refactor(google-cloud-logging): unify google-cloud-oauth.lua file

Makefile

@@ -305,9 +305,6 @@ install: runtime
 	$(ENV_INSTALL) -d $(ENV_INST_LUADIR)/apisix/plugins/ext-plugin
 	$(ENV_INSTALL) apisix/plugins/ext-plugin/*.lua $(ENV_INST_LUADIR)/apisix/plugins/ext-plugin/
 
-	$(ENV_INSTALL) -d $(ENV_INST_LUADIR)/apisix/plugins/google-cloud-logging
-	$(ENV_INSTALL) apisix/plugins/google-cloud-logging/*.lua $(ENV_INST_LUADIR)/apisix/plugins/google-cloud-logging/
-
 	$(ENV_INSTALL) -d $(ENV_INST_LUADIR)/apisix/plugins/grpc-transcode
 	$(ENV_INSTALL) apisix/plugins/grpc-transcode/*.lua $(ENV_INST_LUADIR)/apisix/plugins/grpc-transcode/
 

apisix/plugins/google-cloud-logging.lua

@@ -20,7 +20,7 @@ local tostring        = tostring
 local http            = require("resty.http")
 local log_util        = require("apisix.utils.log-util")
 local bp_manager_mod  = require("apisix.utils.batch-processor-manager")
-local google_oauth    = require("apisix.plugins.google-cloud-logging.oauth")
+local google_oauth    = require("apisix.utils.google-cloud-oauth")
 
 
 local lrucache = core.lrucache.new({
@@ -43,7 +43,7 @@ local schema = {
                     default = "https://oauth2.googleapis.com/token"
                 },
                 -- https://developers.google.com/identity/protocols/oauth2/scopes#logging
-                scopes = {
+                scope = {
                     type = "array",
                     items = {
                         description = "Google OAuth2 Authorization Scopes",
@@ -58,6 +58,15 @@ local schema = {
                         "https://www.googleapis.com/auth/cloud-platform"
                     }
                 },
+                scopes = {
+                    type = "array",
+                    items = {
+                        description = "Google OAuth2 Authorization Scopes",
+                        type = "string",
+                    },
+                    minItems = 1,
+                    uniqueItems = true
+                },
                 entries_uri = {
                     type = "string",
                     default = "https://logging.googleapis.com/v2/entries:write"
@@ -168,7 +177,9 @@ local function create_oauth_object(conf)
         return nil, err
     end
 
-    return google_oauth:new(auth_conf, conf.ssl_verify)
+    auth_conf.scope = auth_conf.scopes or auth_conf.scope
+
+    return google_oauth.new(auth_conf, conf.ssl_verify)
 end
 
 

docs/en/latest/plugins/google-cloud-logging.md

@@ -42,7 +42,8 @@ This plugin also allows to push logs as a batch to your Google Cloud Logging Ser
 | auth_config.project_id  | True     |                                                                                                                                                                                                      | Project ID in the Google Cloud service account.                                                                                                                    |
 | auth_config.token_uri   | True    | https://oauth2.googleapis.com/token                                                                                                                                                                  | Token URI of the Google Cloud service account.                                                                                                                     |
 | auth_config.entries_uri | False    | https://logging.googleapis.com/v2/entries:write                                                                                                                                                      | Google Cloud Logging Service API.                                                                                                                                  |
-| auth_config.scopes      | False    | ["https://www.googleapis.com/auth/logging.read", "https://www.googleapis.com/auth/logging.write", "https://www.googleapis.com/auth/logging.admin", "https://www.googleapis.com/auth/cloud-platform"] | Access scopes of the Google Cloud service account. See [OAuth 2.0 Scopes for Google APIs](https://developers.google.com/identity/protocols/oauth2/scopes#logging). |
+| auth_config.scope       | False    | ["https://www.googleapis.com/auth/logging.read", "https://www.googleapis.com/auth/logging.write", "https://www.googleapis.com/auth/logging.admin", "https://www.googleapis.com/auth/cloud-platform"] | Access scopes of the Google Cloud service account. See [OAuth 2.0 Scopes for Google APIs](https://developers.google.com/identity/protocols/oauth2/scopes#logging). |
+| auth_config.scopes      | Deprecated    | ["https://www.googleapis.com/auth/logging.read", "https://www.googleapis.com/auth/logging.write", "https://www.googleapis.com/auth/logging.admin", "https://www.googleapis.com/auth/cloud-platform"] | Access scopes of the Google Cloud service account. Use `auth_config.scope` instead.                                                                           |
 | auth_file               | True     |                                                                                                                                                                                                      | Path to the Google Cloud service account authentication JSON file. Either `auth_config` or `auth_file` must be provided.                                           |
 | ssl_verify              | False    | true                                                                                                                                                                                                 | When set to `true`, enables SSL verification as mentioned in [OpenResty docs](https://github.com/openresty/lua-nginx-module#tcpsocksslhandshake).                  |
 | resource                | False    | {"type": "global"}                                                                                                                                                                                   | Google monitor resource. See [MonitoredResource](https://cloud.google.com/logging/docs/reference/v2/rest/v2/MonitoredResource) for more details.                   |
@@ -141,7 +142,7 @@ curl http://127.0.0.1:9180/apisix/admin/routes/1 -H "X-API-KEY: $admin_key" -X P
                 "client_email":"your service account email@apisix.iam.gserviceaccount.com",
                 "private_key":"-----BEGIN RSA PRIVATE KEY-----your private key-----END RSA PRIVATE KEY-----",
                 "token_uri":"https://oauth2.googleapis.com/token",
-                "scopes":[
+                "scope":[
                     "https://www.googleapis.com/auth/logging.admin"
                 ],
                 "entries_uri":"https://logging.googleapis.com/v2/entries:write"

docs/zh/latest/plugins/google-cloud-logging.md

@@ -42,7 +42,8 @@ description: API 网关 Apache APISIX 的 google-cloud-logging 插件可用于
 | auth_config.project_id  | 是       |                                                  | 谷歌服务帐号的项目 ID。                                                                                                            |
 | auth_config.token_uri   | 是       | https://oauth2.googleapis.com/token              | 请求谷歌服务帐户的令牌的 URI。                                                                                                     |
 | auth_config.entries_uri | 否       | https://logging.googleapis.com/v2/entries:write  | 谷歌日志服务写入日志条目的 API。                                                                                                   |
-| auth_config.scopes      | 否       |                                                  | 谷歌服务账号的访问范围，可参考 [OAuth 2.0 Scopes for Google APIs](https://developers.google.com/identity/protocols/oauth2/scopes#logging)。可选项："https://www.googleapis.com/auth/logging.read"、"https://www.googleapis.com/auth/logging.write"、"https://www.googleapis.com/auth/logging.admin"、"https://www.googleapis.com/auth/cloud-platform"。|
+| auth_config.scope       | 否       |                                                  | 谷歌服务账号的访问范围，可参考 [OAuth 2.0 Scopes for Google APIs](https://developers.google.com/identity/protocols/oauth2/scopes#logging)。可选项："https://www.googleapis.com/auth/logging.read"、"https://www.googleapis.com/auth/logging.write"、"https://www.googleapis.com/auth/logging.admin"、"https://www.googleapis.com/auth/cloud-platform"。|
+| auth_config.scopes      | 废弃     |                                                  | 谷歌服务账号的访问范围，推荐使用 `auth_config.scope`                                                                               |
 | auth_file               | 是       |                                                  | `auth_config` 和 `auth_file` 必须配置一个。                                                                 |
 | ssl_verify              | 否       | true                                             | 当设置为 `true` 时，启用 `SSL` 验证。                 |
 | resource                | 否       | {"type": "global"}                               | 谷歌监控资源，请参考 [MonitoredResource](https://cloud.google.com/logging/docs/reference/v2/rest/v2/MonitoredResource)。             |
@@ -142,7 +143,7 @@ curl http://127.0.0.1:9180/apisix/admin/routes/1 \
                 "client_email":"your service account email@apisix.iam.gserviceaccount.com",
                 "private_key":"-----BEGIN RSA PRIVATE KEY-----your private key-----END RSA PRIVATE KEY-----",
                 "token_uri":"https://oauth2.googleapis.com/token",
-                "scopes":[
+                "scope":[
                     "https://www.googleapis.com/auth/logging.admin"
                 ],
                 "entries_uri":"https://logging.googleapis.com/v2/entries:write"

t/plugin/google-cloud-logging.t

@@ -44,7 +44,7 @@ __DATA__
                 resource = {
                     type = "global"
                 },
-                scopes = {
+                scope = {
                     "https://www.googleapis.com/auth/logging.admin"
                 },
                 log_id = "syslog",
@@ -82,7 +82,7 @@ passed
                 resource = {
                     type = "global"
                 },
-                scopes = {
+                scope = {
                     "https://www.googleapis.com/auth/logging.admin"
                 },
                 log_id = "syslog",
@@ -205,7 +205,7 @@ tBXLQH7fw5H8RaxBN91yQUZombw6JnRBXKKohWHZ3Q==
 -----END RSA PRIVATE KEY-----]],
                             project_id = "apisix",
                             token_uri = "http://127.0.0.1:1980/google/logging/token",
-                            scopes = {
+                            scope = {
                                 "https://apisix.apache.org/logs:admin"
                             },
                             entries_uri = "http://127.0.0.1:1980/google/logging/entries",
@@ -382,7 +382,7 @@ kEJQcmfVew5mFXyxuEn3zA==
 -----END PRIVATE KEY-----]],
                             project_id = "apisix",
                             token_uri = "http://127.0.0.1:1980/google/logging/token",
-                            scopes = {
+                            scope = {
                                 "https://apisix.apache.org/logs:admin"
                             },
                             entries_uri = "http://127.0.0.1:1980/google/logging/entries",
@@ -465,7 +465,7 @@ kEJQcmfVew5mFXyxuEn3zA==
 -----END PRIVATE KEY-----]],
                             project_id = "apisix",
                             token_uri = "http://127.0.0.1:1980/google/logging/token?token_type=Basic",
-                            scopes = {
+                            scope = {
                                 "https://apisix.apache.org/logs:admin"
                             },
                             entries_uri = "http://127.0.0.1:1980/google/logging/entries?token_type=Basic",
@@ -548,7 +548,7 @@ kEJQcmfVew5mFXyxuEn3zA==
 -----END PRIVATE KEY-----]],
                             project_id = "apisix",
                             token_uri = "http://127.0.0.1:1980/google/logging/token?token_type=Basic",
-                            scopes = {
+                            scope = {
                                 "https://apisix.apache.org/logs:admin"
                             },
                             entries_uri = "http://127.0.0.1:1980/google/logging/entries",

t/plugin/google-cloud-logging/config-https-domain.json

@@ -2,7 +2,7 @@
   "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDDzrFwnA3EvYyR\naeMgaLD3hBjvxKrz10uox1X8q7YYhf2ViRtLRUMa2bEMYksE5hbhwpNf6mKAnLOC\nUuAT6cPPdUl/agKpJXviBPIR2LuzD17WsLJHp1HxUDssSkgfCaGcOGGNfLUhhIpF\n2JUctLmxiZoAZySlSjcwupSuDJ0aPm0XO8r9H8Qu5kF2Vkz5e5bFivLTmvzrQTe4\nv5V1UI6hThElCSeUmdNF3uG3wopxlvq4zXgLTnuLbrNf/Gc4mlpV+UDgTISj32Ep\nAB2vxKEbvQw4ti8YJnGXWjxLerhfrszFw+V8lpeduiDYA44ZFoVqvzxeIsVZNtcw\nIu7PvEPNAgMBAAECggEAVpyN9m7A1F631/aLheFpLgMbeKt4puV7zQtnaJ2XrZ9P\nPR7pmNDpTu4uF3k/D8qrIm+L+uhVa+hkquf3wDct6w1JVnfQ93riImbnoKdK13ic\nDcEZCwLjByfjFMNCxZ/gAZca55fbExlqhFy6EHmMjhB8s2LsXcTHRuGxNI/Vyi49\nsxECibe0U53aqdJbVWrphIS67cpwl4TUkN6mrHsNuDYNJ9dgkpapoqp4FTFQsBqC\nafOK5qgJ68dWZ47FBUng+AZjdCncqAIuJxxItGVQP6YPsFs+OXcivIVHJr363TpC\nl85FfdvqWV5OGBbwSKhNwiTNUVvfSQVmtURGWG/HbQKBgQD4gZ1z9+Lx19kT9WTz\nlw93lxso++uhAPDTKviyWSRoEe5aN3LCd4My+/Aj+sk4ON/s2BV3ska5Im93j+vC\nrCv3uPn1n2jUhWuJ3bDqipeTW4n/CQA2m/8vd26TMk22yOkkqw2MIA8sjJ//SD7g\ntdG7up6DgGMP4hgbO89uGU7DAwKBgQDJtkKd0grh3u52Foeh9YaiAgYRwc65IE16\nUyD1OJxIuX/dYQDLlo5KyyngFa1ZhWIs7qC7r3xXH+10kfJY+Q+5YMjmZjlL8SR1\nUjqd02R9F2//6OeswyReachJZbZdtiEw3lPa4jVFYfhSe0M2ZPxMwvoXb25eyCNI\n1lYjSKq87wKBgHnLTNghjeDp4UKe6rNYPgRm0rDrhziJtX5JeUov1mALKb6dnmkh\nGfRK9g8sQqKDfXwfC6Z2gaMK9YaryujGaWYoCpoPXtmJ6oLPXH4XHuLh4mhUiP46\nxn8FEfSimuQS4/FMxH8A128GHQSI7AhGFFzlwfrBWcvXC+mNDsTvMmLxAoGARc+4\nupppfccETQZ7JsitMgD1TMwA2f2eEwoWTAitvlXFNT9PYSbYVHaAJbga6PLLCbYF\nFzAjHpxEOKYSdEyu7n/ayDL0/Z2V+qzc8KarDsg/0RgwppBbU/nUgeKb/U79qcYo\ny4ai3UKNCS70Ei1dTMvmdpnwXwlxfNIBufB6dy0CgYBMYq9Lc31GkC6PcGEEbx6W\nvjImOadWZbuOVnvEQjb5XCdcOsWsMcg96PtoeuyyHmhnEF1GsMzcIdQv/PHrvYpK\nYp8D0aqsLEgwGrJQER26FPpKmyIwvcL+nm6q5W31PnU9AOC/WEkB6Zs58hsMzD2S\nkEJQcmfVew5mFXyxuEn3zA==\n-----END PRIVATE KEY-----",
   "project_id": "apisix",
   "token_uri": "https://test.com:1983/google/logging/token",
-  "scopes": [
+  "scope": [
     "https://apisix.apache.org/logs:admin"
   ],
   "entries_uri": "https://test.com:1983/google/logging/entries"