git/bin" >> $GITHUB_PATH - yum install -y which + yum install -y which zlib-devel - name: Checkout Kong source code uses: actions/checkout@v3 @@ -151,7 +151,7 @@ jobs: if: matrix.package == 'deb' && steps.cache-deps.outputs.cache-hit != 'true' run: | sudo apt-get update && sudo apt-get install libyaml-dev -y - + - name: Install Ubuntu Cross Build Dependencies (arm64) if: matrix.package == 'deb' && steps.cache-deps.outputs.cache-hit != 'true' && endsWith(matrix.label, 'arm64') run: | @@ -323,6 +323,70 @@ jobs: Docker image available `${{ needs.metadata.outputs.prerelease-docker-repository }}:${{ github.sha }}` Artifacts available https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} + scan: + name: Scan - ${{ matrix.label }} + needs: [metadata, build-images] + runs-on: ubuntu-22.04 + if: |- + always() + && fromJSON(needs.metadata.outputs.matrix)['scan-vulnerabilities'] != '' + && needs.build-images.result == 'success' + && (github.event_name != 'pull_request' || (github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]')) + strategy: + fail-fast: false + matrix: + include: "${{ fromJSON(needs.metadata.outputs.matrix)['scan-vulnerabilities'] }}" + env: + IMAGE: ${{ needs.metadata.outputs.prerelease-docker-repository }}:${{ github.sha }}-${{ matrix.label }} + steps: + - name: Install regctl + uses: regclient/actions/regctl-installer@main + + - name: Login to Docker Hub + if: ${{ env.HAS_ACCESS_TO_GITHUB_TOKEN }} + uses: docker/login-action@bc135a1993a1d0db3e9debefa0cfcb70443cc94c + with: + username: ${{ secrets.GHA_DOCKERHUB_PUSH_USER }} + password: ${{ secrets.GHA_KONG_ORG_DOCKERHUB_PUSH_TOKEN }} + + # TODO: Refactor matrix file to support and parse platforms specific to distro + # Workaround: Look for specific amd64 and arm64 hardcooded architectures + - name: Parse Architecture Specific Image Manifest Digests + id: image_manifest_metadata + run: | + manifest_list_exists="$( + if regctl manifest get "${IMAGE}" --format raw-body --require-list -v panic &> /dev/null; then + echo true + else + echo false + fi + )" + echo "manifest_list_exists=$manifest_list_exists" + echo "manifest_list_exists=$manifest_list_exists" >> $GITHUB_OUTPUT + + amd64_sha="$(regctl image digest "${IMAGE}" --platform linux/amd64 || echo '')" + arm64_sha="$(regctl image digest "${IMAGE}" --platform linux/arm64 || echo '')" + echo "amd64_sha=$amd64_sha" + echo "amd64_sha=$amd64_sha" >> $GITHUB_OUTPUT + echo "arm64_sha=$arm64_sha" + echo "arm64_sha=$arm64_sha" >> $GITHUB_OUTPUT + + - name: Scan AMD64 Image digest + id: sbom_action_amd64 + if: steps.image_manifest_metadata.outputs.amd64_sha != '' + uses: Kong/public-shared-actions/security-actions/scan-docker-image@b2e4a29d30382e1cceeda8df1e8b8bee65bef39b + with: + asset_prefix: kong-${{ github.sha }}-${{ matrix.label }}-linux-amd64 + image: ${{env.IMAGE}}@${{ steps.image_manifest_metadata.outputs.amd64_sha }} + + - name: Scan ARM64 Image digest + if: steps.image_manifest_metadata.outputs.manifest_list_exists == 'true' && steps.image_manifest_metadata.outputs.arm64_sha != '' + id: sbom_action_arm64 + uses: Kong/public-shared-actions/security-actions/scan-docker-image@b2e4a29d30382e1cceeda8df1e8b8bee65bef39b + with: + asset_prefix: kong-${{ github.sha }}-${{ matrix.label }}-linux-arm64 + image: ${{env.IMAGE}}@${{ steps.image_manifest_metadata.outputs.arm64_sha }} + smoke-tests: name: Smoke Tests - ${{ matrix.label }} needs: [metadata, build-images] @@ -350,6 +414,7 @@ jobs: env: KONG_ADMIN_URI: http://localhost:8001 + KONG_ADMIN_HTTP2_URI: https://localhost:8444 KONG_PROXY_URI: http://localhost:8000 steps: @@ -365,9 +430,9 @@ jobs: # always pull the latest image to ensure we're testing the latest version. run: | docker run \ - -p 8000:8000 -p 8001:8001 \ + -p 8000:8000 -p 8001:8001 -p 8444:8444\ -e KONG_PG_PASSWORD=kong \ - -e KONG_ADMIN_LISTEN=0.0.0.0:8001 \ + -e KONG_ADMIN_LISTEN="0.0.0.0:8001, 0.0.0.0:8444 ssl http2" \ -e KONG_ANONYMOUS_REPORTS=off \ --name kong \ --restart always \ @@ -378,36 +443,20 @@ jobs: sleep 3 docker logs kong - - name: Smoke Tests - Admin API - run: build/tests/01-admin-api.sh - - scan-vulnerabilities: - name: Scan Vulnerabilities - ${{ matrix.label }} - needs: [metadata, build-images] - runs-on: ubuntu-22.04 - if: |- - fromJSON(needs.metadata.outputs.matrix)['scan-vulnerabilities'] != '' - && (github.event_name != 'pull_request' || (github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]')) - - strategy: - # runs all jobs sequentially - max-parallel: 1 - fail-fast: false - matrix: - include: "${{ fromJSON(needs.metadata.outputs.matrix)['scan-vulnerabilities'] }}" + - name: Smoke Tests - Base Tests + env: + VERBOSE: ${{ runner.debug == '1' && '1' || '' }} + run: build/tests/01-base.sh - steps: - - name: Checkout code - uses: actions/checkout@v3 + - name: Smoke Tests - Admin API + env: + VERBOSE: ${{ runner.debug == '1' && '1' || '' }} + run: build/tests/02-admin-api.sh - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5 # v0.8.0 - env: - TRIVY_USERNAME: ${{ secrets.GHA_DOCKERHUB_PUSH_USER }} - TRIVY_PASSWORD: ${{ secrets.GHA_KONG_ORG_DOCKERHUB_PUSH_TOKEN }} - with: - image-ref: ${{ env.PRERELEASE_DOCKER_REPOSITORY }}:${{ github.sha }}-${{ matrix.label }} - severity: 'CRITICAL,HIGH' + - name: Smoke Tests - HTTP2 Admin API + env: + VERBOSE: ${{ runner.debug == '1' && '1' || '' }} + run: build/tests/03-http2-admin-api.sh release-packages: name: Release Packages - ${{ matrix.label }} - ${{ needs.metadata.outputs.release-desc }} @@ -433,9 +482,20 @@ jobs: name: ${{ matrix.artifact-from }}-packages path: bazel-bin/pkg + - name: Set package architecture + id: pkg-arch + run: | + arch='amd64' + if [[ '${{ matrix.label }}' == *'arm64' ]]; then + arch='arm64' + fi + echo "arch=$arch" + echo "arch=$arch" >> $GITHUB_OUTPUT + - name: Upload Packages to PULP env: - OFFICIAL_RELEASE: ${{ github.event.inputs.official == true }} + ARCHITECTURE: ${{ steps.pkg-arch.outputs.arch }} + OFFICIAL_RELEASE: ${{ github.event.inputs.official }} PULP_HOST: https://api.download.konghq.com PULP_USERNAME: admin # PULP_PASSWORD: ${{ secrets.PULP_DEV_PASSWORD }} @@ -492,6 +552,9 @@ jobs: latest=false suffix=-${{ matrix.label }} + - name: Install regctl + uses: regclient/actions/regctl-installer@b6614f5f56245066b533343a85f4109bdc38c8cc + - name: Push Images env: TAGS: "${{ steps.meta.outputs.tags }}" @@ -499,6 +562,5 @@ jobs: PRERELEASE_IMAGE=${{ env.PRERELEASE_DOCKER_REPOSITORY }}:${{ github.sha }}-${{ matrix.label }} docker pull $PRERELEASE_IMAGE for tag in $TAGS; do - docker tag $PRERELEASE_IMAGE $tag - docker push $tag + regctl -v debug image copy $PRERELEASE_IMAGE $tag done diff --git a/.requirements b/.requirements index 3e31a1ea4b9d..781115a27582 100644 --- a/.requirements +++ b/.requirements @@ -4,7 +4,7 @@ KONG_LICENSE="ASL 2.0" RESTY_VERSION=1.21.4.1 RESTY_LUAROCKS_VERSION=3.9.2 -RESTY_OPENSSL_VERSION=1.1.1s +RESTY_OPENSSL_VERSION=1.1.1t RESTY_PCRE_VERSION=8.45 RESTY_LMDB_VERSION=1.0.0 RESTY_EVENTS_VERSION=0.1.3 diff --git a/CHANGELOG.md b/CHANGELOG.md index af9b1903d5f0..b3dd306fa307 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,8 @@ # Table of Contents +- [3.2.2](#322) +- [3.2.1](#321) +- [3.2.0](#320) - [3.1.0](#310) - [3.0.1](#301) - [3.0.0](#300) @@ -67,7 +70,37 @@ - [0.9.9 and prior](#099---20170202) -## Unreleased +## 3.2.2 + +> Released 2023/03/16 + +### Dependencies + +- Bumped lua-resty-session from 4.0.2 to 4.0.3 + [#10338](https://github.com/Kong/kong/pull/10338) + +### Fixes + +#### Core + +- Fixed an issue where dangling Unix sockets would prevent Kong from restarting in + Docker containers if it was not cleanly stopped. + [#10481](https://github.com/Kong/kong/pull/10481) + +[Back to TOC](#table-of-contents) + +### 3.2.1 + +#### Core + +- Fix an issue where control plane does not downgrade config for `aws_lambda` and `zipkin` for older version of data planes. + [#10346](https://github.com/Kong/kong/pull/10346) +- Fix an issue where control plane does not rename fields correctly for `session` for older version of data planes. + [#10352](https://github.com/Kong/kong/pull/10352) +- Fix an issue where validation to regex routes may be skipped when the old-fashioned config is used for DB-less Kong. + [#10348](https://github.com/Kong/kong/pull/10348) + +## 3.2.0 ### Breaking Changes @@ -79,6 +112,10 @@ For that reason it is advisable that during upgrades mixed versions of proxy nodes run for as little as possible. During that time, the invalid sessions could cause failures and partial downtime. All existing sessions are invalidated when upgrading to this version. + The parameter `idling_timeout` now has a default value of 900: unless configured differently, + sessions expire after 900 seconds (15 minutes) of idling. + The parameter `absolute_timeout` has a default value of 86400: unless configured differently, + sessions expire after 86400 seconds (24 hours). [#10199](https://github.com/Kong/kong/pull/10199) ### Additions @@ -146,7 +183,10 @@ - Fix an issue where after a valid declarative configuration is loaded, the configuration hash is incorrectly set to the value: `00000000000000000000000000000000`. [#9911](https://github.com/Kong/kong/pull/9911) - [#10046](https://github.com/Kong/kong/pull/10046) +- Update the batch queues module so that queues no longer grow without bounds if + their consumers fail to process the entries. Instead, old batches are now dropped + and an error is logged. + [#10247](https://github.com/Kong/kong/pull/10247) - Fix an issue where 'X-Kong-Upstream-Status' cannot be emitted when response is buffered. [#10056](https://github.com/Kong/kong/pull/10056) @@ -167,11 +207,26 @@ [#10160](https://github.com/Kong/kong/pull/10160) - For `http.flavor`. It should be a string value, not a double. [#10160](https://github.com/Kong/kong/pull/10160) +- **OpenTelemetry**: Fix a bug that when getting the trace of other formats, the trace ID reported and propagated could be of incorrect length. + [#10332](https://github.com/Kong/kong/pull/10332) - **OAuth2**: `refresh_token_ttl` is now limited between `0` and `100000000` by schema validator. Previously numbers that are too large causes requests to fail. [#10068](https://github.com/Kong/kong/pull/10068) ### Changed +#### Core + +- Improve error message for invalid JWK entities. + [#9904](https://github.com/Kong/kong/pull/9904) +- Renamed two configuration properties: + * `opentelemetry_tracing` => `tracing_instrumentations` + * `opentelemetry_tracing_sampling_rate` => `tracing_sampling_rate` + + The old `opentelemetry_*` properties are considered deprecated and will be + fully removed in a future version of Kong. + [#10122](https://github.com/Kong/kong/pull/10122) + [#10220](https://github.com/Kong/kong/pull/10220) + #### Hybrid Mode - Revert the removal of WebSocket protocol support for configuration sync, @@ -191,13 +246,19 @@ [#10144](https://github.com/Kong/kong/pull/10144) - Bumped lua-kong-nginx-module from 0.5.0 to 0.5.1 [#10181](https://github.com/Kong/kong/pull/10181) -- Bumped lua-resty-session from 3.10 to 4.0.0 +- Bumped lua-resty-session from 3.10 to 4.0.2 [#10199](https://github.com/Kong/kong/pull/10199) + [#10230](https://github.com/Kong/kong/pull/10230) + [#10308](https://github.com/Kong/kong/pull/10308) +- Bumped OpenSSL from 1.1.1s to 1.1.1t + [#10266](https://github.com/Kong/kong/pull/10266) +- Bumped lua-resty-timer-ng from 0.2.0 to 0.2.3 + [#10265](https://github.com/Kong/kong/pull/10265) #### Core -- Improve error message for invalid jwk entries - +- Improve error message for invalid jwk entries. + [#9904](https://github.com/Kong/kong/pull/9904) ## 3.1.0 @@ -7789,6 +7850,9 @@ First version running with Cassandra. [Back to TOC](#table-of-contents) +[3.2.2]: https://github.com/Kong/kong/compare/3.2.1...3.2.2 +[3.2.1]: https://github.com/Kong/kong/compare/3.2.0...3.2.1 +[3.2.0]: https://github.com/Kong/kong/compare/3.1.0...3.2.0 [3.1.0]: https://github.com/Kong/kong/compare/3.0.1...3.1.0 [3.0.1]: https://github.com/Kong/kong/compare/3.0.0...3.0.1 [3.0.0]: https://github.com/Kong/kong/compare/2.8.1...3.0.0 diff --git a/build/cross_deps/zlib/repositories.bzl b/build/cross_deps/zlib/repositories.bzl index cd6e78ec2621..3185b65222a8 100644 --- a/build/cross_deps/zlib/repositories.bzl +++ b/build/cross_deps/zlib/repositories.bzl @@ -8,7 +8,10 @@ def zlib_repositories(): http_archive( name = "cross_deps_zlib", - url = "https://zlib.net/zlib-1.2.13.tar.gz", + urls = [ + "https://zlib.net/zlib-1.2.13.tar.gz", + "https://zlib.net/fossils/zlib-1.2.13.tar.gz", + ], sha256 = "b3a24de97a8fdbc835b9833169501030b8977031bcb54b3b3ac13740f846ab30", strip_prefix = "zlib-1.2.13", build_file = "//build/cross_deps/zlib:BUILD.zlib.bazel", diff --git a/build/dockerfiles/entrypoint.sh b/build/dockerfiles/entrypoint.sh index f4f2a499b777..4aa71dedaa1d 100755 --- a/build/dockerfiles/entrypoint.sh +++ b/build/dockerfiles/entrypoint.sh @@ -44,6 +44,22 @@ if [[ "$1" == "kong" ]]; then if [[ "$2" == "docker-start" ]]; then kong prepare -p "$PREFIX" "$@" + # remove all dangling sockets in $PREFIX dir before starting Kong + LOGGED_SOCKET_WARNING=0 + for localfile in "$PREFIX"/*; do + if [ -S "$localfile" ]; then + if (( LOGGED_SOCKET_WARNING == 0 )); then + printf >&2 'WARN: found dangling unix sockets in the prefix directory ' + printf >&2 '(%q) ' "$PREFIX" + printf >&2 'while preparing to start Kong. This may be a sign that Kong ' + printf >&2 'was previously shut down uncleanly or is in an unknown state ' + printf >&2 'and could require further investigation.\n' + LOGGED_SOCKET_WARNING=1 + fi + rm -f "$localfile" + fi + done + ln -sfn /dev/stdout $PREFIX/logs/access.log ln -sfn /dev/stdout $PREFIX/logs/admin_access.log ln -sfn /dev/stderr $PREFIX/logs/error.log diff --git a/build/kong_bindings.bzl b/build/kong_bindings.bzl index 61b8d1caa1f3..f44ddd2ccfde 100644 --- a/build/kong_bindings.bzl +++ b/build/kong_bindings.bzl @@ -74,5 +74,7 @@ load_bindings = repository_rule( environ = [ "BUILD_NAME", "INSTALL_DESTDIR", + "RPM_SIGNING_KEY_FILE", + "NFPM_RPM_PASSPHRASE", ], ) diff --git a/build/openresty/BUILD.openresty.bazel b/build/openresty/BUILD.openresty.bazel index 9dbbbf7f31d0..ebe2f86af2cd 100644 --- a/build/openresty/BUILD.openresty.bazel +++ b/build/openresty/BUILD.openresty.bazel @@ -126,7 +126,7 @@ CONFIGURE_OPTIONS = [ ] + select({ "@kong//:arm64-linux-gnu-cross": [ "--crossbuild=Linux:aarch64", - "--with-endian=le", + "--with-endian=little", "--with-int=4", "--with-long=8", "--with-long-long=8", @@ -139,7 +139,7 @@ CONFIGURE_OPTIONS = [ ], "@kong//:x86_64-linux-musl-cross": [ "--crossbuild=Linux:x86_64", - "--with-endian=le", + "--with-endian=little", "--with-int=4", "--with-long=8", "--with-long-long=8", diff --git a/build/openresty/openssl/openssl_repositories.bzl b/build/openresty/openssl/openssl_repositories.bzl index 0a5d7818e21c..0298a7f3d88f 100644 --- a/build/openresty/openssl/openssl_repositories.bzl +++ b/build/openresty/openssl/openssl_repositories.bzl @@ -12,7 +12,7 @@ def openssl_repositories(): http_archive, name = "openssl", build_file = "//build/openresty/openssl:BUILD.openssl.bazel", - sha256 = "c5ac01e760ee6ff0dab61d6b2bbd30146724d063eb322180c6f18a6f74e4b6aa", + sha256 = "8dee9b24bdb1dcbf0c3d1e9b02fb8f6bf22165e807f45adeb7c9677536859d3b", strip_prefix = "openssl-" + version, urls = [ "https://www.openssl.org/source/openssl-" + version + ".tar.gz", diff --git a/build/openresty/patches/nginx-cross-endianness-fix.patch b/build/openresty/patches/nginx-cross-endianness-fix.patch new file mode 100644 index 000000000000..6dcf74d214db --- /dev/null +++ b/build/openresty/patches/nginx-cross-endianness-fix.patch @@ -0,0 +1,79 @@ +# http://cgit.openembedded.org/meta-openembedded/tree/meta-webserver/recipes-httpd/nginx/files/0001-Allow-the-overriding-of-the-endianness-via-the-confi.patch +From be9970aa16c5142ef814531d74a07990a8e9eb14 Mon Sep 17 00:00:00 2001 +From: Derek Straka +Date: Fri, 1 Dec 2017 10:32:29 -0500 +Subject: [PATCH] Allow the overriding of the endianness via the configure flag + --with-endian + +The existing configure options contain the --with-endian; however, the command +line flag does not actually function. It does not set the endianness and it +appears to do nothing. + +Upstream-Status: Pending + +Signed-off-by: Derek Straka + +diff --git a/auto/endianness b/auto/endianness +index 1b552b6..be84487 100644 +--- a/bundle/nginx-1.21.4/endianness ++++ b/bundle/nginx-1.21.4/auto/endianness +@@ -13,7 +13,13 @@ checking for system byte ordering + END + + +-cat << END > $NGX_AUTOTEST.c ++if [ ".$NGX_WITH_ENDIAN" = ".little" ]; then ++ echo " little endian" ++ have=NGX_HAVE_LITTLE_ENDIAN . auto/have ++elif [ ".$NGX_WITH_ENDIAN" = ".big" ]; then ++ echo " big endian" ++else ++ cat << END > $NGX_AUTOTEST.c + + int main(void) { + int i = 0x11223344; +@@ -26,25 +32,26 @@ int main(void) { + + END + +-ngx_test="$CC $CC_TEST_FLAGS $CC_AUX_FLAGS \ +- -o $NGX_AUTOTEST $NGX_AUTOTEST.c $NGX_LD_OPT $ngx_feature_libs" ++ ngx_test="$CC $CC_TEST_FLAGS $CC_AUX_FLAGS \ ++ -o $NGX_AUTOTEST $NGX_AUTOTEST.c $NGX_LD_OPT $ngx_feature_libs" + +-eval "$ngx_test >> $NGX_AUTOCONF_ERR 2>&1" ++ eval "$ngx_test >> $NGX_AUTOCONF_ERR 2>&1" + +-if [ -x $NGX_AUTOTEST ]; then +- if $NGX_AUTOTEST >/dev/null 2>&1; then +- echo " little endian" +- have=NGX_HAVE_LITTLE_ENDIAN . auto/have +- else +- echo " big endian" +- fi ++ if [ -x $NGX_AUTOTEST ]; then ++ if $NGX_AUTOTEST >/dev/null 2>&1; then ++ echo " little endian" ++ have=NGX_HAVE_LITTLE_ENDIAN . auto/have ++ else ++ echo " big endian" ++ fi + +- rm -rf $NGX_AUTOTEST* ++ rm -rf $NGX_AUTOTEST* + +-else +- rm -rf $NGX_AUTOTEST* ++ else ++ rm -rf $NGX_AUTOTEST* + +- echo +- echo "$0: error: cannot detect system byte ordering" +- exit 1 ++ echo ++ echo "$0: error: cannot detect system byte ordering" ++ exit 1 ++ fi + fi +-- +2.7.4 \ No newline at end of file diff --git a/build/openresty/patches/ngx_lua-0.10.21_02-dyn_upstream_keepalive.patch b/build/openresty/patches/ngx_lua-0.10.21_02-dyn_upstream_keepalive.patch index 71b6d580d384..84304498b42e 100644 --- a/build/openresty/patches/ngx_lua-0.10.21_02-dyn_upstream_keepalive.patch +++ b/build/openresty/patches/ngx_lua-0.10.21_02-dyn_upstream_keepalive.patch @@ -673,7 +673,7 @@ index f71a3e00..0d403716 100644 + + items = (ngx_http_lua_balancer_keepalive_item_t *) (&upool->free + 1); + -+ ngx_http_lua_assert((void *) items == ngx_align_ptr(items, NGX_ALIGNMENT)); ++ + + for (i = 0; i < cpool_size; i++) { + ngx_queue_insert_head(&upool->free, &items[i].queue); diff --git a/build/repositories.bzl b/build/repositories.bzl index 43b47882d00d..7e9478ae8501 100644 --- a/build/repositories.bzl +++ b/build/repositories.bzl @@ -70,6 +70,8 @@ def _github_release_impl(ctx): if os_arch == "aarch64": os_arch = "arm64" + elif os_arch == "x86_64": + os_arch = "amd64" elif os_arch != "amd64": fail("Unsupported arch %s" % os_arch) diff --git a/build/tests/01-admin-api.sh b/build/tests/01-admin-api.sh deleted file mode 100755 index ac86a7cc194b..000000000000 --- a/build/tests/01-admin-api.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/usr/bin/env bash - -source .requirements -source build/tests/util.sh - -kong_ready - -msg_test "Check admin API is alive" -assert_response "$KONG_ADMIN_URI" "200" - -msg_test "Create a service" -assert_response "-d name=testservice -d url=http://127.0.0.1:8001 $KONG_ADMIN_URI/services" "201" - -msg_test "List services" -assert_response "$KONG_ADMIN_URI/services" "200" - -msg_test "Create a route" -assert_response "-d name=testroute -d paths=/anything $KONG_ADMIN_URI/services/testservice/routes" "201" - -msg_test "List routes" -assert_response "$KONG_ADMIN_URI/services/testservice/routes" "200" - -msg_test "List services" -assert_response "$KONG_ADMIN_URI/services" "200" - -msg_test "Proxy a request" -assert_response "$KONG_PROXY_URI/anything" "200" - -if [[ "$EDITION" == "enterprise" ]]; then - it_runs_free_enterprise -fi diff --git a/build/tests/01-base.sh b/build/tests/01-base.sh new file mode 100755 index 000000000000..324fb11ff869 --- /dev/null +++ b/build/tests/01-base.sh @@ -0,0 +1,129 @@ +#!/usr/bin/env bash + +if [ -n "${VERBOSE:-}" ]; then + set -x +fi + +source .requirements +source build/tests/util.sh + +### +# +# user/group +# +### + +# a missing kong user can indicate that the post-install script on rpm/deb +# platforms failed to run properly +msg_test '"kong" user exists' +assert_exec 0 'root' 'getent passwd kong' + +msg_test '"kong" group exists' +assert_exec 0 'root' 'getent group kong' + +### +# +# files and ownership +# +### + +msg_test "/usr/local/kong exists and is owned by kong:root" +assert_exec 0 'kong' "test -O /usr/local/kong || ( rc=\$?; stat '${path}'; exit \$rc )" +assert_exec 0 'root' "test -G /usr/local/kong || ( rc=\$?; stat '${path}'; exit \$rc )" + +msg_test "/usr/local/bin/kong exists and is owned by kong:root" +assert_exec 0 'kong' "test -O /usr/local/kong || ( rc=\$?; stat '${path}'; exit \$rc )" +assert_exec 0 'root' "test -G /usr/local/kong || ( rc=\$?; stat '${path}'; exit \$rc )" + +if alpine; then + # we have never produced real .apk package files for alpine and thus have + # never depended on the kong user/group chown that happens in the + # postinstall script(s) for other package types + # + # if we ever do the work to support real .apk files (with read postinstall + # scripts), we will need to this test + msg_yellow 'skipping file and ownership tests on alpine' +else + for path in \ + /usr/local/bin/luarocks \ + /usr/local/etc/luarocks/ \ + /usr/local/lib/{lua,luarocks}/ \ + /usr/local/openresty/ \ + /usr/local/share/lua/; do + msg_test "${path} exists and is owned by kong:kong" + assert_exec 0 'kong' "test -O ${path} || ( rc=\$?; stat '${path}'; exit \$rc )" + assert_exec 0 'kong' "test -G ${path} || ( rc=\$?; stat '${path}'; exit \$rc )" + done +fi + +msg_test 'default conf file exists and is not empty' +assert_exec 0 'root' "test -s /etc/kong/kong.conf.default" + +msg_test 'default logrotate file exists and is not empty' +assert_exec 0 'root' "test -s /etc/kong/kong.logrotate" + +msg_test 'plugin proto file exists and is not empty' +assert_exec 0 'root' "test -s /usr/local/kong/include/kong/pluginsocket.proto" + +msg_test 'protobuf files exist and are not empty' +assert_exec 0 'root' "for f in /usr/local/kong/include/google/protobuf/*.proto; do test -s \$f; done" + +msg_test 'ssl header files exist and are not empty' +assert_exec 0 'root' "for f in /usr/local/kong/include/openssl/*.h; do test -s \$f; done" + +### +# +# OpenResty binaries/tools +# +### + +msg_test 'openresty binary is expected version' +assert_exec 0 'root' "/usr/local/openresty/bin/openresty -v 2>&1 | grep '${RESTY_VERSION}'" + +# linking to a non-kong-provided luajit library can indicate the package was +# created on a dev workstation where luajit/openresty was installed manually +# and probably shouldn't be shipped to customers +msg_test 'openresty binary is linked to kong-provided luajit library' +assert_exec 0 'root' "ldd /usr/local/openresty/bin/openresty | grep -E 'libluajit-.*openresty/luajit/lib'" + +# if libpcre appears in the ldd output for the openresty binary, static linking +# of it during the compile of openresty may have failed +msg_test 'openresty binary is NOT linked to external PCRE' +assert_exec 0 'root' "ldd /usr/local/openresty/bin/openresty | grep -ov 'libpcre.so'" + +msg_test 'openresty binary compiled with LuaJIT PCRE support' +assert_exec 0 'root' "/usr/local/openresty/bin/openresty -V 2>&1 | grep '\-\-with-pcre-jit'" + +msg_test 'resty CLI can be run by kong user' +assert_exec 0 'kong' "/usr/local/openresty/bin/resty -e 'print(jit.version)'" + +msg_test 'resty CLI functions and returns valid version of LuaJIT' +assert_exec 0 'root' "/usr/local/openresty/bin/resty -e 'print(jit.version)' | grep -E 'LuaJIT\ ([0-9]\.*){3}\-20[0-9]+'" + +### +# +# SSL verification +# +### + +# check which ssl openresty is using +if docker_exec root '/usr/local/openresty/bin/openresty -V 2>&1' | grep 'BoringSSL'; then + msg_test 'openresty binary uses expected boringssl version' + assert_exec 0 'root' "/usr/local/openresty/bin/openresty -V 2>&1 | grep '${RESTY_BORINGSSL_VERSION}'" +else + msg_test 'openresty binary uses expected openssl version' + assert_exec 0 'root' "/usr/local/openresty/bin/openresty -V 2>&1 | grep '${RESTY_OPENSSL_VERSION}'" +fi + +msg_test 'openresty binary is linked to kong-provided ssl libraries' +assert_exec 0 'root' "ldd /usr/local/openresty/bin/openresty | grep -E 'libssl.so.*kong/lib'" +assert_exec 0 'root' "ldd /usr/local/openresty/bin/openresty | grep -E 'libcrypto.so.*kong/lib'" + +### +# +# LuaRocks +# +### + +msg_test 'lua-resty-websocket lua files exist and contain a version' +assert_exec 0 'root' 'grep _VERSION /usr/local/openresty/lualib/resty/websocket/*.lua' diff --git a/build/tests/02-admin-api.sh b/build/tests/02-admin-api.sh new file mode 100755 index 000000000000..89d80df7cf3c --- /dev/null +++ b/build/tests/02-admin-api.sh @@ -0,0 +1,38 @@ +#!/usr/bin/env bash + +if [ -n "${VERBOSE:-}" ]; then + set -x +fi + +source .requirements +source build/tests/util.sh + +service_name="$(random_string)" +route_name="$(random_string)" + +kong_ready + +msg_test "Check admin API is alive" +assert_response "${KONG_ADMIN_URI}" "200" + +msg_test "Create a service" +assert_response "-d name=${service_name} -d url=http://127.0.0.1:8001 ${KONG_ADMIN_URI}/services" "201" + +msg_test "List services" +assert_response "${KONG_ADMIN_URI}/services" "200" + +msg_test "Create a route" +assert_response "-d name=${route_name} -d paths=/anything ${KONG_ADMIN_URI}/services/${service_name}/routes" "201" + +msg_test "List routes" +assert_response "${KONG_ADMIN_URI}/services/${service_name}/routes" "200" + +msg_test "List services" +assert_response "${KONG_ADMIN_URI}/services" "200" + +msg_test "Proxy a request" +assert_response "${KONG_PROXY_URI}/anything" "200" + +if [[ "$EDITION" == "enterprise" ]]; then + it_runs_free_enterprise +fi diff --git a/build/tests/03-http2-admin-api.sh b/build/tests/03-http2-admin-api.sh new file mode 100755 index 000000000000..c60d63fa3334 --- /dev/null +++ b/build/tests/03-http2-admin-api.sh @@ -0,0 +1,18 @@ +#!/usr/bin/env bash + +if [ -n "${VERBOSE:-}" ]; then + set -x +fi + +source .requirements +source build/tests/util.sh + +kong_ready + +msg_test "Check if cURL supports HTTP/2" +if ! curl --version | grep -i "http2" > /dev/null; then + err_exit " local cURL does not support HTTP/2" +fi + +msg_test "Check HTTP/2 Admin API response is valid" +admin_api_http2_validity diff --git a/build/tests/util.sh b/build/tests/util.sh index 33ee19560c7c..18c882033477 100755 --- a/build/tests/util.sh +++ b/build/tests/util.sh @@ -1,8 +1,15 @@ #!/usr/bin/env bash KONG_ADMIN_URI=${KONG_ADMIN_URI:-"http://localhost:8001"} +KONG_ADMIN_HTTP2_URI=${KONG_ADMIN_HTTP2_URI:-"https://localhost:8444"} KONG_PROXY_URI=${KONG_PROXY_URI:-"http://localhost:8000"} +set_x_flag='' +if [ -n "${VERBOSE:-}" ]; then + set -x + set_x_flag='-x' +fi + msg_test() { builtin echo -en "\033[1;34m" >&1 echo -n "===> " @@ -28,51 +35,140 @@ err_exit() { exit 1 } +random_string() { + echo "a$(shuf -er -n19 {A..Z} {a..z} {0..9} | tr -d '\n')" +} + kong_ready() { local TIMEOUT_SECONDS=$((15)) - while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' localhost:8000)" != 404 ]]; do + while [[ "$(curl -s -o /dev/null -w "%{http_code}" localhost:8000)" != 404 ]]; do sleep 5; COUNTER=$((COUNTER + 5)) - if (($COUNTER >= $TIMEOUT_SECONDS)) + if (( COUNTER >= TIMEOUT_SECONDS )) then - printf "\xe2\x98\x93 ERROR: Timed out waiting for $KONG" + printf '\xe2\x98\x93 ERROR: Timed out waiting for %s' "$KONG" exit 1 fi done } +docker_exec() { + local user="${1:-kong}" + + shift + + test -t 1 && USE_TTY='-t' + + # shellcheck disable=SC2086 + docker exec --user="$user" ${USE_TTY} kong sh ${set_x_flag} -c "$@" +} + +_os() { + local os="$1" + + if docker_exec 'root' 'uname -a' | grep -qsi "$os"; then + return + else + docker_exec 'root' "grep -qsi '${os}' /etc/os-release" + return $? + fi +} + +alpine() { + _os 'alpine' +} + +assert_same() { + local expected=$(echo "$1" | tr -d '[:space:]') + local actual=$(echo "$2" | tr -d '[:space:]') + + if [ "$expected" != "$actual" ]; then + err_exit " expected $expected, got $actual" + fi +} + +assert_contains() { + local expected=$(echo "$1" | tr -d '[:space:]') + local actual="$2" + + if ! echo "$actual" | grep -q "$expected"; then + err_exit " expected $expected in $actual but not found" + fi +} + assert_response() { local endpoint=$1 - local expected_code=$2 + local expected_codes=$2 local resp_code COUNTER=20 while : ; do - resp_code=$(curl -s -o /dev/null -w "%{http_code}" $endpoint) - [ "$resp_code" == "$expected_code" ] && break + for code in ${expected_codes}; do + # shellcheck disable=SC2086 + resp_code=$(curl -s -o /dev/null -w "%{http_code}" ${endpoint}) + [ "$resp_code" == "$code" ] && break 2 + done ((COUNTER-=1)) [ "$COUNTER" -lt 1 ] && break sleep 0.5 # 10 seconds max done - [ "$resp_code" == "$expected_code" ] || err_exit " expected $2, got $resp_code" + for code in ${expected_codes}; do + [ "$resp_code" == "$code" ] && return + done || err_exit " expected $2, got $resp_code" +} + +assert_exec() { + local expected_code="${1:-0}" + local user="${2:-kong}" + + shift 2 + + ( + docker_exec "$user" "$@" + echo "$?" > /tmp/rc + ) | while read -r line; do printf ' %s\n' "$line"; done + + rc="$(cat /tmp/rc)" + + if ! [ "$rc" == "$expected_code" ]; then + err_exit " expected ${expected_code}, got ${rc}" + fi } it_runs_free_enterprise() { - info=$(curl $KONG_ADMIN_URI) + info=$(curl "$KONG_ADMIN_URI") msg_test "it does not have ee-only plugins" - [ "$(echo $info | jq -r .plugins.available_on_server.canary)" != "true" ] + [ "$(echo "$info" | jq -r .plugins.available_on_server.canary)" != "true" ] msg_test "it does not enable vitals" - [ "$(echo $info | jq -r .configuration.vitals)" == "false" ] + [ "$(echo "$info" | jq -r .configuration.vitals)" == "false" ] msg_test "workspaces are not writable" - assert_response "$KONG_ADMIN_URI/workspaces -d name=testworkspace" "403" + assert_response "$KONG_ADMIN_URI/workspaces -d name=$(random_string)" "403" } it_runs_full_enterprise() { - info=$(curl $KONG_ADMIN_URI) + info=$(curl "$KONG_ADMIN_URI") msg_test "it does have ee-only plugins" - [ "$(echo $info | jq -r .plugins.available_on_server | jq -r 'has("canary")')" == "true" ] + [ "$(echo "$info" | jq -r .plugins.available_on_server | jq -r 'has("canary")')" == "true" ] msg_test "it does enable vitals" - [ "$(echo $info | jq -r .configuration.vitals)" == "true" ] + [ "$(echo "$info" | jq -r .configuration.vitals)" == "true" ] msg_test "workspaces are writable" - assert_response "$KONG_ADMIN_URI/workspaces -d name=testworkspace" "201" + assert_response "$KONG_ADMIN_URI/workspaces -d name=$(random_string)" "201" +} + +admin_api_http2_validity() { + output=$(mktemp) + header_dump=$(mktemp) + status=$(curl -ks -D "$header_dump" -o "$output" -w '%{http_code}' "$KONG_ADMIN_HTTP2_URI") + + msg_test "it returns with response status code 200" + assert_same "200" "$status" + + msg_test "it returns with response header content-type application/json" + assert_contains "application/json" "$(cat "$header_dump" | grep -i content-type | tr -d '[:space:]')" + + msg_test "it returns a response body with correct length" + assert_same "$(wc -c < "$output")" "$(cat "$header_dump" | grep -i content-length | cut -d' ' -f2 | tr -d '[:space:]')" + + msg_test "the response body is valid json and has valid json schema" + jq . "$output" > /dev/null || err_exit " response body is not valid json" } diff --git a/kong-3.2.0-0.rockspec b/kong-3.2.2-0.rockspec similarity index 99% rename from kong-3.2.0-0.rockspec rename to kong-3.2.2-0.rockspec index 21e721af7cf2..75a021069ee2 100644 --- a/kong-3.2.0-0.rockspec +++ b/kong-3.2.2-0.rockspec @@ -1,10 +1,10 @@ package = "kong" -version = "3.2.0-0" +version = "3.2.2-0" rockspec_format = "3.0" supported_platforms = {"linux", "macosx"} source = { url = "git+https://github.com/Kong/kong.git", - tag = "3.2.0" + tag = "3.2.2" } description = { summary = "Kong is a scalable and customizable API Management Layer built on top of Nginx.", @@ -40,8 +40,8 @@ dependencies = { "lua-resty-counter == 0.2.1", "lua-resty-ipmatcher == 0.6.1", "lua-resty-acme == 0.10.1", - "lua-resty-session == 4.0.0", - "lua-resty-timer-ng == 0.2.0", + "lua-resty-session == 4.0.3", + "lua-resty-timer-ng == 0.2.3", } build = { type = "builtin", diff --git a/kong.conf.default b/kong.conf.default index 7a71804c2381..6d77e84fac05 100644 --- a/kong.conf.default +++ b/kong.conf.default @@ -1,4 +1,4 @@ -# ----------------------- +G# ----------------------- # Kong configuration file # ----------------------- # @@ -103,7 +103,7 @@ # such in the Lua namespace: # `kong.vaults.{name}.*`. -#opentelemetry_tracing = off # Deprecated: use tracing_instrumentatios instead +#opentelemetry_tracing = off # Deprecated: use tracing_instrumentations instead #tracing_instrumentations = off # Comma-separated list of tracing instrumentations # this node should load. By default, no instrumentations @@ -939,10 +939,10 @@ # connection may be kept open # indefinitely. -#allow_debug_header = off # Enable the `Kong-Debug` header function. - # if it is `on`, kong will add - # `Kong-Route-Id` `Kong-Route-Name` `Kong-Service-Id` - # `Kong-Service-Name` debug headers to response when +#allow_debug_header = off # Enable the `Kong-Debug` header function. + # if it is `on`, kong will add + # `Kong-Route-Id` `Kong-Route-Name` `Kong-Service-Id` + # `Kong-Service-Name` debug headers to response when # the client request header `Kong-Debug: 1` is present. #------------------------------------------------------------------------------ @@ -1808,3 +1808,4 @@ # Setting this attribute disables the search # behavior and explicitly instructs Kong which # OpenResty installation to use. + diff --git a/kong/clustering/compat/init.lua b/kong/clustering/compat/init.lua index 69c0df6bafb5..dbb2a16c6bc4 100644 --- a/kong/clustering/compat/init.lua +++ b/kong/clustering/compat/init.lua @@ -238,6 +238,7 @@ end local function rename_field(config, name_from, name_to, has_update) if config[name_from] ~= nil then config[name_to] = config[name_from] + config[name_from] = nil return true end return has_update diff --git a/kong/clustering/compat/removed_fields.lua b/kong/clustering/compat/removed_fields.lua index 1b1a392267fb..66a650fc0e2d 100644 --- a/kong/clustering/compat/removed_fields.lua +++ b/kong/clustering/compat/removed_fields.lua @@ -48,5 +48,11 @@ return { "response_headers", "request_headers", }, + aws_lambda = { + "aws_imds_protocol_version", + }, + zipkin = { + "phase_duration_flavor", + } }, } diff --git a/kong/conf_loader/init.lua b/kong/conf_loader/init.lua index e33112625a71..53082b15f424 100644 --- a/kong/conf_loader/init.lua +++ b/kong/conf_loader/init.lua @@ -547,17 +547,32 @@ local CONF_PARSERS = { lmdb_environment_path = { typ = "string" }, lmdb_map_size = { typ = "string" }, - tracing_instrumentations= { + opentelemetry_tracing = { typ = "array", + alias = { + replacement = "tracing_instrumentations", + }, deprecated = { - replacement = "opentelemetry_tracing", + replacement = "tracing_instrumentations", }, }, - tracing_sampling_rate = { + + tracing_instrumentations = { + typ = "array", + }, + + opentelemetry_tracing_sampling_rate = { typ = "number", deprecated = { - replacement = "opentelemetry_tracing_sampling_rate", + replacement = "tracing_sampling_rate", }, + alias = { + replacement = "tracing_sampling_rate", + }, + }, + + tracing_sampling_rate = { + typ = "number", }, proxy_server = { typ = "string" }, @@ -1193,14 +1208,14 @@ local function check_and_parse(conf, opts) for _, trace_type in ipairs(conf.tracing_instrumentations) do if not available_types_map[trace_type] then - errors[#errors + 1] = "invalid opentelemetry tracing type: " .. trace_type + errors[#errors + 1] = "invalid tracing type: " .. trace_type end end if #conf.tracing_instrumentations > 1 and tablex.find(conf.tracing_instrumentations, "off") then - errors[#errors + 1] = "invalid opentelemetry tracing types: off, other types are mutually exclusive" + errors[#errors + 1] = "invalid tracing types: off, other types are mutually exclusive" end if conf.tracing_sampling_rate < 0 or conf.tracing_sampling_rate > 1 then diff --git a/kong/db/declarative/init.lua b/kong/db/declarative/init.lua index eb6a49671286..93d2e40a0803 100644 --- a/kong/db/declarative/init.lua +++ b/kong/db/declarative/init.lua @@ -219,13 +219,13 @@ function _M:parse_table(dc_table, hash) error("expected a table as input", 2) end + on_the_fly_migration(dc_table) + local entities, err_t, meta = self.schema:flatten(dc_table) if err_t then return nil, pretty_print_error(err_t), err_t end - on_the_fly_migration(entities, dc_table._format_version) - yield() if not self.partial then diff --git a/kong/db/declarative/migrations/route_path.lua b/kong/db/declarative/migrations/route_path.lua index fd979fcb97f5..04174f0fcac4 100644 --- a/kong/db/declarative/migrations/route_path.lua +++ b/kong/db/declarative/migrations/route_path.lua @@ -1,32 +1,47 @@ local migrate_path = require "kong.db.migrations.migrate_path_280_300" +local lyaml_null = require("lyaml").null +local cjson_null = require("cjson").null +local ngx_null = ngx.null local pairs = pairs local ipairs = ipairs -local null = ngx.null -return function(tbl, version) - if not tbl or not (version == "1.1" or version == "2.1") then - return - end - - local routes = tbl.routes +local EMPTY = {} - if not routes then - -- no need to migrate - return +local function ensure_table(val) + if val == nil or val == ngx_null or val == lyaml_null or val == cjson_null or type(val) ~= "table" then + return EMPTY end + return val +end +local function migrate_routes(routes) for _, route in pairs(routes) do - local paths = route.paths - if not paths or paths == null then - -- no need to migrate - goto continue - end + local paths = ensure_table(route.paths) for idx, path in ipairs(paths) do paths[idx] = migrate_path(path) end + end +end + +return function(tbl) + local version = tbl._format_version + if not tbl or not (version == "1.1" or version == "2.1") then + return + end + + -- migrate top-level routes + local routes = ensure_table(tbl.routes) + migrate_routes(routes) - ::continue:: + -- migrate routes nested in top-level services + local services = ensure_table(tbl.services) + for _, service in ipairs(services) do + local nested_routes = ensure_table(service.routes) + + migrate_routes(nested_routes) end + + tbl._format_version = "3.0" end diff --git a/kong/meta.lua b/kong/meta.lua index a252e58cb713..fca6020f8a06 100644 --- a/kong/meta.lua +++ b/kong/meta.lua @@ -1,7 +1,7 @@ local version = setmetatable({ major = 3, minor = 2, - patch = 0, + patch = 2, --suffix = "-alpha.13" }, { -- our Makefile during certain releases adjusts this line. Any changes to diff --git a/kong/plugins/datadog/handler.lua b/kong/plugins/datadog/handler.lua index ee98608deb72..9fa90ea5dd2b 100644 --- a/kong/plugins/datadog/handler.lua +++ b/kong/plugins/datadog/handler.lua @@ -134,7 +134,7 @@ function DatadogHandler:log(conf) } local err - q, err = BatchQueue.new(process, opts) + q, err = BatchQueue.new("datadog", process, opts) if not q then kong.log.err("could not create queue: ", err) return diff --git a/kong/plugins/http-log/handler.lua b/kong/plugins/http-log/handler.lua index de5b0f96db1c..b2461852c9a7 100644 --- a/kong/plugins/http-log/handler.lua +++ b/kong/plugins/http-log/handler.lua @@ -171,7 +171,7 @@ function HttpLogHandler:log(conf) } local err - q, err = BatchQueue.new(process, opts) + q, err = BatchQueue.new("http-log", process, opts) if not q then kong.log.err("could not create queue: ", err) return diff --git a/kong/plugins/opentelemetry/handler.lua b/kong/plugins/opentelemetry/handler.lua index fdece22767e4..b41ce20cdb3c 100644 --- a/kong/plugins/opentelemetry/handler.lua +++ b/kong/plugins/opentelemetry/handler.lua @@ -19,7 +19,8 @@ local propagation_parse = propagation.parse local propagation_set = propagation.set local null = ngx.null local encode_traces = otlp.encode_traces -local transform_span = otlp.transform_span +local translate_span_trace_id = otlp.translate_span +local encode_span = otlp.transform_span local _log_prefix = "[otel] " @@ -108,7 +109,7 @@ local function process_span(span, queue) span.trace_id = trace_id end - local pb_span = transform_span(span) + local pb_span = encode_span(span) queue:add(pb_span) end @@ -132,6 +133,7 @@ function OpenTelemetryHandler:access() end -- overwrite trace id + -- as we are in a chain of existing trace if trace_id then root_span.trace_id = trace_id kong.ctx.plugin.trace_id = trace_id @@ -145,7 +147,7 @@ function OpenTelemetryHandler:access() root_span.parent_id = parent_id end - propagation_set("preserve", header_type, root_span, "w3c") + propagation_set("preserve", header_type, translate_span_trace_id(root_span), "w3c") end function OpenTelemetryHandler:log(conf) @@ -164,7 +166,7 @@ function OpenTelemetryHandler:log(conf) } local err - q, err = BatchQueue.new(process, opts) + q, err = BatchQueue.new("opentelemetry", process, opts) if not q then kong.log.err("could not create queue: ", err) return diff --git a/kong/plugins/opentelemetry/otlp.lua b/kong/plugins/opentelemetry/otlp.lua index d84c5c7d97fb..2b209e7f7639 100644 --- a/kong/plugins/opentelemetry/otlp.lua +++ b/kong/plugins/opentelemetry/otlp.lua @@ -10,8 +10,13 @@ local insert = table.insert local tablepool_fetch = tablepool.fetch local tablepool_release = tablepool.release local deep_copy = utils.deep_copy +local shallow_copy = utils.shallow_copy local table_merge = utils.table_merge +local getmetatable = getmetatable +local setmetatable = setmetatable +local TRACE_ID_LEN = 16 +local NULL = "\0" local POOL_OTLP = "KONG_OTLP" local EMPTY_TAB = {} @@ -72,9 +77,43 @@ local function transform_events(events) return pb_events end +-- translate the span to otlp format +-- currently it only adjust the trace id to 16 bytes +-- we don't do it in place because the span is shared +-- and we need to preserve the original information as much as possible +local function translate_span_trace_id(span) + local trace_id = span.trace_id + local len = #trace_id + local new_id = trace_id + + if len == TRACE_ID_LEN then + return span + end + + -- make sure the trace id is of 16 bytes + if len > TRACE_ID_LEN then + new_id = trace_id:sub(-TRACE_ID_LEN) + + elseif len < TRACE_ID_LEN then + new_id = NULL:rep(TRACE_ID_LEN - len) .. trace_id + end + + local translated = shallow_copy(span) + setmetatable(translated, getmetatable(span)) + + translated.trace_id = new_id + span = translated + + return span +end + +-- this function is to prepare span to be encoded and sent via grpc +-- TODO: renaming this to encode_span local function transform_span(span) assert(type(span) == "table") + span = translate_span_trace_id(span) + local pb_span = { trace_id = span.trace_id, span_id = span.span_id, @@ -161,6 +200,7 @@ do end return { + translate_span = translate_span_trace_id, transform_span = transform_span, encode_traces = encode_traces, } diff --git a/kong/plugins/statsd/log.lua b/kong/plugins/statsd/log.lua index d004baa4ed08..0b951112e769 100644 --- a/kong/plugins/statsd/log.lua +++ b/kong/plugins/statsd/log.lua @@ -476,7 +476,7 @@ function _M.execute(conf) } local err - q, err = BatchQueue.new(process, opts) + q, err = BatchQueue.new("statsd", process, opts) if not q then kong.log.err("could not create queue: ", err) return diff --git a/kong/runloop/balancer/balancers.lua b/kong/runloop/balancer/balancers.lua index f647d99dfd30..763be3d73400 100644 --- a/kong/runloop/balancer/balancers.lua +++ b/kong/runloop/balancer/balancers.lua @@ -102,6 +102,7 @@ local function create_balancer_exclusive(upstream) local health_threshold = upstream.healthchecks and upstream.healthchecks.threshold or nil + targets.clean_targets_cache(upstream) local targets_list, err = targets.fetch_targets(upstream) if not targets_list then return nil, "failed fetching targets:" .. err diff --git a/kong/runloop/balancer/targets.lua b/kong/runloop/balancer/targets.lua index 0b95ecd6ef30..89b4563853b4 100644 --- a/kong/runloop/balancer/targets.lua +++ b/kong/runloop/balancer/targets.lua @@ -38,6 +38,8 @@ local GLOBAL_QUERY_OPTS = { workspace = null, show_ws_id = true } local renewal_heap = require("binaryheap").minUnique() local renewal_weak_cache = setmetatable({}, { __mode = "v" }) +local targets_by_upstream_id = {} + local targets_M = {} -- forward local declarations @@ -126,9 +128,17 @@ end function targets_M.fetch_targets(upstream) local targets_cache_key = "balancer:targets:" .. upstream.id - return kong.core_cache:get( - targets_cache_key, nil, - load_targets_into_memory, upstream.id) + if targets_by_upstream_id[targets_cache_key] == nil then + targets_by_upstream_id[targets_cache_key] = load_targets_into_memory(upstream.id) + end + + return targets_by_upstream_id[targets_cache_key] +end + + +function targets_M.clean_targets_cache(upstream) + local targets_cache_key = "balancer:targets:" .. upstream.id + targets_by_upstream_id[targets_cache_key] = nil end @@ -157,7 +167,14 @@ function targets_M.on_target_event(operation, target) log(DEBUG, "target ", operation, " for upstream ", upstream_id, upstream_name and " (" .. upstream_name ..")" or "") - kong.core_cache:invalidate_local("balancer:targets:" .. upstream_id) + targets_by_upstream_id["balancer:targets:" .. upstream_id] = nil + + local upstream = upstreams.get_upstream_by_id(upstream_id) + if not upstream then + log(ERR, "target ", operation, ": upstream not found for ", upstream_id, + upstream_name and " (" .. upstream_name ..")" or "") + return + end -- cancel DNS renewal if operation ~= "create" then @@ -170,13 +187,6 @@ function targets_M.on_target_event(operation, target) end end - local upstream = upstreams.get_upstream_by_id(upstream_id) - if not upstream then - log(ERR, "target ", operation, ": upstream not found for ", upstream_id, - upstream_name and " (" .. upstream_name ..")" or "") - return - end - -- move this to upstreams? local balancer = balancers.get_balancer_by_id(upstream_id) if not balancer then diff --git a/kong/runloop/balancer/upstreams.lua b/kong/runloop/balancer/upstreams.lua index 7b0a10b8b734..e2f9fcd3ce22 100644 --- a/kong/runloop/balancer/upstreams.lua +++ b/kong/runloop/balancer/upstreams.lua @@ -191,11 +191,6 @@ local function do_upstream_event(operation, upstream_data) end elseif operation == "delete" or operation == "update" then - local target_cache_key = "balancer:targets:" .. upstream_id - if kong.db.strategy ~= "off" then - kong.core_cache:invalidate_local(target_cache_key) - end - local balancer = balancers.get_balancer_by_id(upstream_id) if balancer then healthcheckers.stop_healthchecker(balancer, CLEAR_HEALTH_STATUS_DELAY) diff --git a/kong/tools/batch_queue.lua b/kong/tools/batch_queue.lua index 8eaf5ae56ef3..597ceae08bc6 100644 --- a/kong/tools/batch_queue.lua +++ b/kong/tools/batch_queue.lua @@ -24,12 +24,14 @@ -- end -- -- local q = BatchQueue.new( +-- name, -- name of the queue for identification purposes in the log -- process, -- function used to "process/consume" values from the queue -- { -- Opts table with control values. Defaults shown: --- retry_count = 0, -- number of times to retry processing --- batch_max_size = 1000, -- max number of entries that can be queued before they are queued for processing --- process_delay = 1, -- in seconds, how often the current batch is closed & queued --- flush_timeout = 2, -- in seconds, how much time passes without activity before the current batch is closed and queued +-- retry_count = 0, -- number of times to retry processing +-- batch_max_size = 1000, -- max number of entries that can be queued before they are queued for processing +-- process_delay = 1, -- in seconds, how often the current batch is closed & queued +-- flush_timeout = 2, -- in seconds, how much time passes without activity before the current batch is closed and queued +-- max_queued_batches = 10000, -- max number of batches that can be queued before the oldest batch is dropped when a new one is queued -- } -- ) -- @@ -68,11 +70,9 @@ local timer_at = ngx.timer.at local remove = table.remove local type = type local huge = math.huge -local fmt = string.format local min = math.min local now = ngx.now local ERR = ngx.ERR -local ngx_log = ngx.log local DEBUG = ngx.DEBUG local WARN = ngx.WARN @@ -81,6 +81,24 @@ local WARN = ngx.WARN local RETRY_MAX_DELAY = 60 +local function getenv_number(name, default) + local s = os.getenv(name) + if s then + local n = tonumber(s) + if n ~= nil then + return n + end + + ngx.log(ERR, "cannot parse environment variable " .. name .. " as number, returning default") + end + + return default +end + + +local DEFAULT_MAX_QUEUED_BATCHES = getenv_number("KONG_MAX_QUEUED_BATCHES", 10000) + + local Queue = {} @@ -100,10 +118,10 @@ local process local function schedule_flush(self) local ok, err = timer_at(self.flush_timeout/1000, flush, self) if not ok then - ngx_log(ERR, "failed to create delayed flush timer: ", err) + self:log(ERR, "failed to create delayed flush timer: %s", err) return end - --ngx_log(DEBUG, "delayed timer created") + --self:log(DEBUG, "delayed timer created") self.flush_scheduled = true end @@ -113,10 +131,10 @@ end -- @param self Queue -- @param batch: table with `entries` and `retries` counter -- @param delay number: timer delay in seconds -local function schedule_process(self, batch, delay) - local ok, err = timer_at(delay, process, self, batch) +local function schedule_process(self, delay) + local ok, err = timer_at(delay, process, self) if not ok then - ngx_log(ERR, "failed to create process timer: ", err) + self:log(ERR, "failed to create process timer: %s", err) return end self.process_scheduled = true @@ -147,13 +165,13 @@ flush = function(premature, self) if get_now() - self.last_t < self.flush_timeout then -- flushing reported: we had activity - ngx_log(DEBUG, "[flush] queue had activity, delaying flush") + self:log(DEBUG, "[flush] queue had activity, delaying flush") schedule_flush(self) return end -- no activity and timeout reached - ngx_log(DEBUG, "[flush] queue had no activity, flushing triggered by flush_timeout") + self:log(DEBUG, "[flush] queue had no activity, flushing triggered by flush_timeout") self:flush() self.flush_scheduled = false end @@ -165,27 +183,31 @@ end -- @param self Queue -- @param batch: table with `entries` and `retries` counter -- @return nothing -process = function(premature, self, batch) +process = function(premature, self) if premature then return end + local batch = self.batch_queue[1] + if not batch then + self:log(WARN, "queue process called but no batches to be processed") + return + end + local next_retry_delay local ok, err = self.process(batch.entries) if ok then -- success, reset retry delays self.retry_delay = 1 next_retry_delay = 0 - + remove(self.batch_queue, 1) else batch.retries = batch.retries + 1 if batch.retries < self.retry_count then - ngx_log(WARN, "failed to process entries: ", tostring(err)) - -- queue our data for processing again, at the end of the queue - self.batch_queue[#self.batch_queue + 1] = batch + self:log(WARN, "failed to process entries: %s", tostring(err)) else - ngx_log(ERR, fmt("entry batch was already tried %d times, dropping it", - batch.retries)) + self:log(ERR, "entry batch was already tried %d times, dropping it", batch.retries) + remove(self.batch_queue, 1) end self.retry_delay = self.retry_delay + 1 @@ -193,10 +215,8 @@ process = function(premature, self, batch) end if #self.batch_queue > 0 then -- more to process? - ngx_log(DEBUG, fmt("processing oldest data, %d still queued", - #self.batch_queue - 1)) - local oldest_batch = remove(self.batch_queue, 1) - schedule_process(self, oldest_batch, next_retry_delay) + self:log(DEBUG, "processing oldest data, %d still queued", #self.batch_queue) + schedule_process(self, next_retry_delay) return end @@ -218,13 +238,15 @@ end -- @param opts table, optionally including -- `retry_count`, `flush_timeout`, `batch_max_size` and `process_delay` -- @return table: a Queue object. -function Queue.new(process, opts) +function Queue.new(name, handler, opts) opts = opts or {} - assert(type(process) == "function", - "arg #1 (process) must be a function") + assert(type(name) == "string", + "arg #1 (name) must be a string") + assert(type(handler) == "function", + "arg #2 (process) must be a function") assert(type(opts) == "table", - "arg #2 (opts) must be a table") + "arg #3 (opts) must be a table") assert(opts.retry_count == nil or type(opts.retry_count) == "number", "retry_count must be a number") assert(opts.flush_timeout == nil or type(opts.flush_timeout) == "number", @@ -233,15 +255,19 @@ function Queue.new(process, opts) "batch_max_size must be a number") assert(opts.process_delay == nil or type(opts.batch_max_size) == "number", "process_delay must be a number") + assert(opts.max_queued_batches == nil or type(opts.max_queued_batches) == "number", + "max_queued_batches must be a number") local self = { - process = process, + name = name, + process = handler, -- flush timeout in milliseconds flush_timeout = opts.flush_timeout and opts.flush_timeout * 1000 or 2000, retry_count = opts.retry_count or 0, batch_max_size = opts.batch_max_size or 1000, process_delay = opts.process_delay or 1, + max_queued_batches = opts.max_queued_batches or DEFAULT_MAX_QUEUED_BATCHES, retry_delay = 1, @@ -258,6 +284,17 @@ function Queue.new(process, opts) end +------------------------------------------------------------------------------- +-- Log a message that includes the name of the queue for identification purposes +-- @param self Queue +-- @param level: log level +-- @param formatstring: format string, will get the queue name and ": " prepended +-- @param ...: formatter arguments +function Queue:log(level, formatstring, ...) + return ngx.log(level, string.format(self.name .. ": " .. formatstring, unpack({...}))) +end + + ------------------------------------------------------------------------------- -- Add data to the queue -- @param entry the value included in the queue. It can be any Lua value besides nil. @@ -269,8 +306,8 @@ function Queue:add(entry) if self.batch_max_size == 1 then -- no batching - local batch = { entries = { entry }, retries = 0 } - schedule_process(self, batch, 0) + self.batch_queue = { { entries = { entry }, retries = 0 } } + schedule_process(self, 0) return true end @@ -304,8 +341,12 @@ function Queue:flush() -- Queue the current batch, if it has at least 1 entry if current_batch_size > 0 then - ngx_log(DEBUG, "queueing batch for processing (", current_batch_size, " entries)") + self:log(DEBUG, "queueing batch for processing (%d entries)", current_batch_size) + while #self.batch_queue >= self.max_queued_batches do + self:log(ERR, "exceeded max_queued_batches (%d), dropping oldest", self.max_queued_batches) + remove(self.batch_queue, 1) + end self.batch_queue[#self.batch_queue + 1] = self.current_batch self.current_batch = { entries = {}, retries = 0 } end @@ -314,10 +355,8 @@ function Queue:flush() -- in the future. This will keep calling itself in the future until -- the queue is empty if #self.batch_queue > 0 and not self.process_scheduled then - ngx_log(DEBUG, fmt("processing oldest entry, %d still queued", - #self.batch_queue - 1)) - local oldest_batch = remove(self.batch_queue, 1) - schedule_process(self, oldest_batch, self.process_delay) + self:log(DEBUG, "processing oldest entry, %d still queued", #self.batch_queue) + schedule_process(self, self.process_delay) end return true diff --git a/scripts/explain_manifest/fixtures/alpine-amd64.txt b/scripts/explain_manifest/fixtures/alpine-amd64.txt index 5d25e3fc01bb..adc7ba5373fc 100644 --- a/scripts/explain_manifest/fixtures/alpine-amd64.txt +++ b/scripts/explain_manifest/fixtures/alpine-amd64.txt @@ -37,7 +37,7 @@ - libc.so Rpath : /usr/local/kong/lib Version Requirement: - - libcrypto.so.1.1 (OPENSSL_1_1_0d, OPENSSL_1_1_0i, OPENSSL_1_1_0f, OPENSSL_1_1_1, OPENSSL_1_1_0) + - libcrypto.so.1.1 (OPENSSL_1_1_0, OPENSSL_1_1_0d, OPENSSL_1_1_0f, OPENSSL_1_1_0i, OPENSSL_1_1_1) - Path : /usr/local/lib/lua/5.1/lfs.so Needed : @@ -97,7 +97,7 @@ Rpath : /usr/local/kong/lib Version Requirement: - libcrypto.so.1.1 (OPENSSL_1_1_0) - - libssl.so.1.1 (OPENSSL_1_1_1, OPENSSL_1_1_0) + - libssl.so.1.1 (OPENSSL_1_1_0, OPENSSL_1_1_1) - Path : /usr/local/lib/lua/5.1/yaml.so Needed : @@ -113,7 +113,7 @@ - libgcc_s.so.1 - libc.so Version Requirement: - - libgcc_s.so.1 (GCC_4.2.0, GCC_3.3, GCC_3.0) + - libgcc_s.so.1 (GCC_3.0, GCC_3.3, GCC_4.2.0) - Path : /usr/local/openresty/lualib/librestysignal.so Needed : @@ -137,11 +137,11 @@ Rpath : /usr/local/openresty/luajit/lib:/usr/local/kong/lib Version Requirement: - libcrypto.so.1.1 (OPENSSL_1_1_0) - - libssl.so.1.1 (OPENSSL_1_1_1, OPENSSL_1_1_0) + - libssl.so.1.1 (OPENSSL_1_1_0, OPENSSL_1_1_1) Modules : - lua-kong-nginx-module - lua-kong-nginx-module/stream - lua-resty-events - lua-resty-lmdb - OpenSSL : OpenSSL 1.1.1s 1 Nov 2022 + OpenSSL : OpenSSL 1.1.1t 7 Feb 2023 diff --git a/scripts/explain_manifest/fixtures/debian-10-amd64.txt b/scripts/explain_manifest/fixtures/debian-10-amd64.txt deleted file mode 100644 index 0ae6bd0f944b..000000000000 --- a/scripts/explain_manifest/fixtures/debian-10-amd64.txt +++ /dev/null @@ -1,211 +0,0 @@ -- Path : /usr/local/kong/include/google - Type : directory - -- Path : /usr/local/kong/include/kong - Type : directory - -- Path : /usr/local/kong/lib/engines-1.1/afalg.so - Needed : - - libstdc++.so.6 - - libm.so.6 - - libcrypto.so.1.1 - - libdl.so.2 - - libc.so.6 - Runpath : /usr/local/kong/lib - Version Requirement: - - libc.so.6 (GLIBC_2.2.5, GLIBC_2.14, GLIBC_2.4) - - libcrypto.so.1.1 (OPENSSL_1_1_0) - -- Path : /usr/local/kong/lib/engines-1.1/capi.so - Needed : - - libstdc++.so.6 - - libm.so.6 - - libcrypto.so.1.1 - - libdl.so.2 - - libc.so.6 - Runpath : /usr/local/kong/lib - Version Requirement: - - libc.so.6 (GLIBC_2.2.5) - -- Path : /usr/local/kong/lib/engines-1.1/padlock.so - Needed : - - libstdc++.so.6 - - libm.so.6 - - libcrypto.so.1.1 - - libdl.so.2 - - libc.so.6 - Runpath : /usr/local/kong/lib - Version Requirement: - - libc.so.6 (GLIBC_2.2.5) - - libcrypto.so.1.1 (OPENSSL_1_1_0) - -- Path : /usr/local/kong/lib/libcrypto.so.1.1 - Needed : - - libstdc++.so.6 - - libm.so.6 - - libdl.so.2 - - libc.so.6 - Runpath : /usr/local/kong/lib - Version Requirement: - - libc.so.6 (GLIBC_2.25, GLIBC_2.2.5, GLIBC_2.16, GLIBC_2.7, GLIBC_2.3.4, GLIBC_2.17, GLIBC_2.3, GLIBC_2.14, GLIBC_2.4) - - libdl.so.2 (GLIBC_2.2.5) - -- Path : /usr/local/kong/lib/libssl.so.1.1 - Needed : - - libstdc++.so.6 - - libm.so.6 - - libcrypto.so.1.1 - - libdl.so.2 - - libc.so.6 - Runpath : /usr/local/kong/lib - Version Requirement: - - libc.so.6 (GLIBC_2.2.5, GLIBC_2.14, GLIBC_2.4) - - libcrypto.so.1.1 (OPENSSL_1_1_0, OPENSSL_1_1_0f, OPENSSL_1_1_1, OPENSSL_1_1_0d, OPENSSL_1_1_0i) - -- Path : /usr/local/lib/lua/5.1/lfs.so - Needed : - - libc.so.6 - Runpath : /usr/local/kong/lib - Version Requirement: - - libc.so.6 (GLIBC_2.4, GLIBC_2.2.5) - -- Path : /usr/local/lib/lua/5.1/lpeg.so - Needed : - - libc.so.6 - Runpath : /usr/local/kong/lib - Version Requirement: - - libc.so.6 (GLIBC_2.14, GLIBC_2.4, GLIBC_2.2.5) - -- Path : /usr/local/lib/lua/5.1/lsyslog.so - Needed : - - libc.so.6 - Runpath : /usr/local/kong/lib - Version Requirement: - - libc.so.6 (GLIBC_2.4, GLIBC_2.2.5) - -- Path : /usr/local/lib/lua/5.1/lua_pack.so - Needed : - - libc.so.6 - Runpath : /usr/local/kong/lib - Version Requirement: - - libc.so.6 (GLIBC_2.3, GLIBC_2.4, GLIBC_2.2.5) - -- Path : /usr/local/lib/lua/5.1/lua_system_constants.so - Runpath : /usr/local/kong/lib - -- Path : /usr/local/lib/lua/5.1/mime/core.so - Needed : - - libc.so.6 - Runpath : /usr/local/kong/lib - Version Requirement: - - libc.so.6 (GLIBC_2.2.5, GLIBC_2.4) - -- Path : /usr/local/lib/lua/5.1/pb.so - Needed : - - libc.so.6 - Runpath : /usr/local/kong/lib - Version Requirement: - - libc.so.6 (GLIBC_2.14, GLIBC_2.4, GLIBC_2.2.5) - -- Path : /usr/local/lib/lua/5.1/socket/core.so - Needed : - - libc.so.6 - Runpath : /usr/local/kong/lib - Version Requirement: - - libc.so.6 (GLIBC_2.3.4, GLIBC_2.15, GLIBC_2.4, GLIBC_2.2.5) - -- Path : /usr/local/lib/lua/5.1/socket/serial.so - Needed : - - libc.so.6 - Runpath : /usr/local/kong/lib - Version Requirement: - - libc.so.6 (GLIBC_2.3.4, GLIBC_2.4, GLIBC_2.2.5) - -- Path : /usr/local/lib/lua/5.1/socket/unix.so - Needed : - - libc.so.6 - Runpath : /usr/local/kong/lib - Version Requirement: - - libc.so.6 (GLIBC_2.3.4, GLIBC_2.4, GLIBC_2.2.5) - -- Path : /usr/local/lib/lua/5.1/ssl.so - Needed : - - libssl.so.1.1 - - libcrypto.so.1.1 - - libc.so.6 - Runpath : /usr/local/kong/lib - Version Requirement: - - libc.so.6 (GLIBC_2.4, GLIBC_2.2.5) - - libcrypto.so.1.1 (OPENSSL_1_1_0) - - libssl.so.1.1 (OPENSSL_1_1_1, OPENSSL_1_1_0) - -- Path : /usr/local/lib/lua/5.1/yaml.so - Needed : - - libyaml-0.so.2 - - libc.so.6 - Version Requirement: - - libc.so.6 (GLIBC_2.4, GLIBC_2.2.5, GLIBC_2.3.4) - -- Path : /usr/local/openresty/lualib/cjson.so - Needed : - - libc.so.6 - Version Requirement: - - libc.so.6 (GLIBC_2.14, GLIBC_2.4, GLIBC_2.2.5, GLIBC_2.3.4) - -- Path : /usr/local/openresty/lualib/libatc_router.so - Needed : - - libgcc_s.so.1 - - librt.so.1 - - libpthread.so.0 - - libm.so.6 - - libdl.so.2 - - libc.so.6 - - ld-linux-x86-64.so.2 - - libstdc++.so.6 - Version Requirement: - - ld-linux-x86-64.so.2 (GLIBC_2.3) - - libc.so.6 (GLIBC_2.2.5, GLIBC_2.4, GLIBC_2.14, GLIBC_2.15, GLIBC_2.18, GLIBC_2.25, GLIBC_2.9, GLIBC_2.3.4, GLIBC_2.5, GLIBC_2.27, GLIBC_2.3, GLIBC_2.10, GLIBC_2.6) - - libdl.so.2 (GLIBC_2.2.5) - - libgcc_s.so.1 (GCC_3.0, GCC_4.2.0, GCC_3.3) - - libpthread.so.0 (GLIBC_2.2.5, GLIBC_2.12) - - librt.so.1 (GLIBC_2.2.5) - -- Path : /usr/local/openresty/lualib/librestysignal.so - -- Path : /usr/local/openresty/lualib/rds/parser.so - Needed : - - libc.so.6 - Version Requirement: - - libc.so.6 (GLIBC_2.2.5, GLIBC_2.4) - -- Path : /usr/local/openresty/lualib/redis/parser.so - Needed : - - libc.so.6 - Version Requirement: - - libc.so.6 (GLIBC_2.2.5, GLIBC_2.14, GLIBC_2.4) - -- Path : /usr/local/openresty/nginx/sbin/nginx - Needed : - - libdl.so.2 - - libpthread.so.0 - - libcrypt.so.1 - - libluajit-5.1.so.2 - - libssl.so.1.1 - - libcrypto.so.1.1 - - libz.so.1 - - libc.so.6 - Runpath : /usr/local/openresty/luajit/lib:/usr/local/kong/lib - Version Requirement: - - libc.so.6 (GLIBC_2.11, GLIBC_2.4, GLIBC_2.17, GLIBC_2.27, GLIBC_2.14, GLIBC_2.3.4, GLIBC_2.7, GLIBC_2.10, GLIBC_2.3.2, GLIBC_2.3, GLIBC_2.2.5) - - libcrypt.so.1 (GLIBC_2.2.5) - - libcrypto.so.1.1 (OPENSSL_1_1_0) - - libdl.so.2 (GLIBC_2.2.5) - - libpthread.so.0 (GLIBC_2.12, GLIBC_2.3.2, GLIBC_2.2.5) - - libssl.so.1.1 (OPENSSL_1_1_1, OPENSSL_1_1_0) - Modules : - - lua-kong-nginx-module - - lua-kong-nginx-module/stream - - lua-resty-events - - lua-resty-lmdb - OpenSSL : OpenSSL 1.1.1s 1 Nov 2022 - diff --git a/scripts/explain_manifest/fixtures/debian-11-amd64.txt b/scripts/explain_manifest/fixtures/debian-11-amd64.txt deleted file mode 100644 index a2947491d154..000000000000 --- a/scripts/explain_manifest/fixtures/debian-11-amd64.txt +++ /dev/null @@ -1,209 +0,0 @@ -- Path : /usr/local/kong/include/google - Type : directory - -- Path : /usr/local/kong/include/kong - Type : directory - -- Path : /usr/local/kong/lib/engines-1.1/afalg.so - Needed : - - libstdc++.so.6 - - libm.so.6 - - libcrypto.so.1.1 - - libdl.so.2 - - libc.so.6 - Runpath : /usr/local/kong/lib - Version Requirement: - - libc.so.6 (GLIBC_2.2.5, GLIBC_2.14, GLIBC_2.4) - - libcrypto.so.1.1 (OPENSSL_1_1_0) - -- Path : /usr/local/kong/lib/engines-1.1/capi.so - Needed : - - libstdc++.so.6 - - libm.so.6 - - libcrypto.so.1.1 - - libdl.so.2 - - libc.so.6 - Runpath : /usr/local/kong/lib - Version Requirement: - - libc.so.6 (GLIBC_2.2.5) - -- Path : /usr/local/kong/lib/engines-1.1/padlock.so - Needed : - - libstdc++.so.6 - - libm.so.6 - - libcrypto.so.1.1 - - libdl.so.2 - - libc.so.6 - Runpath : /usr/local/kong/lib - Version Requirement: - - libc.so.6 (GLIBC_2.2.5) - - libcrypto.so.1.1 (OPENSSL_1_1_0) - -- Path : /usr/local/kong/lib/libcrypto.so.1.1 - Needed : - - libstdc++.so.6 - - libm.so.6 - - libdl.so.2 - - libc.so.6 - Runpath : /usr/local/kong/lib - Version Requirement: - - libc.so.6 (GLIBC_2.2.5, GLIBC_2.16, GLIBC_2.7, GLIBC_2.25, GLIBC_2.3.4, GLIBC_2.17, GLIBC_2.3, GLIBC_2.14, GLIBC_2.4) - - libdl.so.2 (GLIBC_2.2.5) - -- Path : /usr/local/kong/lib/libssl.so.1.1 - Needed : - - libstdc++.so.6 - - libm.so.6 - - libcrypto.so.1.1 - - libdl.so.2 - - libc.so.6 - Runpath : /usr/local/kong/lib - Version Requirement: - - libc.so.6 (GLIBC_2.2.5, GLIBC_2.14, GLIBC_2.4) - - libcrypto.so.1.1 (OPENSSL_1_1_0, OPENSSL_1_1_1, OPENSSL_1_1_0i, OPENSSL_1_1_0f, OPENSSL_1_1_0d) - -- Path : /usr/local/lib/lua/5.1/lfs.so - Needed : - - libc.so.6 - Runpath : /usr/local/kong/lib - Version Requirement: - - libc.so.6 (GLIBC_2.28, GLIBC_2.4, GLIBC_2.2.5) - -- Path : /usr/local/lib/lua/5.1/lpeg.so - Needed : - - libc.so.6 - Runpath : /usr/local/kong/lib - Version Requirement: - - libc.so.6 (GLIBC_2.14, GLIBC_2.4, GLIBC_2.2.5) - -- Path : /usr/local/lib/lua/5.1/lsyslog.so - Needed : - - libc.so.6 - Runpath : /usr/local/kong/lib - Version Requirement: - - libc.so.6 (GLIBC_2.4, GLIBC_2.2.5) - -- Path : /usr/local/lib/lua/5.1/lua_pack.so - Needed : - - libc.so.6 - Runpath : /usr/local/kong/lib - Version Requirement: - - libc.so.6 (GLIBC_2.3, GLIBC_2.4, GLIBC_2.2.5) - -- Path : /usr/local/lib/lua/5.1/lua_system_constants.so - Runpath : /usr/local/kong/lib - -- Path : /usr/local/lib/lua/5.1/mime/core.so - Needed : - - libc.so.6 - Runpath : /usr/local/kong/lib - Version Requirement: - - libc.so.6 (GLIBC_2.2.5, GLIBC_2.4) - -- Path : /usr/local/lib/lua/5.1/pb.so - Needed : - - libc.so.6 - Runpath : /usr/local/kong/lib - Version Requirement: - - libc.so.6 (GLIBC_2.14, GLIBC_2.4, GLIBC_2.2.5) - -- Path : /usr/local/lib/lua/5.1/socket/core.so - Needed : - - libc.so.6 - Runpath : /usr/local/kong/lib - Version Requirement: - - libc.so.6 (GLIBC_2.3.4, GLIBC_2.15, GLIBC_2.4, GLIBC_2.2.5) - -- Path : /usr/local/lib/lua/5.1/socket/serial.so - Needed : - - libc.so.6 - Runpath : /usr/local/kong/lib - Version Requirement: - - libc.so.6 (GLIBC_2.3.4, GLIBC_2.4, GLIBC_2.2.5) - -- Path : /usr/local/lib/lua/5.1/socket/unix.so - Needed : - - libc.so.6 - Runpath : /usr/local/kong/lib - Version Requirement: - - libc.so.6 (GLIBC_2.3.4, GLIBC_2.4, GLIBC_2.2.5) - -- Path : /usr/local/lib/lua/5.1/ssl.so - Needed : - - libssl.so.1.1 - - libcrypto.so.1.1 - - libc.so.6 - Runpath : /usr/local/kong/lib - Version Requirement: - - libc.so.6 (GLIBC_2.4, GLIBC_2.2.5) - - libcrypto.so.1.1 (OPENSSL_1_1_0) - - libssl.so.1.1 (OPENSSL_1_1_1, OPENSSL_1_1_0) - -- Path : /usr/local/lib/lua/5.1/yaml.so - Needed : - - libyaml-0.so.2 - - libc.so.6 - Version Requirement: - - libc.so.6 (GLIBC_2.4, GLIBC_2.2.5, GLIBC_2.3.4) - -- Path : /usr/local/openresty/lualib/cjson.so - Needed : - - libc.so.6 - Version Requirement: - - libc.so.6 (GLIBC_2.14, GLIBC_2.4, GLIBC_2.2.5, GLIBC_2.3.4) - -- Path : /usr/local/openresty/lualib/libatc_router.so - Needed : - - libgcc_s.so.1 - - libpthread.so.0 - - libm.so.6 - - libdl.so.2 - - libc.so.6 - - ld-linux-x86-64.so.2 - - libstdc++.so.6 - Version Requirement: - - ld-linux-x86-64.so.2 (GLIBC_2.3) - - libc.so.6 (GLIBC_2.2.5, GLIBC_2.4, GLIBC_2.14, GLIBC_2.15, GLIBC_2.29, GLIBC_2.28, GLIBC_2.18, GLIBC_2.25, GLIBC_2.9, GLIBC_2.3.4, GLIBC_2.5, GLIBC_2.27, GLIBC_2.3, GLIBC_2.10, GLIBC_2.17, GLIBC_2.6) - - libdl.so.2 (GLIBC_2.2.5) - - libgcc_s.so.1 (GCC_3.0, GCC_4.2.0, GCC_3.3) - - libpthread.so.0 (GLIBC_2.2.5, GLIBC_2.12) - -- Path : /usr/local/openresty/lualib/librestysignal.so - -- Path : /usr/local/openresty/lualib/rds/parser.so - Needed : - - libc.so.6 - Version Requirement: - - libc.so.6 (GLIBC_2.2.5, GLIBC_2.4) - -- Path : /usr/local/openresty/lualib/redis/parser.so - Needed : - - libc.so.6 - Version Requirement: - - libc.so.6 (GLIBC_2.2.5, GLIBC_2.14, GLIBC_2.4) - -- Path : /usr/local/openresty/nginx/sbin/nginx - Needed : - - libdl.so.2 - - libpthread.so.0 - - libcrypt.so.1 - - libluajit-5.1.so.2 - - libssl.so.1.1 - - libcrypto.so.1.1 - - libz.so.1 - - libc.so.6 - Runpath : /usr/local/openresty/luajit/lib:/usr/local/kong/lib - Version Requirement: - - libc.so.6 (GLIBC_2.11, GLIBC_2.28, GLIBC_2.4, GLIBC_2.17, GLIBC_2.27, GLIBC_2.14, GLIBC_2.3.4, GLIBC_2.7, GLIBC_2.10, GLIBC_2.3.2, GLIBC_2.3, GLIBC_2.2.5) - - libcrypt.so.1 (XCRYPT_2.0) - - libcrypto.so.1.1 (OPENSSL_1_1_0) - - libdl.so.2 (GLIBC_2.2.5) - - libpthread.so.0 (GLIBC_2.12, GLIBC_2.3.2, GLIBC_2.2.5) - - libssl.so.1.1 (OPENSSL_1_1_1, OPENSSL_1_1_0) - Modules : - - lua-kong-nginx-module - - lua-kong-nginx-module/stream - - lua-resty-events - - lua-resty-lmdb - OpenSSL : OpenSSL 1.1.1s 1 Nov 2022 - diff --git a/scripts/explain_manifest/fixtures/el7-amd64.txt b/scripts/explain_manifest/fixtures/el7-amd64.txt index 710aab4d6827..606477f51d79 100644 --- a/scripts/explain_manifest/fixtures/el7-amd64.txt +++ b/scripts/explain_manifest/fixtures/el7-amd64.txt @@ -35,7 +35,7 @@ - libc.so.6 Runpath : /usr/local/kong/lib Version Requirement: - - libc.so.6 (GLIBC_2.14, GLIBC_2.2.5) + - libc.so.6 (GLIBC_2.2.5) - libcrypto.so.1.1 (OPENSSL_1_1_0) - Path : /usr/local/kong/lib/libcrypto.so.1.1 @@ -46,7 +46,7 @@ - libc.so.6 Runpath : /usr/local/kong/lib Version Requirement: - - libc.so.6 (GLIBC_2.14, GLIBC_2.4, GLIBC_2.2.5, GLIBC_2.7, GLIBC_2.16, GLIBC_2.3, GLIBC_2.17, GLIBC_2.3.4) + - libc.so.6 (GLIBC_2.14, GLIBC_2.15, GLIBC_2.16, GLIBC_2.17, GLIBC_2.2.5, GLIBC_2.3, GLIBC_2.3.4, GLIBC_2.4, GLIBC_2.7) - libdl.so.2 (GLIBC_2.2.5) - Path : /usr/local/kong/lib/libssl.so.1.1 @@ -58,8 +58,8 @@ - libc.so.6 Runpath : /usr/local/kong/lib Version Requirement: - - libc.so.6 (GLIBC_2.14, GLIBC_2.4, GLIBC_2.2.5) - - libcrypto.so.1.1 (OPENSSL_1_1_0, OPENSSL_1_1_1, OPENSSL_1_1_0i, OPENSSL_1_1_0d, OPENSSL_1_1_0f) + - libc.so.6 (GLIBC_2.14, GLIBC_2.2.5, GLIBC_2.3.4, GLIBC_2.4) + - libcrypto.so.1.1 (OPENSSL_1_1_0, OPENSSL_1_1_0d, OPENSSL_1_1_0f, OPENSSL_1_1_0i, OPENSSL_1_1_1) - Path : /usr/local/lib/lua/5.1/lfs.so Needed : @@ -87,7 +87,7 @@ - libc.so.6 Rpath : /usr/local/kong/lib Version Requirement: - - libc.so.6 (GLIBC_2.3, GLIBC_2.2.5) + - libc.so.6 (GLIBC_2.2.5, GLIBC_2.3) - Path : /usr/local/lib/lua/5.1/lua_system_constants.so Needed : @@ -140,7 +140,7 @@ Version Requirement: - libc.so.6 (GLIBC_2.14, GLIBC_2.2.5) - libcrypto.so.1.1 (OPENSSL_1_1_0) - - libssl.so.1.1 (OPENSSL_1_1_1, OPENSSL_1_1_0) + - libssl.so.1.1 (OPENSSL_1_1_0, OPENSSL_1_1_1) - Path : /usr/local/lib/lua/5.1/yaml.so Needed : @@ -167,10 +167,10 @@ - libstdc++.so.6 Version Requirement: - ld-linux-x86-64.so.2 (GLIBC_2.3) - - libc.so.6 (GLIBC_2.14, GLIBC_2.2.5, GLIBC_2.4, GLIBC_2.6, GLIBC_2.3.4, GLIBC_2.15, GLIBC_2.3, GLIBC_2.10, GLIBC_2.5, GLIBC_2.9) + - libc.so.6 (GLIBC_2.10, GLIBC_2.14, GLIBC_2.15, GLIBC_2.2.5, GLIBC_2.3, GLIBC_2.3.4, GLIBC_2.4, GLIBC_2.5, GLIBC_2.6, GLIBC_2.9) - libdl.so.2 (GLIBC_2.2.5) - libgcc_s.so.1 (GCC_3.0, GCC_3.3, GCC_4.2.0) - - libpthread.so.0 (GLIBC_2.2.5, GLIBC_2.12) + - libpthread.so.0 (GLIBC_2.12, GLIBC_2.2.5) - librt.so.1 (GLIBC_2.2.5) - Path : /usr/local/openresty/lualib/librestysignal.so @@ -189,7 +189,7 @@ Needed : - libc.so.6 Version Requirement: - - libc.so.6 (GLIBC_2.2.5, GLIBC_2.14) + - libc.so.6 (GLIBC_2.14, GLIBC_2.2.5) - Path : /usr/local/openresty/nginx/sbin/nginx Needed : @@ -204,17 +204,17 @@ - libc.so.6 Rpath : /usr/local/openresty/luajit/lib:/usr/local/kong/lib Version Requirement: - - libc.so.6 (GLIBC_2.11, GLIBC_2.4, GLIBC_2.17, GLIBC_2.14, GLIBC_2.3.4, GLIBC_2.7, GLIBC_2.10, GLIBC_2.3.2, GLIBC_2.3, GLIBC_2.2.5) + - libc.so.6 (GLIBC_2.10, GLIBC_2.11, GLIBC_2.14, GLIBC_2.17, GLIBC_2.2.5, GLIBC_2.3, GLIBC_2.3.2, GLIBC_2.3.4, GLIBC_2.4, GLIBC_2.7) - libcrypt.so.1 (GLIBC_2.2.5) - libcrypto.so.1.1 (OPENSSL_1_1_0) - libdl.so.2 (GLIBC_2.2.5) - libm.so.6 (GLIBC_2.2.5) - - libpthread.so.0 (GLIBC_2.12, GLIBC_2.3.2, GLIBC_2.2.5) - - libssl.so.1.1 (OPENSSL_1_1_1, OPENSSL_1_1_0) + - libpthread.so.0 (GLIBC_2.12, GLIBC_2.2.5, GLIBC_2.3.2) + - libssl.so.1.1 (OPENSSL_1_1_0, OPENSSL_1_1_1) Modules : - lua-kong-nginx-module - lua-kong-nginx-module/stream - lua-resty-events - lua-resty-lmdb - OpenSSL : OpenSSL 1.1.1s 1 Nov 2022 + OpenSSL : OpenSSL 1.1.1t 7 Feb 2023 diff --git a/scripts/explain_manifest/fixtures/ubuntu-18.04-amd64.txt b/scripts/explain_manifest/fixtures/ubuntu-18.04-amd64.txt index 0ae6bd0f944b..8bf9b520fa90 100644 --- a/scripts/explain_manifest/fixtures/ubuntu-18.04-amd64.txt +++ b/scripts/explain_manifest/fixtures/ubuntu-18.04-amd64.txt @@ -13,7 +13,7 @@ - libc.so.6 Runpath : /usr/local/kong/lib Version Requirement: - - libc.so.6 (GLIBC_2.2.5, GLIBC_2.14, GLIBC_2.4) + - libc.so.6 (GLIBC_2.2.5, GLIBC_2.4) - libcrypto.so.1.1 (OPENSSL_1_1_0) - Path : /usr/local/kong/lib/engines-1.1/capi.so @@ -47,7 +47,7 @@ - libc.so.6 Runpath : /usr/local/kong/lib Version Requirement: - - libc.so.6 (GLIBC_2.25, GLIBC_2.2.5, GLIBC_2.16, GLIBC_2.7, GLIBC_2.3.4, GLIBC_2.17, GLIBC_2.3, GLIBC_2.14, GLIBC_2.4) + - libc.so.6 (GLIBC_2.14, GLIBC_2.15, GLIBC_2.16, GLIBC_2.17, GLIBC_2.2.5, GLIBC_2.25, GLIBC_2.3, GLIBC_2.3.4, GLIBC_2.4, GLIBC_2.7) - libdl.so.2 (GLIBC_2.2.5) - Path : /usr/local/kong/lib/libssl.so.1.1 @@ -59,36 +59,36 @@ - libc.so.6 Runpath : /usr/local/kong/lib Version Requirement: - - libc.so.6 (GLIBC_2.2.5, GLIBC_2.14, GLIBC_2.4) - - libcrypto.so.1.1 (OPENSSL_1_1_0, OPENSSL_1_1_0f, OPENSSL_1_1_1, OPENSSL_1_1_0d, OPENSSL_1_1_0i) + - libc.so.6 (GLIBC_2.14, GLIBC_2.2.5, GLIBC_2.3.4, GLIBC_2.4) + - libcrypto.so.1.1 (OPENSSL_1_1_0, OPENSSL_1_1_0d, OPENSSL_1_1_0f, OPENSSL_1_1_0i, OPENSSL_1_1_1) - Path : /usr/local/lib/lua/5.1/lfs.so Needed : - libc.so.6 Runpath : /usr/local/kong/lib Version Requirement: - - libc.so.6 (GLIBC_2.4, GLIBC_2.2.5) + - libc.so.6 (GLIBC_2.2.5, GLIBC_2.4) - Path : /usr/local/lib/lua/5.1/lpeg.so Needed : - libc.so.6 Runpath : /usr/local/kong/lib Version Requirement: - - libc.so.6 (GLIBC_2.14, GLIBC_2.4, GLIBC_2.2.5) + - libc.so.6 (GLIBC_2.14, GLIBC_2.2.5, GLIBC_2.4) - Path : /usr/local/lib/lua/5.1/lsyslog.so Needed : - libc.so.6 Runpath : /usr/local/kong/lib Version Requirement: - - libc.so.6 (GLIBC_2.4, GLIBC_2.2.5) + - libc.so.6 (GLIBC_2.2.5, GLIBC_2.4) - Path : /usr/local/lib/lua/5.1/lua_pack.so Needed : - libc.so.6 Runpath : /usr/local/kong/lib Version Requirement: - - libc.so.6 (GLIBC_2.3, GLIBC_2.4, GLIBC_2.2.5) + - libc.so.6 (GLIBC_2.2.5, GLIBC_2.3, GLIBC_2.4) - Path : /usr/local/lib/lua/5.1/lua_system_constants.so Runpath : /usr/local/kong/lib @@ -105,28 +105,28 @@ - libc.so.6 Runpath : /usr/local/kong/lib Version Requirement: - - libc.so.6 (GLIBC_2.14, GLIBC_2.4, GLIBC_2.2.5) + - libc.so.6 (GLIBC_2.14, GLIBC_2.2.5, GLIBC_2.4) - Path : /usr/local/lib/lua/5.1/socket/core.so Needed : - libc.so.6 Runpath : /usr/local/kong/lib Version Requirement: - - libc.so.6 (GLIBC_2.3.4, GLIBC_2.15, GLIBC_2.4, GLIBC_2.2.5) + - libc.so.6 (GLIBC_2.15, GLIBC_2.2.5, GLIBC_2.3.4, GLIBC_2.4) - Path : /usr/local/lib/lua/5.1/socket/serial.so Needed : - libc.so.6 Runpath : /usr/local/kong/lib Version Requirement: - - libc.so.6 (GLIBC_2.3.4, GLIBC_2.4, GLIBC_2.2.5) + - libc.so.6 (GLIBC_2.2.5, GLIBC_2.3.4, GLIBC_2.4) - Path : /usr/local/lib/lua/5.1/socket/unix.so Needed : - libc.so.6 Runpath : /usr/local/kong/lib Version Requirement: - - libc.so.6 (GLIBC_2.3.4, GLIBC_2.4, GLIBC_2.2.5) + - libc.so.6 (GLIBC_2.2.5, GLIBC_2.3.4, GLIBC_2.4) - Path : /usr/local/lib/lua/5.1/ssl.so Needed : @@ -135,22 +135,22 @@ - libc.so.6 Runpath : /usr/local/kong/lib Version Requirement: - - libc.so.6 (GLIBC_2.4, GLIBC_2.2.5) + - libc.so.6 (GLIBC_2.2.5, GLIBC_2.4) - libcrypto.so.1.1 (OPENSSL_1_1_0) - - libssl.so.1.1 (OPENSSL_1_1_1, OPENSSL_1_1_0) + - libssl.so.1.1 (OPENSSL_1_1_0, OPENSSL_1_1_1) - Path : /usr/local/lib/lua/5.1/yaml.so Needed : - libyaml-0.so.2 - libc.so.6 Version Requirement: - - libc.so.6 (GLIBC_2.4, GLIBC_2.2.5, GLIBC_2.3.4) + - libc.so.6 (GLIBC_2.2.5, GLIBC_2.3.4, GLIBC_2.4) - Path : /usr/local/openresty/lualib/cjson.so Needed : - libc.so.6 Version Requirement: - - libc.so.6 (GLIBC_2.14, GLIBC_2.4, GLIBC_2.2.5, GLIBC_2.3.4) + - libc.so.6 (GLIBC_2.14, GLIBC_2.2.5, GLIBC_2.3.4, GLIBC_2.4) - Path : /usr/local/openresty/lualib/libatc_router.so Needed : @@ -164,10 +164,10 @@ - libstdc++.so.6 Version Requirement: - ld-linux-x86-64.so.2 (GLIBC_2.3) - - libc.so.6 (GLIBC_2.2.5, GLIBC_2.4, GLIBC_2.14, GLIBC_2.15, GLIBC_2.18, GLIBC_2.25, GLIBC_2.9, GLIBC_2.3.4, GLIBC_2.5, GLIBC_2.27, GLIBC_2.3, GLIBC_2.10, GLIBC_2.6) + - libc.so.6 (GLIBC_2.10, GLIBC_2.14, GLIBC_2.15, GLIBC_2.18, GLIBC_2.2.5, GLIBC_2.25, GLIBC_2.27, GLIBC_2.3, GLIBC_2.3.4, GLIBC_2.4, GLIBC_2.5, GLIBC_2.6, GLIBC_2.9) - libdl.so.2 (GLIBC_2.2.5) - - libgcc_s.so.1 (GCC_3.0, GCC_4.2.0, GCC_3.3) - - libpthread.so.0 (GLIBC_2.2.5, GLIBC_2.12) + - libgcc_s.so.1 (GCC_3.0, GCC_3.3, GCC_4.2.0) + - libpthread.so.0 (GLIBC_2.12, GLIBC_2.2.5) - librt.so.1 (GLIBC_2.2.5) - Path : /usr/local/openresty/lualib/librestysignal.so @@ -182,7 +182,7 @@ Needed : - libc.so.6 Version Requirement: - - libc.so.6 (GLIBC_2.2.5, GLIBC_2.14, GLIBC_2.4) + - libc.so.6 (GLIBC_2.14, GLIBC_2.2.5, GLIBC_2.4) - Path : /usr/local/openresty/nginx/sbin/nginx Needed : @@ -196,16 +196,16 @@ - libc.so.6 Runpath : /usr/local/openresty/luajit/lib:/usr/local/kong/lib Version Requirement: - - libc.so.6 (GLIBC_2.11, GLIBC_2.4, GLIBC_2.17, GLIBC_2.27, GLIBC_2.14, GLIBC_2.3.4, GLIBC_2.7, GLIBC_2.10, GLIBC_2.3.2, GLIBC_2.3, GLIBC_2.2.5) + - libc.so.6 (GLIBC_2.10, GLIBC_2.11, GLIBC_2.14, GLIBC_2.17, GLIBC_2.2.5, GLIBC_2.27, GLIBC_2.3, GLIBC_2.3.2, GLIBC_2.3.4, GLIBC_2.4, GLIBC_2.7) - libcrypt.so.1 (GLIBC_2.2.5) - libcrypto.so.1.1 (OPENSSL_1_1_0) - libdl.so.2 (GLIBC_2.2.5) - - libpthread.so.0 (GLIBC_2.12, GLIBC_2.3.2, GLIBC_2.2.5) - - libssl.so.1.1 (OPENSSL_1_1_1, OPENSSL_1_1_0) + - libpthread.so.0 (GLIBC_2.12, GLIBC_2.2.5, GLIBC_2.3.2) + - libssl.so.1.1 (OPENSSL_1_1_0, OPENSSL_1_1_1) Modules : - lua-kong-nginx-module - lua-kong-nginx-module/stream - lua-resty-events - lua-resty-lmdb - OpenSSL : OpenSSL 1.1.1s 1 Nov 2022 + OpenSSL : OpenSSL 1.1.1t 7 Feb 2023 diff --git a/scripts/explain_manifest/fixtures/ubuntu-20.04-amd64.txt b/scripts/explain_manifest/fixtures/ubuntu-20.04-amd64.txt index a2947491d154..1c4b0005469a 100644 --- a/scripts/explain_manifest/fixtures/ubuntu-20.04-amd64.txt +++ b/scripts/explain_manifest/fixtures/ubuntu-20.04-amd64.txt @@ -13,7 +13,7 @@ - libc.so.6 Runpath : /usr/local/kong/lib Version Requirement: - - libc.so.6 (GLIBC_2.2.5, GLIBC_2.14, GLIBC_2.4) + - libc.so.6 (GLIBC_2.2.5, GLIBC_2.4) - libcrypto.so.1.1 (OPENSSL_1_1_0) - Path : /usr/local/kong/lib/engines-1.1/capi.so @@ -47,7 +47,7 @@ - libc.so.6 Runpath : /usr/local/kong/lib Version Requirement: - - libc.so.6 (GLIBC_2.2.5, GLIBC_2.16, GLIBC_2.7, GLIBC_2.25, GLIBC_2.3.4, GLIBC_2.17, GLIBC_2.3, GLIBC_2.14, GLIBC_2.4) + - libc.so.6 (GLIBC_2.14, GLIBC_2.15, GLIBC_2.16, GLIBC_2.17, GLIBC_2.2.5, GLIBC_2.25, GLIBC_2.3, GLIBC_2.3.4, GLIBC_2.4, GLIBC_2.7) - libdl.so.2 (GLIBC_2.2.5) - Path : /usr/local/kong/lib/libssl.so.1.1 @@ -59,36 +59,36 @@ - libc.so.6 Runpath : /usr/local/kong/lib Version Requirement: - - libc.so.6 (GLIBC_2.2.5, GLIBC_2.14, GLIBC_2.4) - - libcrypto.so.1.1 (OPENSSL_1_1_0, OPENSSL_1_1_1, OPENSSL_1_1_0i, OPENSSL_1_1_0f, OPENSSL_1_1_0d) + - libc.so.6 (GLIBC_2.14, GLIBC_2.2.5, GLIBC_2.3.4, GLIBC_2.4) + - libcrypto.so.1.1 (OPENSSL_1_1_0, OPENSSL_1_1_0d, OPENSSL_1_1_0f, OPENSSL_1_1_0i, OPENSSL_1_1_1) - Path : /usr/local/lib/lua/5.1/lfs.so Needed : - libc.so.6 Runpath : /usr/local/kong/lib Version Requirement: - - libc.so.6 (GLIBC_2.28, GLIBC_2.4, GLIBC_2.2.5) + - libc.so.6 (GLIBC_2.2.5, GLIBC_2.28, GLIBC_2.4) - Path : /usr/local/lib/lua/5.1/lpeg.so Needed : - libc.so.6 Runpath : /usr/local/kong/lib Version Requirement: - - libc.so.6 (GLIBC_2.14, GLIBC_2.4, GLIBC_2.2.5) + - libc.so.6 (GLIBC_2.14, GLIBC_2.2.5, GLIBC_2.4) - Path : /usr/local/lib/lua/5.1/lsyslog.so Needed : - libc.so.6 Runpath : /usr/local/kong/lib Version Requirement: - - libc.so.6 (GLIBC_2.4, GLIBC_2.2.5) + - libc.so.6 (GLIBC_2.2.5, GLIBC_2.4) - Path : /usr/local/lib/lua/5.1/lua_pack.so Needed : - libc.so.6 Runpath : /usr/local/kong/lib Version Requirement: - - libc.so.6 (GLIBC_2.3, GLIBC_2.4, GLIBC_2.2.5) + - libc.so.6 (GLIBC_2.2.5, GLIBC_2.3, GLIBC_2.4) - Path : /usr/local/lib/lua/5.1/lua_system_constants.so Runpath : /usr/local/kong/lib @@ -105,28 +105,28 @@ - libc.so.6 Runpath : /usr/local/kong/lib Version Requirement: - - libc.so.6 (GLIBC_2.14, GLIBC_2.4, GLIBC_2.2.5) + - libc.so.6 (GLIBC_2.14, GLIBC_2.2.5, GLIBC_2.4) - Path : /usr/local/lib/lua/5.1/socket/core.so Needed : - libc.so.6 Runpath : /usr/local/kong/lib Version Requirement: - - libc.so.6 (GLIBC_2.3.4, GLIBC_2.15, GLIBC_2.4, GLIBC_2.2.5) + - libc.so.6 (GLIBC_2.15, GLIBC_2.2.5, GLIBC_2.3.4, GLIBC_2.4) - Path : /usr/local/lib/lua/5.1/socket/serial.so Needed : - libc.so.6 Runpath : /usr/local/kong/lib Version Requirement: - - libc.so.6 (GLIBC_2.3.4, GLIBC_2.4, GLIBC_2.2.5) + - libc.so.6 (GLIBC_2.2.5, GLIBC_2.3.4, GLIBC_2.4) - Path : /usr/local/lib/lua/5.1/socket/unix.so Needed : - libc.so.6 Runpath : /usr/local/kong/lib Version Requirement: - - libc.so.6 (GLIBC_2.3.4, GLIBC_2.4, GLIBC_2.2.5) + - libc.so.6 (GLIBC_2.2.5, GLIBC_2.3.4, GLIBC_2.4) - Path : /usr/local/lib/lua/5.1/ssl.so Needed : @@ -135,22 +135,22 @@ - libc.so.6 Runpath : /usr/local/kong/lib Version Requirement: - - libc.so.6 (GLIBC_2.4, GLIBC_2.2.5) + - libc.so.6 (GLIBC_2.2.5, GLIBC_2.4) - libcrypto.so.1.1 (OPENSSL_1_1_0) - - libssl.so.1.1 (OPENSSL_1_1_1, OPENSSL_1_1_0) + - libssl.so.1.1 (OPENSSL_1_1_0, OPENSSL_1_1_1) - Path : /usr/local/lib/lua/5.1/yaml.so Needed : - libyaml-0.so.2 - libc.so.6 Version Requirement: - - libc.so.6 (GLIBC_2.4, GLIBC_2.2.5, GLIBC_2.3.4) + - libc.so.6 (GLIBC_2.2.5, GLIBC_2.3.4, GLIBC_2.4) - Path : /usr/local/openresty/lualib/cjson.so Needed : - libc.so.6 Version Requirement: - - libc.so.6 (GLIBC_2.14, GLIBC_2.4, GLIBC_2.2.5, GLIBC_2.3.4) + - libc.so.6 (GLIBC_2.14, GLIBC_2.2.5, GLIBC_2.3.4, GLIBC_2.4) - Path : /usr/local/openresty/lualib/libatc_router.so Needed : @@ -163,10 +163,10 @@ - libstdc++.so.6 Version Requirement: - ld-linux-x86-64.so.2 (GLIBC_2.3) - - libc.so.6 (GLIBC_2.2.5, GLIBC_2.4, GLIBC_2.14, GLIBC_2.15, GLIBC_2.29, GLIBC_2.28, GLIBC_2.18, GLIBC_2.25, GLIBC_2.9, GLIBC_2.3.4, GLIBC_2.5, GLIBC_2.27, GLIBC_2.3, GLIBC_2.10, GLIBC_2.17, GLIBC_2.6) + - libc.so.6 (GLIBC_2.10, GLIBC_2.14, GLIBC_2.15, GLIBC_2.17, GLIBC_2.18, GLIBC_2.2.5, GLIBC_2.25, GLIBC_2.27, GLIBC_2.28, GLIBC_2.29, GLIBC_2.3, GLIBC_2.3.4, GLIBC_2.4, GLIBC_2.5, GLIBC_2.6, GLIBC_2.9) - libdl.so.2 (GLIBC_2.2.5) - - libgcc_s.so.1 (GCC_3.0, GCC_4.2.0, GCC_3.3) - - libpthread.so.0 (GLIBC_2.2.5, GLIBC_2.12) + - libgcc_s.so.1 (GCC_3.0, GCC_3.3, GCC_4.2.0) + - libpthread.so.0 (GLIBC_2.12, GLIBC_2.2.5) - Path : /usr/local/openresty/lualib/librestysignal.so @@ -180,7 +180,7 @@ Needed : - libc.so.6 Version Requirement: - - libc.so.6 (GLIBC_2.2.5, GLIBC_2.14, GLIBC_2.4) + - libc.so.6 (GLIBC_2.14, GLIBC_2.2.5, GLIBC_2.4) - Path : /usr/local/openresty/nginx/sbin/nginx Needed : @@ -194,16 +194,16 @@ - libc.so.6 Runpath : /usr/local/openresty/luajit/lib:/usr/local/kong/lib Version Requirement: - - libc.so.6 (GLIBC_2.11, GLIBC_2.28, GLIBC_2.4, GLIBC_2.17, GLIBC_2.27, GLIBC_2.14, GLIBC_2.3.4, GLIBC_2.7, GLIBC_2.10, GLIBC_2.3.2, GLIBC_2.3, GLIBC_2.2.5) + - libc.so.6 (GLIBC_2.10, GLIBC_2.11, GLIBC_2.14, GLIBC_2.17, GLIBC_2.2.5, GLIBC_2.27, GLIBC_2.28, GLIBC_2.3, GLIBC_2.3.2, GLIBC_2.3.4, GLIBC_2.4, GLIBC_2.7) - libcrypt.so.1 (XCRYPT_2.0) - libcrypto.so.1.1 (OPENSSL_1_1_0) - libdl.so.2 (GLIBC_2.2.5) - - libpthread.so.0 (GLIBC_2.12, GLIBC_2.3.2, GLIBC_2.2.5) - - libssl.so.1.1 (OPENSSL_1_1_1, OPENSSL_1_1_0) + - libpthread.so.0 (GLIBC_2.12, GLIBC_2.2.5, GLIBC_2.3.2) + - libssl.so.1.1 (OPENSSL_1_1_0, OPENSSL_1_1_1) Modules : - lua-kong-nginx-module - lua-kong-nginx-module/stream - lua-resty-events - lua-resty-lmdb - OpenSSL : OpenSSL 1.1.1s 1 Nov 2022 + OpenSSL : OpenSSL 1.1.1t 7 Feb 2023 diff --git a/scripts/explain_manifest/fixtures/ubuntu-22.04-amd64.txt b/scripts/explain_manifest/fixtures/ubuntu-22.04-amd64.txt index ab8c67911a5b..07d6e82a27f8 100644 --- a/scripts/explain_manifest/fixtures/ubuntu-22.04-amd64.txt +++ b/scripts/explain_manifest/fixtures/ubuntu-22.04-amd64.txt @@ -12,7 +12,7 @@ - libc.so.6 Runpath : /usr/local/kong/lib Version Requirement: - - libc.so.6 (GLIBC_2.14, GLIBC_2.2.5, GLIBC_2.4) + - libc.so.6 (GLIBC_2.2.5, GLIBC_2.4) - libcrypto.so.1.1 (OPENSSL_1_1_0) - Path : /usr/local/kong/lib/engines-1.1/capi.so @@ -43,7 +43,7 @@ - libc.so.6 Runpath : /usr/local/kong/lib Version Requirement: - - libc.so.6 (GLIBC_2.7, GLIBC_2.16, GLIBC_2.2.5, GLIBC_2.33, GLIBC_2.17, GLIBC_2.3.4, GLIBC_2.34, GLIBC_2.3, GLIBC_2.14, GLIBC_2.4, GLIBC_2.25) + - libc.so.6 (GLIBC_2.14, GLIBC_2.15, GLIBC_2.16, GLIBC_2.17, GLIBC_2.2.5, GLIBC_2.25, GLIBC_2.3, GLIBC_2.3.4, GLIBC_2.33, GLIBC_2.34, GLIBC_2.4, GLIBC_2.7) - Path : /usr/local/kong/lib/libssl.so.1.1 Needed : @@ -53,36 +53,36 @@ - libc.so.6 Runpath : /usr/local/kong/lib Version Requirement: - - libc.so.6 (GLIBC_2.2.5, GLIBC_2.14, GLIBC_2.4) - - libcrypto.so.1.1 (OPENSSL_1_1_0, OPENSSL_1_1_1, OPENSSL_1_1_0f, OPENSSL_1_1_0d, OPENSSL_1_1_0i) + - libc.so.6 (GLIBC_2.14, GLIBC_2.2.5, GLIBC_2.3.4, GLIBC_2.4) + - libcrypto.so.1.1 (OPENSSL_1_1_0, OPENSSL_1_1_0d, OPENSSL_1_1_0f, OPENSSL_1_1_0i, OPENSSL_1_1_1) - Path : /usr/local/lib/lua/5.1/lfs.so Needed : - libc.so.6 Runpath : /usr/local/kong/lib Version Requirement: - - libc.so.6 (GLIBC_2.28, GLIBC_2.4, GLIBC_2.33, GLIBC_2.2.5) + - libc.so.6 (GLIBC_2.2.5, GLIBC_2.28, GLIBC_2.33, GLIBC_2.4) - Path : /usr/local/lib/lua/5.1/lpeg.so Needed : - libc.so.6 Runpath : /usr/local/kong/lib Version Requirement: - - libc.so.6 (GLIBC_2.14, GLIBC_2.4, GLIBC_2.2.5) + - libc.so.6 (GLIBC_2.14, GLIBC_2.2.5, GLIBC_2.4) - Path : /usr/local/lib/lua/5.1/lsyslog.so Needed : - libc.so.6 Runpath : /usr/local/kong/lib Version Requirement: - - libc.so.6 (GLIBC_2.4, GLIBC_2.2.5) + - libc.so.6 (GLIBC_2.2.5, GLIBC_2.4) - Path : /usr/local/lib/lua/5.1/lua_pack.so Needed : - libc.so.6 Runpath : /usr/local/kong/lib Version Requirement: - - libc.so.6 (GLIBC_2.3, GLIBC_2.4, GLIBC_2.2.5) + - libc.so.6 (GLIBC_2.2.5, GLIBC_2.3, GLIBC_2.4) - Path : /usr/local/lib/lua/5.1/lua_system_constants.so Runpath : /usr/local/kong/lib @@ -99,28 +99,28 @@ - libc.so.6 Runpath : /usr/local/kong/lib Version Requirement: - - libc.so.6 (GLIBC_2.14, GLIBC_2.4, GLIBC_2.2.5) + - libc.so.6 (GLIBC_2.14, GLIBC_2.2.5, GLIBC_2.4) - Path : /usr/local/lib/lua/5.1/socket/core.so Needed : - libc.so.6 Runpath : /usr/local/kong/lib Version Requirement: - - libc.so.6 (GLIBC_2.3.4, GLIBC_2.15, GLIBC_2.4, GLIBC_2.2.5) + - libc.so.6 (GLIBC_2.15, GLIBC_2.2.5, GLIBC_2.3.4, GLIBC_2.4) - Path : /usr/local/lib/lua/5.1/socket/serial.so Needed : - libc.so.6 Runpath : /usr/local/kong/lib Version Requirement: - - libc.so.6 (GLIBC_2.3.4, GLIBC_2.4, GLIBC_2.2.5) + - libc.so.6 (GLIBC_2.2.5, GLIBC_2.3.4, GLIBC_2.4) - Path : /usr/local/lib/lua/5.1/socket/unix.so Needed : - libc.so.6 Runpath : /usr/local/kong/lib Version Requirement: - - libc.so.6 (GLIBC_2.3.4, GLIBC_2.4, GLIBC_2.2.5) + - libc.so.6 (GLIBC_2.2.5, GLIBC_2.3.4, GLIBC_2.4) - Path : /usr/local/lib/lua/5.1/ssl.so Needed : @@ -129,22 +129,22 @@ - libc.so.6 Runpath : /usr/local/kong/lib Version Requirement: - - libc.so.6 (GLIBC_2.4, GLIBC_2.2.5) + - libc.so.6 (GLIBC_2.2.5, GLIBC_2.4) - libcrypto.so.1.1 (OPENSSL_1_1_0) - - libssl.so.1.1 (OPENSSL_1_1_1, OPENSSL_1_1_0) + - libssl.so.1.1 (OPENSSL_1_1_0, OPENSSL_1_1_1) - Path : /usr/local/lib/lua/5.1/yaml.so Needed : - libyaml-0.so.2 - libc.so.6 Version Requirement: - - libc.so.6 (GLIBC_2.4, GLIBC_2.2.5, GLIBC_2.3.4) + - libc.so.6 (GLIBC_2.2.5, GLIBC_2.3.4, GLIBC_2.4) - Path : /usr/local/openresty/lualib/cjson.so Needed : - libc.so.6 Version Requirement: - - libc.so.6 (GLIBC_2.14, GLIBC_2.4, GLIBC_2.2.5, GLIBC_2.3.4) + - libc.so.6 (GLIBC_2.14, GLIBC_2.2.5, GLIBC_2.3.4, GLIBC_2.4) - Path : /usr/local/openresty/lualib/libatc_router.so Needed : @@ -155,8 +155,8 @@ - libstdc++.so.6 Version Requirement: - ld-linux-x86-64.so.2 (GLIBC_2.3) - - libc.so.6 (GLIBC_2.2.5, GLIBC_2.14, GLIBC_2.32, GLIBC_2.15, GLIBC_2.29, GLIBC_2.28, GLIBC_2.18, GLIBC_2.34, GLIBC_2.25, GLIBC_2.9, GLIBC_2.3.4, GLIBC_2.5, GLIBC_2.27, GLIBC_2.4, GLIBC_2.3, GLIBC_2.33, GLIBC_2.10, GLIBC_2.17, GLIBC_2.6) - - libgcc_s.so.1 (GCC_3.0, GCC_4.2.0, GCC_3.3) + - libc.so.6 (GLIBC_2.10, GLIBC_2.14, GLIBC_2.15, GLIBC_2.17, GLIBC_2.18, GLIBC_2.2.5, GLIBC_2.25, GLIBC_2.27, GLIBC_2.28, GLIBC_2.29, GLIBC_2.3, GLIBC_2.3.4, GLIBC_2.32, GLIBC_2.33, GLIBC_2.34, GLIBC_2.4, GLIBC_2.5, GLIBC_2.6, GLIBC_2.9) + - libgcc_s.so.1 (GCC_3.0, GCC_3.3, GCC_4.2.0) - Path : /usr/local/openresty/lualib/librestysignal.so @@ -170,7 +170,7 @@ Needed : - libc.so.6 Version Requirement: - - libc.so.6 (GLIBC_2.2.5, GLIBC_2.14, GLIBC_2.4) + - libc.so.6 (GLIBC_2.14, GLIBC_2.2.5, GLIBC_2.4) - Path : /usr/local/openresty/nginx/sbin/nginx Needed : @@ -182,14 +182,14 @@ - libc.so.6 Runpath : /usr/local/openresty/luajit/lib:/usr/local/kong/lib Version Requirement: - - libc.so.6 (GLIBC_2.11, GLIBC_2.28, GLIBC_2.7, GLIBC_2.4, GLIBC_2.17, GLIBC_2.27, GLIBC_2.14, GLIBC_2.9, GLIBC_2.3.4, GLIBC_2.10, GLIBC_2.32, GLIBC_2.33, GLIBC_2.3, GLIBC_2.34, GLIBC_2.2.5, GLIBC_2.3.2) + - libc.so.6 (GLIBC_2.10, GLIBC_2.11, GLIBC_2.14, GLIBC_2.17, GLIBC_2.2.5, GLIBC_2.27, GLIBC_2.28, GLIBC_2.3, GLIBC_2.3.2, GLIBC_2.3.4, GLIBC_2.32, GLIBC_2.33, GLIBC_2.34, GLIBC_2.4, GLIBC_2.7) - libcrypt.so.1 (XCRYPT_2.0) - libcrypto.so.1.1 (OPENSSL_1_1_0) - - libssl.so.1.1 (OPENSSL_1_1_1, OPENSSL_1_1_0) + - libssl.so.1.1 (OPENSSL_1_1_0, OPENSSL_1_1_1) Modules : - lua-kong-nginx-module - lua-kong-nginx-module/stream - lua-resty-events - lua-resty-lmdb - OpenSSL : OpenSSL 1.1.1s 1 Nov 2022 + OpenSSL : OpenSSL 1.1.1t 7 Feb 2023 diff --git a/scripts/explain_manifest/fixtures/ubuntu-22.04-arm64.txt b/scripts/explain_manifest/fixtures/ubuntu-22.04-arm64.txt index 151df25d7e7f..5f4f28af5c09 100644 --- a/scripts/explain_manifest/fixtures/ubuntu-22.04-arm64.txt +++ b/scripts/explain_manifest/fixtures/ubuntu-22.04-arm64.txt @@ -28,7 +28,7 @@ Runpath : /usr/local/kong/lib Version Requirement: - ld-linux-aarch64.so.1 (GLIBC_2.17) - - libc.so.6 (GLIBC_2.25, GLIBC_2.33, GLIBC_2.34, GLIBC_2.17) + - libc.so.6 (GLIBC_2.17, GLIBC_2.25, GLIBC_2.33, GLIBC_2.34) - Path : /usr/local/kong/lib/libssl.so.1.1 Needed : @@ -39,7 +39,7 @@ Version Requirement: - ld-linux-aarch64.so.1 (GLIBC_2.17) - libc.so.6 (GLIBC_2.17) - - libcrypto.so.1.1 (OPENSSL_1_1_0d, OPENSSL_1_1_0i, OPENSSL_1_1_0f, OPENSSL_1_1_1, OPENSSL_1_1_0) + - libcrypto.so.1.1 (OPENSSL_1_1_0, OPENSSL_1_1_0d, OPENSSL_1_1_0f, OPENSSL_1_1_0i, OPENSSL_1_1_1) - Path : /usr/local/lib/lua/5.1/lfs.so Needed : @@ -48,7 +48,7 @@ Runpath : /usr/local/kong/lib Version Requirement: - ld-linux-aarch64.so.1 (GLIBC_2.17) - - libc.so.6 (GLIBC_2.28, GLIBC_2.33, GLIBC_2.17) + - libc.so.6 (GLIBC_2.17, GLIBC_2.28, GLIBC_2.33) - Path : /usr/local/lib/lua/5.1/lpeg.so Needed : @@ -134,7 +134,7 @@ - ld-linux-aarch64.so.1 (GLIBC_2.17) - libc.so.6 (GLIBC_2.17) - libcrypto.so.1.1 (OPENSSL_1_1_0) - - libssl.so.1.1 (OPENSSL_1_1_1, OPENSSL_1_1_0) + - libssl.so.1.1 (OPENSSL_1_1_0, OPENSSL_1_1_1) - Path : /usr/local/lib/lua/5.1/yaml.so Needed : @@ -158,8 +158,8 @@ - libgcc_s.so.1 - libc.so.6 Version Requirement: - - libc.so.6 (GLIBC_2.28, GLIBC_2.25, GLIBC_2.18, GLIBC_2.33, GLIBC_2.17, GLIBC_2.34) - - libgcc_s.so.1 (GCC_4.2.0, GCC_3.3, GCC_3.0) + - libc.so.6 (GLIBC_2.17, GLIBC_2.18, GLIBC_2.25, GLIBC_2.28, GLIBC_2.33, GLIBC_2.34) + - libgcc_s.so.1 (GCC_3.0, GCC_3.3, GCC_4.2.0) - Path : /usr/local/openresty/lualib/librestysignal.so @@ -191,14 +191,14 @@ Runpath : /usr/local/openresty/luajit/lib:/usr/local/kong/lib Version Requirement: - ld-linux-aarch64.so.1 (GLIBC_2.17) - - libc.so.6 (GLIBC_2.28, GLIBC_2.27, GLIBC_2.32, GLIBC_2.33, GLIBC_2.34, GLIBC_2.17) + - libc.so.6 (GLIBC_2.17, GLIBC_2.27, GLIBC_2.28, GLIBC_2.32, GLIBC_2.33, GLIBC_2.34) - libcrypt.so.1 (XCRYPT_2.0) - libcrypto.so.1.1 (OPENSSL_1_1_0) - - libssl.so.1.1 (OPENSSL_1_1_1, OPENSSL_1_1_0) + - libssl.so.1.1 (OPENSSL_1_1_0, OPENSSL_1_1_1) Modules : - lua-kong-nginx-module - lua-kong-nginx-module/stream - lua-resty-events - lua-resty-lmdb - OpenSSL : OpenSSL 1.1.1s 1 Nov 2022 + OpenSSL : OpenSSL 1.1.1t 7 Feb 2023 diff --git a/scripts/explain_manifest/main.py b/scripts/explain_manifest/main.py index 5f8452c1326f..053c87fb55d4 100755 --- a/scripts/explain_manifest/main.py +++ b/scripts/explain_manifest/main.py @@ -164,7 +164,7 @@ def __init__(self, path, relpath): for f in binary.symbols_version_requirement: self.version_requirement.append("%s (%s)" % ( - f.name, ", ".join([a.name for a in f.get_auxiliary_symbols()]))) + f.name, ", ".join(sorted([a.name for a in f.get_auxiliary_symbols()])))) self.version_requirement = sorted(self.version_requirement) def explain(self, opts): diff --git a/spec/01-unit/01-db/01-schema/11-declarative_config/04-on-the-fly-migration_spec.lua b/spec/01-unit/01-db/01-schema/11-declarative_config/04-on-the-fly-migration_spec.lua index eb3c6454109f..46e6fbd5c242 100644 --- a/spec/01-unit/01-db/01-schema/11-declarative_config/04-on-the-fly-migration_spec.lua +++ b/spec/01-unit/01-db/01-schema/11-declarative_config/04-on-the-fly-migration_spec.lua @@ -154,3 +154,35 @@ describe("declarative config: on the fly migration", function() end) end end) + +it("validation should happens after migration", function () + local dc = assert(declarative.new_config(conf_loader())) + local config = + [[ + _format_version: "2.1" + services: + - name: foo + host: example.com + protocol: https + enabled: false + _comment: my comment + - name: bar + host: example.test + port: 3000 + _comment: my comment + routes: + - name: foo + path_handling: v0 + protocols: ["https"] + paths: ["/regex.+(", "/prefix" ] + snis: + - "example.com" + ]] + + local config_tbl, err = dc:parse_string(config) + + assert.falsy(config_tbl) + assert.matches("invalid regex:", err, nil, true) + assert.matches("/regex.+(", err, nil, true) + assert.matches("missing )", err, nil, true) +end) diff --git a/spec/01-unit/03-conf_loader_spec.lua b/spec/01-unit/03-conf_loader_spec.lua index 7650445e68c8..8ad8859ea758 100644 --- a/spec/01-unit/03-conf_loader_spec.lua +++ b/spec/01-unit/03-conf_loader_spec.lua @@ -1764,6 +1764,38 @@ describe("Configuration loader", function() assert.equal("strict", conf.worker_consistency) assert.equal(nil, err) end) + + it("opentelemetry_tracing", function() + local conf, err = assert(conf_loader(nil, { + opentelemetry_tracing = "request,router", + })) + assert.same({"request", "router"}, conf.tracing_instrumentations) + assert.equal(nil, err) + + -- no clobber + conf, err = assert(conf_loader(nil, { + opentelemetry_tracing = "request,router", + tracing_instrumentations = "balancer", + })) + assert.same({ "balancer" }, conf.tracing_instrumentations) + assert.equal(nil, err) + end) + + it("opentelemetry_tracing_sampling_rate", function() + local conf, err = assert(conf_loader(nil, { + opentelemetry_tracing_sampling_rate = 0.5, + })) + assert.same(0.5, conf.tracing_sampling_rate) + assert.equal(nil, err) + + -- no clobber + conf, err = assert(conf_loader(nil, { + opentelemetry_tracing_sampling_rate = 0.5, + tracing_sampling_rate = 0.75, + })) + assert.same(0.75, conf.tracing_sampling_rate) + assert.equal(nil, err) + end) end) describe("vault references", function() diff --git a/spec/01-unit/19-hybrid/03-compat_spec.lua b/spec/01-unit/19-hybrid/03-compat_spec.lua index 5d75537e4a75..a0d98882631f 100644 --- a/spec/01-unit/19-hybrid/03-compat_spec.lua +++ b/spec/01-unit/19-hybrid/03-compat_spec.lua @@ -157,6 +157,9 @@ describe("kong.clustering.compat", function() "goodbye", "my.nested.field", }, + session = { + "anything", + }, }, }) end) @@ -275,6 +278,37 @@ describe("kong.clustering.compat", function() }, }, }, + + { + name = "renamed fields", + version = "1.0.0", + plugins = { + { + name = "session", + config = { + idling_timeout = 60, + rolling_timeout = 60, + stale_ttl = 60, + cookie_same_site = "Default", + cookie_http_only = false, + remember = true, + }, + }, + }, + expect = { + { + name = "session", + config = { + cookie_idletime = 60, + cookie_lifetime = 60, + cookie_discard = 60, + cookie_samesite = "Lax", + cookie_httponly = false, + cookie_persistent = true, + }, + }, + }, + }, } for _, case in ipairs(cases) do diff --git a/spec/01-unit/27-batch_queue_spec.lua b/spec/01-unit/27-batch_queue_spec.lua new file mode 100644 index 000000000000..c15a6290227a --- /dev/null +++ b/spec/01-unit/27-batch_queue_spec.lua @@ -0,0 +1,30 @@ + +local BatchQueue = require "kong.tools.batch_queue" + +describe("batch queue", function() + + it("observes the limit parameter", function() + local count = 0 + local last + local function process(entries) + count = count + #entries + last = entries[#entries] + return true + end + + local q = BatchQueue.new("batch-queue-unit-test", process, {max_queued_batches=2, batch_max_size=100, process_delay=0}) + + q:add(1) + q:flush() + q:add(2) + q:flush() + q:add(3) + q:flush() + + -- run scheduled timer tasks + ngx.sleep(0) + + assert.equal(2, count) + assert.equal(3, last) + end) +end) diff --git a/spec/02-integration/02-cmd/11-config_spec.lua b/spec/02-integration/02-cmd/11-config_spec.lua index 1ec775b1d3a7..351448b26bef 100644 --- a/spec/02-integration/02-cmd/11-config_spec.lua +++ b/spec/02-integration/02-cmd/11-config_spec.lua @@ -109,8 +109,7 @@ describe("kong config", function() local _, res = assert(thread:join()) assert.matches("signal=config-db-import", res, nil, true) -- it will be updated on-the-fly - -- but the version should still be 1.1 - assert.matches("decl_fmt_version=1.1", res, nil, true) + assert.matches("decl_fmt_version=3.0", res, nil, true) assert.matches("file_ext=.yml", res, nil, true) local client = helpers.admin_client() diff --git a/spec/03-plugins/37-opentelemetry/03-propagation_spec.lua b/spec/03-plugins/37-opentelemetry/03-propagation_spec.lua index 8ce89d2a1f09..d116cfb78dc3 100644 --- a/spec/03-plugins/37-opentelemetry/03-propagation_spec.lua +++ b/spec/03-plugins/37-opentelemetry/03-propagation_spec.lua @@ -160,5 +160,27 @@ describe("propagation tests #" .. strategy, function() assert.equals(trace_id, json.headers["ot-tracer-traceid"]) end) + + it("propagates dd headers", function() + local trace_id = gen_trace_id() + local trace_id_truncated = trace_id:sub(1, 16) + local span_id = gen_span_id() + local r = proxy_client:get("/", { + headers = { + ["ot-tracer-traceid"] = trace_id_truncated, + ["ot-tracer-spanid"] = span_id, + ["ot-tracer-sampled"] = "1", + host = "http-route", + }, + }) + local body = assert.response(r).has.status(200) + local json = cjson.decode(body) + + assert.equals(#trace_id, #json.headers["ot-tracer-traceid"], + "trace ID was not padded correctly") + + local expected = string.rep("0", 16) .. trace_id_truncated + assert.equals(expected, json.headers["ot-tracer-traceid"]) + end) end) end