From bbb1b8a2a55e4024b3355d6cdbef036b3ab14a98 Mon Sep 17 00:00:00 2001 From: thefosk Date: Fri, 30 Sep 2016 18:35:50 -0700 Subject: [PATCH 1/2] feat(admin-api) support for SSL in the admin API --- kong.conf.default | 18 +++ kong/cmd/utils/prefix_handler.lua | 28 +++- kong/conf_loader.lua | 29 ++++ kong/templates/kong_defaults.lua | 4 + kong/templates/nginx_kong.lua | 7 + spec/01-unit/02-conf_loader_spec.lua | 150 +++++++++++++----- spec/01-unit/03-prefix_handler_spec.lua | 56 +++++-- .../06-cluster/01-cluster_spec.lua | 9 +- spec/kong_tests.conf | 3 + 9 files changed, 236 insertions(+), 68 deletions(-) diff --git a/kong.conf.default b/kong.conf.default index 03b529a8210..e5b39112645 100644 --- a/kong.conf.default +++ b/kong.conf.default @@ -64,6 +64,10 @@ # This API lets you configure and manage Kong, # and should be kept private and secured. +#admin_listen_ssl = 0.0.0.0:8444 # Address and port on which Kong will accept + # HTTPS requests to the admin API, if + # `admin_ssl` is enabled. + #nginx_worker_processes = auto # Determines the number of worker processes # spawned by Nginx. @@ -91,6 +95,20 @@ # the SSL key for the `proxy_listen_ssl` # address. +#admin_ssl = on # Determines if Nginx should be listening for + # HTTPS traffic on the `admin_listen_ssl` + # address. If disabled, Nginx will only bind + # itself on `admin_listen`, and all SSL + # settings will be ignored. + +#admin_ssl_cert = # If `admin_ssl` is enabled, the absolute path + # to the SSL certificate for the + # `admin_listen_ssl` address. + +#admin_ssl_cert_key = # If `admin_ssl` is enabled, the absolute path + # to the SSL key for the `admin_listen_ssl` + # address. + #------------------------------------------------------------------------------ # DATASTORE #------------------------------------------------------------------------------ diff --git a/kong/cmd/utils/prefix_handler.lua b/kong/cmd/utils/prefix_handler.lua index d99fbc72b98..7b86a9e350a 100644 --- a/kong/cmd/utils/prefix_handler.lua +++ b/kong/cmd/utils/prefix_handler.lua @@ -93,17 +93,24 @@ local function find_resty_bin() return found end -local function gen_default_ssl_cert(kong_config) +local function gen_default_ssl_cert(kong_config, admin) -- create SSL folder local ok, err = pl_dir.makepath(pl_path.join(kong_config.prefix, "ssl")) if not ok then return nil, err end - local ssl_cert = kong_config.ssl_cert_default - local ssl_cert_key = kong_config.ssl_cert_key_default - local ssl_cert_csr = kong_config.ssl_cert_csr_default + local ssl_cert, ssl_cert_key, ssl_cert_csr + if admin then + ssl_cert = kong_config.admin_ssl_cert_default + ssl_cert_key = kong_config.admin_ssl_cert_key_default + ssl_cert_csr = kong_config.admin_ssl_cert_csr_default + else + ssl_cert = kong_config.ssl_cert_default + ssl_cert_key = kong_config.ssl_cert_key_default + ssl_cert_csr = kong_config.ssl_cert_csr_default + end if not pl_path.exists(ssl_cert) and not pl_path.exists(ssl_cert_key) then - log.verbose("generating default SSL certificate and key") + log.verbose("generating "..(admin and "admin" or "default").." SSL certificate and key") local passphrase = utils.random_string() local commands = { @@ -118,11 +125,11 @@ local function gen_default_ssl_cert(kong_config) for i = 1, #commands do local ok, _, _, stderr = pl_utils.executeex(commands[i]) if not ok then - return nil, "could not generate default SSL certificate: "..stderr + return nil, "could not generate "..(admin and "admin" or "default").." SSL certificate: "..stderr end end else - log.verbose("default SSL certificate found at %s", ssl_cert) + log.verbose((admin and "admin" or "default").." SSL certificate found at %s", ssl_cert) end return true @@ -236,6 +243,13 @@ local function prepare_prefix(kong_config, nginx_custom_template_path) kong_config.ssl_cert = kong_config.ssl_cert_default kong_config.ssl_cert_key = kong_config.ssl_cert_key_default end + if kong_config.admin_ssl and not kong_config.admin_ssl_cert and not kong_config.admin_ssl_cert_key then + log.verbose("Admin SSL enabled, no custom certificate set: using default certificate") + local ok, err = gen_default_ssl_cert(kong_config, true) + if not ok then return nil, err end + kong_config.admin_ssl_cert = kong_config.admin_ssl_cert_default + kong_config.admin_ssl_cert_key = kong_config.admin_ssl_cert_key_default + end -- check ulimit local ulimit, err = get_ulimit() diff --git a/kong/conf_loader.lua b/kong/conf_loader.lua index d35bd5c82d8..d66038c6192 100644 --- a/kong/conf_loader.lua +++ b/kong/conf_loader.lua @@ -33,6 +33,10 @@ local PREFIX_PATHS = { ssl_cert_default = {"ssl", "kong-default.crt"}, ssl_cert_key_default = {"ssl", "kong-default.key"}, ssl_cert_csr_default = {"ssl", "kong-default.csr"} + ; + admin_ssl_cert_default = {"ssl", "admin-kong-default.crt"}, + admin_ssl_cert_key_default = {"ssl", "admin-kong-default.key"}, + admin_ssl_cert_csr_default = {"ssl", "admin-kong-default.csr"} } -- By default, all properties in the configuration are considered to @@ -51,6 +55,7 @@ local CONF_INFERENCES = { proxy_listen = {typ = "string"}, proxy_listen_ssl = {typ = "string"}, admin_listen = {typ = "string"}, + admin_listen_ssl = {typ = "string"}, cluster_listen = {typ = "string"}, cluster_listen_rpc = {typ = "string"}, cluster_advertise = {typ = "string"}, @@ -79,6 +84,7 @@ local CONF_INFERENCES = { dnsmasq_port = {typ = "number"}, ssl = {typ = "boolean"}, + admin_ssl = {typ = "boolean"}, log_level = {enum = {"debug", "info", "notice", "warn", "error", "crit", "alert", "emerg"}}, @@ -177,6 +183,21 @@ local function check_and_infer(conf) end end + if conf.admin_ssl then + if conf.admin_ssl_cert and not conf.admin_ssl_cert_key then + errors[#errors+1] = "admin_ssl_cert_key must be specified" + elseif conf.admin_ssl_cert_key and not conf.admin_ssl_cert then + errors[#errors+1] = "admin_ssl_cert must be specified" + end + + if conf.admin_ssl_cert and not pl_path.exists(conf.admin_ssl_cert) then + errors[#errors+1] = "admin_ssl_cert: no such file at "..conf.admin_ssl_cert + end + if conf.admin_ssl_cert_key and not pl_path.exists(conf.admin_ssl_cert_key) then + errors[#errors+1] = "admin_ssl_cert_key: no such file at "..conf.admin_ssl_cert_key + end + end + if conf.dns_resolver and conf.dnsmasq then errors[#errors+1] = "must disable dnsmasq when a custom DNS resolver is specified" elseif not conf.dns_resolver and not conf.dnsmasq then @@ -343,6 +364,7 @@ local function load(path, custom_conf) do local ip_port_pat = "(.+):([%d]+)$" local admin_ip, admin_port = string.match(conf.admin_listen, ip_port_pat) + local admin_ssl_ip, admin_ssl_port = string.match(conf.admin_listen_ssl, ip_port_pat) local proxy_ip, proxy_port = string.match(conf.proxy_listen, ip_port_pat) local proxy_ssl_ip, proxy_ssl_port = string.match(conf.proxy_listen_ssl, ip_port_pat) @@ -350,9 +372,11 @@ local function load(path, custom_conf) elseif not proxy_port then return nil, "proxy_listen must be of form 'address:port'" elseif not proxy_ssl_port then return nil, "proxy_listen_ssl must be of form 'address:port'" end conf.admin_ip = admin_ip + conf.admin_ssl_ip = admin_ssl_ip conf.proxy_ip = proxy_ip conf.proxy_ssl_ip = proxy_ssl_ip conf.admin_port = tonumber(admin_port) + conf.admin_ssl_port = tonumber(admin_ssl_port) conf.proxy_port = tonumber(proxy_port) conf.proxy_ssl_port = tonumber(proxy_ssl_port) end @@ -365,6 +389,11 @@ local function load(path, custom_conf) conf.ssl_cert_key = pl_path.abspath(conf.ssl_cert_key) end + if conf.admin_ssl_cert and conf.admin_ssl_cert_key then + conf.admin_ssl_cert = pl_path.abspath(conf.admin_ssl_cert) + conf.admin_ssl_cert_key = pl_path.abspath(conf.admin_ssl_cert_key) + end + -- attach prefix files paths for property, t_path in pairs(PREFIX_PATHS) do conf[property] = pl_path.join(conf.prefix, unpack(t_path)) diff --git a/kong/templates/kong_defaults.lua b/kong/templates/kong_defaults.lua index 5519c651661..a87ee4bd575 100644 --- a/kong/templates/kong_defaults.lua +++ b/kong/templates/kong_defaults.lua @@ -7,6 +7,7 @@ anonymous_reports = on proxy_listen = 0.0.0.0:8000 proxy_listen_ssl = 0.0.0.0:8443 admin_listen = 0.0.0.0:8001 +admin_listen_ssl = 0.0.0.0:8444 nginx_worker_processes = auto nginx_optimizations = on nginx_daemon = on @@ -14,6 +15,9 @@ mem_cache_size = 128m ssl = on ssl_cert = NONE ssl_cert_key = NONE +admin_ssl = on +admin_ssl_cert = NONE +admin_ssl_cert_key = NONE database = postgres pg_host = 127.0.0.1 diff --git a/kong/templates/nginx_kong.lua b/kong/templates/nginx_kong.lua index cea3da82161..d67ae810882 100644 --- a/kong/templates/nginx_kong.lua +++ b/kong/templates/nginx_kong.lua @@ -116,6 +116,13 @@ server { client_max_body_size 10m; client_body_buffer_size 10m; +> if admin_ssl then + listen ${{ADMIN_LISTEN_SSL}} ssl; + ssl_certificate ${{ADMIN_SSL_CERT}}; + ssl_certificate_key ${{ADMIN_SSL_CERT_KEY}}; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; +> end + location / { default_type application/json; content_by_lua_block { diff --git a/spec/01-unit/02-conf_loader_spec.lua b/spec/01-unit/02-conf_loader_spec.lua index 8dee6d1c90e..08c2baf357b 100644 --- a/spec/01-unit/02-conf_loader_spec.lua +++ b/spec/01-unit/02-conf_loader_spec.lua @@ -9,8 +9,11 @@ describe("Configuration loader", function() assert.equal("0.0.0.0:8001", conf.admin_listen) assert.equal("0.0.0.0:8000", conf.proxy_listen) assert.equal("0.0.0.0:8443", conf.proxy_listen_ssl) + assert.equal("0.0.0.0:8444", conf.admin_listen_ssl) assert.is_nil(conf.ssl_cert) -- check placeholder value assert.is_nil(conf.ssl_cert_key) + assert.is_nil(conf.admin_ssl_cert) + assert.is_nil(conf.admin_ssl_cert_key) assert.is_nil(getmetatable(conf)) end) it("loads a given file, with higher precedence", function() @@ -66,6 +69,8 @@ describe("Configuration loader", function() local conf = assert(conf_loader()) assert.equal("0.0.0.0", conf.admin_ip) assert.equal(8001, conf.admin_port) + assert.equal("0.0.0.0", conf.admin_ssl_ip) + assert.equal(8444, conf.admin_ssl_port) assert.equal("0.0.0.0", conf.proxy_ip) assert.equal(8000, conf.proxy_port) assert.equal("0.0.0.0", conf.proxy_ssl_ip) @@ -88,6 +93,9 @@ describe("Configuration loader", function() assert.equal("/usr/local/kong/ssl/kong-default.crt", conf.ssl_cert_default) assert.equal("/usr/local/kong/ssl/kong-default.key", conf.ssl_cert_key_default) assert.equal("/usr/local/kong/ssl/kong-default.csr", conf.ssl_cert_csr_default) + assert.equal("/usr/local/kong/ssl/admin-kong-default.crt", conf.admin_ssl_cert_default) + assert.equal("/usr/local/kong/ssl/admin-kong-default.key", conf.admin_ssl_cert_key_default) + assert.equal("/usr/local/kong/ssl/admin-kong-default.csr", conf.admin_ssl_cert_csr_default) end) it("strips comments ending settings", function() local conf = assert(conf_loader("spec/fixtures/to-strip.conf")) @@ -264,53 +272,107 @@ describe("Configuration loader", function() assert.is_nil(err) assert.is_table(conf) end) - it("requires both SSL cert and key", function() - local conf, err = conf_loader(nil, { - ssl_cert = "/path/cert.pem" - }) - assert.equal("ssl_cert_key must be specified", err) - assert.is_nil(conf) + describe("SSL", function() + describe("proxy", function() + it("requires both proxy SSL cert and key", function() + local conf, err = conf_loader(nil, { + ssl_cert = "/path/cert.pem" + }) + assert.equal("ssl_cert_key must be specified", err) + assert.is_nil(conf) - conf, err = conf_loader(nil, { - ssl_cert_key = "/path/key.pem" - }) - assert.equal("ssl_cert must be specified", err) - assert.is_nil(conf) + conf, err = conf_loader(nil, { + ssl_cert_key = "/path/key.pem" + }) + assert.equal("ssl_cert must be specified", err) + assert.is_nil(conf) - conf, err = conf_loader(nil, { - ssl_cert = "spec/fixtures/kong_spec.crt", - ssl_cert_key = "spec/fixtures/kong_spec.key" - }) - assert.is_nil(err) - assert.is_table(conf) - end) - it("requires SSL cert and key to exist", function() - local conf, _, errors = conf_loader(nil, { - ssl_cert = "/path/cert.pem", - ssl_cert_key = "/path/cert_key.pem" - }) - assert.equal(2, #errors) - assert.contains("ssl_cert: no such file at /path/cert.pem", errors) - assert.contains("ssl_cert_key: no such file at /path/cert_key.pem", errors) - assert.is_nil(conf) + conf, err = conf_loader(nil, { + ssl_cert = "spec/fixtures/kong_spec.crt", + ssl_cert_key = "spec/fixtures/kong_spec.key" + }) + assert.is_nil(err) + assert.is_table(conf) + end) + it("requires SSL cert and key to exist", function() + local conf, _, errors = conf_loader(nil, { + ssl_cert = "/path/cert.pem", + ssl_cert_key = "/path/cert_key.pem" + }) + assert.equal(2, #errors) + assert.contains("ssl_cert: no such file at /path/cert.pem", errors) + assert.contains("ssl_cert_key: no such file at /path/cert_key.pem", errors) + assert.is_nil(conf) - conf, _, errors = conf_loader(nil, { - ssl_cert = "spec/fixtures/kong_spec.crt", - ssl_cert_key = "/path/cert_key.pem" - }) - assert.equal(1, #errors) - assert.contains("ssl_cert_key: no such file at /path/cert_key.pem", errors) - assert.is_nil(conf) - end) - it("resolves SSL cert/key to absolute path", function() - local conf, err = conf_loader(nil, { - ssl_cert = "spec/fixtures/kong_spec.crt", - ssl_cert_key = "spec/fixtures/kong_spec.key" - }) - assert.is_nil(err) - assert.is_table(conf) - assert.True(helpers.path.isabs(conf.ssl_cert)) - assert.True(helpers.path.isabs(conf.ssl_cert_key)) + conf, _, errors = conf_loader(nil, { + ssl_cert = "spec/fixtures/kong_spec.crt", + ssl_cert_key = "/path/cert_key.pem" + }) + assert.equal(1, #errors) + assert.contains("ssl_cert_key: no such file at /path/cert_key.pem", errors) + assert.is_nil(conf) + end) + it("resolves SSL cert/key to absolute path", function() + local conf, err = conf_loader(nil, { + ssl_cert = "spec/fixtures/kong_spec.crt", + ssl_cert_key = "spec/fixtures/kong_spec.key" + }) + assert.is_nil(err) + assert.is_table(conf) + assert.True(helpers.path.isabs(conf.ssl_cert)) + assert.True(helpers.path.isabs(conf.ssl_cert_key)) + end) + end) + describe("admin", function() + it("requires both admin SSL cert and key", function() + local conf, err = conf_loader(nil, { + admin_ssl_cert = "/path/cert.pem" + }) + assert.equal("admin_ssl_cert_key must be specified", err) + assert.is_nil(conf) + + conf, err = conf_loader(nil, { + admin_ssl_cert_key = "/path/key.pem" + }) + assert.equal("admin_ssl_cert must be specified", err) + assert.is_nil(conf) + + conf, err = conf_loader(nil, { + admin_ssl_cert = "spec/fixtures/kong_spec.crt", + admin_ssl_cert_key = "spec/fixtures/kong_spec.key" + }) + assert.is_nil(err) + assert.is_table(conf) + end) + it("requires SSL cert and key to exist", function() + local conf, _, errors = conf_loader(nil, { + admin_ssl_cert = "/path/cert.pem", + admin_ssl_cert_key = "/path/cert_key.pem" + }) + assert.equal(2, #errors) + assert.contains("admin_ssl_cert: no such file at /path/cert.pem", errors) + assert.contains("admin_ssl_cert_key: no such file at /path/cert_key.pem", errors) + assert.is_nil(conf) + + conf, _, errors = conf_loader(nil, { + admin_ssl_cert = "spec/fixtures/kong_spec.crt", + admin_ssl_cert_key = "/path/cert_key.pem" + }) + assert.equal(1, #errors) + assert.contains("admin_ssl_cert_key: no such file at /path/cert_key.pem", errors) + assert.is_nil(conf) + end) + it("resolves SSL cert/key to absolute path", function() + local conf, err = conf_loader(nil, { + admin_ssl_cert = "spec/fixtures/kong_spec.crt", + admin_ssl_cert_key = "spec/fixtures/kong_spec.key" + }) + assert.is_nil(err) + assert.is_table(conf) + assert.True(helpers.path.isabs(conf.admin_ssl_cert)) + assert.True(helpers.path.isabs(conf.admin_ssl_cert_key)) + end) + end) end) it("honors path if provided even if a default file exists", function() conf_loader.add_default_path("spec/fixtures/to-strip.conf") diff --git a/spec/01-unit/03-prefix_handler_spec.lua b/spec/01-unit/03-prefix_handler_spec.lua index b31af515052..fd9a9510cf6 100644 --- a/spec/01-unit/03-prefix_handler_spec.lua +++ b/spec/01-unit/03-prefix_handler_spec.lua @@ -12,6 +12,9 @@ describe("NGINX conf compiler", function() ssl = true, ssl_cert = "spec/fixtures/kong_spec.crt", ssl_cert_key = "spec/fixtures/kong_spec.key", + admin_ssl = true, + admin_ssl_cert = "spec/fixtures/kong_spec.crt", + admin_ssl_cert_key = "spec/fixtures/kong_spec.key", })) before_each(function() helpers.dir.makepath("ssl_tmp") @@ -19,18 +22,35 @@ describe("NGINX conf compiler", function() after_each(function() pcall(helpers.dir.rmtree, "ssl_tmp") end) - it("auto-generates SSL certificate and key", function() - assert(prefix_handler.gen_default_ssl_cert(conf)) - assert(exists(conf.ssl_cert_default)) - assert(exists(conf.ssl_cert_key_default)) + describe("proxy", function() + it("auto-generates SSL certificate and key", function() + assert(prefix_handler.gen_default_ssl_cert(conf)) + assert(exists(conf.ssl_cert_default)) + assert(exists(conf.ssl_cert_key_default)) + end) + it("does not re-generate if they already exist", function() + assert(prefix_handler.gen_default_ssl_cert(conf)) + local cer = helpers.file.read(conf.ssl_cert_default) + local key = helpers.file.read(conf.ssl_cert_key_default) + assert(prefix_handler.gen_default_ssl_cert(conf)) + assert.equal(cer, helpers.file.read(conf.ssl_cert_default)) + assert.equal(key, helpers.file.read(conf.ssl_cert_key_default)) + end) end) - it("does not re-generate if they already exist", function() - assert(prefix_handler.gen_default_ssl_cert(conf)) - local cer = helpers.file.read(conf.ssl_cert_default) - local key = helpers.file.read(conf.ssl_cert_key_default) - assert(prefix_handler.gen_default_ssl_cert(conf)) - assert.equal(cer, helpers.file.read(conf.ssl_cert_default)) - assert.equal(key, helpers.file.read(conf.ssl_cert_key_default)) + describe("admin", function() + it("auto-generates SSL certificate and key", function() + assert(prefix_handler.gen_default_ssl_cert(conf, true)) + assert(exists(conf.admin_ssl_cert_default)) + assert(exists(conf.admin_ssl_cert_key_default)) + end) + it("does not re-generate if they already exist", function() + assert(prefix_handler.gen_default_ssl_cert(conf, true)) + local cer = helpers.file.read(conf.admin_ssl_cert_default) + local key = helpers.file.read(conf.admin_ssl_cert_key_default) + assert(prefix_handler.gen_default_ssl_cert(conf, true)) + assert.equal(cer, helpers.file.read(conf.admin_ssl_cert_default)) + assert.equal(key, helpers.file.read(conf.admin_ssl_cert_key_default)) + end) end) end) @@ -60,7 +80,8 @@ describe("NGINX conf compiler", function() end) it("disables SSL", function() local conf = assert(conf_loader(helpers.test_conf_path, { - ssl = false + ssl = false, + admin_ssl = false })) local kong_nginx_conf = prefix_handler.compile_kong_conf(conf) assert.not_matches("listen %d+%.%d+%.%d+%.%d+:%d+ ssl;", kong_nginx_conf) @@ -229,7 +250,8 @@ describe("NGINX conf compiler", function() it("does not create SSL dir if disabled", function() local conf = conf_loader(nil, { prefix = tmp_config.prefix, - ssl = false + ssl = false, + admin_ssl = false }) assert(prefix_handler.prepare_prefix(conf)) @@ -241,6 +263,9 @@ describe("NGINX conf compiler", function() ssl = true, ssl_cert = "spec/fixtures/kong_spec.crt", ssl_cert_key = "spec/fixtures/kong_spec.key", + admin_ssl = true, + admin_ssl_cert = "spec/fixtures/kong_spec.crt", + admin_ssl_cert_key = "spec/fixtures/kong_spec.key", }) assert(prefix_handler.prepare_prefix(conf)) @@ -249,13 +274,16 @@ describe("NGINX conf compiler", function() it("generates default SSL cert", function() local conf = conf_loader(nil, { prefix = tmp_config.prefix, - ssl = true + ssl = true, + admin_ssl = true }) assert(prefix_handler.prepare_prefix(conf)) assert.truthy(exists(join(conf.prefix, "ssl"))) assert.truthy(exists(conf.ssl_cert_default)) assert.truthy(exists(conf.ssl_cert_key_default)) + assert.truthy(exists(conf.admin_ssl_cert_default)) + assert.truthy(exists(conf.admin_ssl_cert_key_default)) end) end) diff --git a/spec/02-integration/06-cluster/01-cluster_spec.lua b/spec/02-integration/06-cluster/01-cluster_spec.lua index 3311e9ae25c..2d9b88b74e6 100644 --- a/spec/02-integration/06-cluster/01-cluster_spec.lua +++ b/spec/02-integration/06-cluster/01-cluster_spec.lua @@ -10,8 +10,9 @@ local NODES_CONF = {} local NODES = { servroot1 = { prefix = "servroot1", + ssl = false, + admin_ssl = false, proxy_listen = "127.0.0.1:9000", - proxy_listen_ssl = "127.0.0.1:9443", admin_listen = "0.0.0.0:9001", cluster_listen = "0.0.0.0:9946", cluster_listen_rpc = "0.0.0.0:9373", @@ -19,8 +20,9 @@ local NODES = { }, servroot2 = { prefix = "servroot2", + ssl = false, + admin_ssl = false, proxy_listen = "127.0.0.1:10000", - proxy_listen_ssl = "127.0.0.1:10443", admin_listen = "0.0.0.0:10001", cluster_listen = "0.0.0.0:10946", cluster_listen_rpc = "0.0.0.0:10373", @@ -28,8 +30,9 @@ local NODES = { }, servroot3 = { prefix = "servroot3", + ssl = false, + admin_ssl = false, proxy_listen = "127.0.0.1:20000", - proxy_listen_ssl = "127.0.0.1:20443", admin_listen = "0.0.0.0:20001", cluster_listen = "0.0.0.0:20946", cluster_listen_rpc = "0.0.0.0:20373", diff --git a/spec/kong_tests.conf b/spec/kong_tests.conf index 060c5cff219..c58d4b098ac 100644 --- a/spec/kong_tests.conf +++ b/spec/kong_tests.conf @@ -8,6 +8,9 @@ cluster_listen_rpc = 127.0.0.1:9373 ssl_cert = spec/fixtures/kong_spec.crt ssl_cert_key = spec/fixtures/kong_spec.key +admin_ssl_cert = spec/fixtures/kong_spec.crt +admin_ssl_cert_key = spec/fixtures/kong_spec.key + dnsmasq = off dns_resolver = 8.8.8.8 database = postgres From 6e71c0b96753634d6818db032bd8d965ae8e47fb Mon Sep 17 00:00:00 2001 From: thefosk Date: Tue, 18 Oct 2016 11:15:54 -0700 Subject: [PATCH 2/2] log.verbose improvements --- kong/cmd/utils/prefix_handler.lua | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/kong/cmd/utils/prefix_handler.lua b/kong/cmd/utils/prefix_handler.lua index 7b86a9e350a..89c18312ffc 100644 --- a/kong/cmd/utils/prefix_handler.lua +++ b/kong/cmd/utils/prefix_handler.lua @@ -110,7 +110,8 @@ local function gen_default_ssl_cert(kong_config, admin) end if not pl_path.exists(ssl_cert) and not pl_path.exists(ssl_cert_key) then - log.verbose("generating "..(admin and "admin" or "default").." SSL certificate and key") + log.verbose("generating %s SSL certificate and key", + admin and "admin" or "default") local passphrase = utils.random_string() local commands = { @@ -129,7 +130,8 @@ local function gen_default_ssl_cert(kong_config, admin) end end else - log.verbose((admin and "admin" or "default").." SSL certificate found at %s", ssl_cert) + log.verbose("%s SSL certificate found at %s", + admin and "admin" or "default", ssl_cert) end return true