Merge branch 'upstream/master' into github/master

* upstream/master: (25 commits) fix: upgrade lua-resty-ldap to 0.2.2 (apache#9254) feat(cli): support bypassing Admin API Auth by configuration (apache#9147) fix(ci): write version into xds first (apache#9274) fix: skip warning log when apisix.data_encryption.enable is false (apache#9057) docs: add-api7-information (apache#9260) docs: Fixed typo (apache#9244) docs: clarify what is client.ca in client-to-apisix-mtls.md (apache#9221) docs: Corrected typos and grammatical errors (apache#9216) docs: updated ssl sni parameter requirement in admin-api.md (apache#9176) fix: check upstream reference in traffic-split plugin when delete upstream (apache#9044) docs: Update proxy-rewrite headers.add docs (apache#9220) feat: suppot header injection for fault-injection plugin (apache#9039) fix: upgrade lua-resty-etcd to 1.10.4 (apache#9235) docs: fix incorrect semantic.yml link (apache#9231) feat: Upstream status report (apache#9151) fix: host_hdr should not be false (apache#9150) docs: remove APISIX base instruction (apache#9117) fix(cli): prevent non-`127.0.0.0/24` to access admin api with empty admin_key (apache#9146) docs: fix 404 link (apache#9160) fix(cors): consider using `allow_origins_by_regex` only when it is not `nil` (apache#9028) ...
fitphp · Apr 11, 2023 · a6808a0 · a6808a0
2 parents 9c6f9b8 + 95fc225
commit a6808a0
Show file tree

Hide file tree

Showing 67 changed files with 1,926 additions and 381 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -48,7 +48,7 @@ jobs:
           submodules: recursive
 
       - name: Setup Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
         with:
           go-version: "1.17"
 

diff --git a/.github/workflows/chaos.yml b/.github/workflows/chaos.yml
@@ -24,7 +24,7 @@ jobs:
           submodules: recursive
 
       - name: Setup go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
         with:
           go-version: "1.17"
 

diff --git a/.github/workflows/gm-cron.yaml b/.github/workflows/gm-cron.yaml
@@ -38,7 +38,7 @@ jobs:
           submodules: recursive
 
       - name: Setup Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v4
         with:
           go-version: "1.17"
 

diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
@@ -65,7 +65,7 @@ We strive to:
        * Repeated harassment of others. In general, if someone asks you to stop, then stop.
        * Advocating for, or encouraging, any of the above behaviour.
 
-6. __Be concise.__ Keep in mind that what you write once will be read by hundreds of persons. Writing a short email means people can understand the conversation as efficiently as possible. Short emails should always strive to be empathetic, welcoming, friendly and patient. When a long explanation is necessary, consider adding a summary.</p>
+6. __Be concise.__ Keep in mind that what you write once will be read by hundreds of people. Writing a short email means people can understand the conversation as efficiently as possible. Short emails should always strive to be empathetic, welcoming, friendly and patient. When a long explanation is necessary, consider adding a summary.</p>
 
       Try to bring new ideas to a conversation so that each mail adds something unique to the thread, keeping in mind that the rest of the thread still contains the other messages with arguments that have already been made.
 

diff --git a/CODE_STYLE.md b/CODE_STYLE.md
@@ -322,7 +322,7 @@ end
 
 The function should return `<boolean>`, `err`.
 The first return value means successful or not, if not, the second return value specifies the error message.
-The error message can be ignored in some case.
+The error message can be ignored in some cases.
 
 ```lua
 --No

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -44,7 +44,7 @@ Once we've discussed your changes and you've got your code ready, make sure that
 * Includes tests for new functionality.
 * References the original issue in the description, e.g. "Resolves #123".
 * Has a [good commit message](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html).
-* Ensure your pull request's title starts from one of the word in the `types` section of [semantic.yml](https://github.com/apache/apisix/blob/master/.github/semantic.yml).
+* Ensure your pull request's title starts from one of the word in the `types` section of [semantic.yml](https://github.com/apache/apisix/blob/master/.github/workflows/semantic.yml).
 * Follow the [PR manners](https://raw.githubusercontent.com/apache/apisix/master/.github/PULL_REQUEST_TEMPLATE.md)
 
 ## Contribution Guidelines for Documentation

diff --git a/THREAT_MODEL.md b/THREAT_MODEL.md
@@ -57,4 +57,4 @@ We should keep security in mind, and validate the input from the client before u
 
 As the maintainer:
 We should keep security in mind, and review the code line by line.
-We are open to the discussion from the security researchers.
+We are open to discussion from the security researchers.
diff --git a/apisix/admin/init.lua b/apisix/admin/init.lua
@@ -67,6 +67,12 @@ local router
 
 local function check_token(ctx)
     local local_conf = core.config.local_conf()
+
+    -- check if admin_key is required
+    if local_conf.deployment.admin.admin_key_required == false then
+        return true
+    end
+
     local admin_key = core.table.try_read_attr(local_conf, "deployment", "admin", "admin_key")
     if not admin_key then
         return true
@@ -395,6 +401,13 @@ function _M.init_worker()
     events.register(reload_plugins, reload_event, "PUT")
 
     if ngx_worker_id() == 0 then
+        -- check if admin_key is required
+        if local_conf.deployment.admin.admin_key_required == false then
+            core.log.warn("Admin key is bypassed! ",
+                "If you are deploying APISIX in a production environment, ",
+                "please disable `admin_key_required` and set a secure admin key!")
+        end
+
         local ok, err = ngx_timer_at(0, function(premature)
             if premature then
                 return

diff --git a/apisix/admin/upstreams.lua b/apisix/admin/upstreams.lua
@@ -15,13 +15,17 @@
 -- limitations under the License.
 --
 local core = require("apisix.core")
+local config_util = require("apisix.core.config_util")
+local router = require("apisix.router")
 local get_routes = require("apisix.router").http_routes
 local get_services = require("apisix.http.service").services
+local get_plugin_configs = require("apisix.plugin_config").plugin_configs
+local get_consumers = require("apisix.consumer").consumers
+local get_consumer_groups = require("apisix.consumer_group").consumer_groups
 local apisix_upstream = require("apisix.upstream")
 local resource = require("apisix.admin.resource")
 local tostring = tostring
 local ipairs = ipairs
-local type = type
 
 
 local function check_conf(id, conf, need_id)
@@ -34,31 +38,96 @@ local function check_conf(id, conf, need_id)
 end
 
 
-local function delete_checker(id)
-    local routes, routes_ver = get_routes()
-    if routes_ver and routes then
-        for _, route in ipairs(routes) do
-            if type(route) == "table" and route.value
-               and route.value.upstream_id
-               and tostring(route.value.upstream_id) == id then
-                return 400, {error_msg = "can not delete this upstream,"
-                                         .. " route [" .. route.value.id
+local function up_id_in_plugins(plugins, up_id)
+    if plugins and plugins["traffic-split"]
+        and plugins["traffic-split"].rules then
+
+        for _, rule in ipairs(plugins["traffic-split"].rules) do
+            local plugin_upstreams = rule.weighted_upstreams
+            for _, plugin_upstream in ipairs(plugin_upstreams) do
+                if plugin_upstream.upstream_id
+                    and tostring(plugin_upstream.upstream_id) == up_id then
+                     return true
+                end
+            end
+        end
+
+        return false
+    end
+end
+
+
+local function check_resources_reference(resources, up_id,
+                                         only_check_plugin, resources_name)
+    if resources then
+        for _, resource in config_util.iterate_values(resources) do
+            if resource and resource.value then
+                if up_id_in_plugins(resource.value.plugins, up_id) then
+                    return {error_msg = "can not delete this upstream,"
+                                        .. " plugin in "
+                                        .. resources_name .. " ["
+                                        .. resource.value.id
+                                        .. "] is still using it now"}
+                end
+
+                if not only_check_plugin and resource.value.upstream_id
+                    and tostring(resource.value.upstream_id) == up_id then
+                     return {error_msg = "can not delete this upstream, "
+                                         .. resources_name .. " [" .. resource.value.id
                                          .. "] is still using it now"}
+                end
             end
         end
     end
+end
+
+
+local function delete_checker(id)
+    local routes = get_routes()
+    local err_msg = check_resources_reference(routes, id, false, "route")
+    if err_msg then
+        return 400, err_msg
+    end
 
     local services, services_ver = get_services()
     core.log.info("services: ", core.json.delay_encode(services, true))
     core.log.info("services_ver: ", services_ver)
-    if services_ver and services then
-        for _, service in ipairs(services) do
-            if type(service) == "table" and service.value
-               and service.value.upstream_id
-               and tostring(service.value.upstream_id) == id then
-                return 400, {error_msg = "can not delete this upstream,"
-                                         .. " service [" .. service.value.id
-                                         .. "] is still using it now"}
+    local err_msg = check_resources_reference(services, id, false, "service")
+    if err_msg then
+        return 400, err_msg
+    end
+
+    local plugin_configs = get_plugin_configs()
+    local err_msg = check_resources_reference(plugin_configs, id, true, "plugin_config")
+    if err_msg then
+        return 400, err_msg
+    end
+
+    local consumers = get_consumers()
+    local err_msg = check_resources_reference(consumers, id, true, "consumer")
+    if err_msg then
+        return 400, err_msg
+    end
+
+    local consumer_groups = get_consumer_groups()
+    local err_msg = check_resources_reference(consumer_groups, id, true, "consumer_group")
+    if err_msg then
+        return 400, err_msg
+    end
+
+    -- TODO: Refactor router.global_rules and then refactor the following code
+    local global_rules = router.global_rules
+    if global_rules and global_rules.values
+        and #global_rules.values > 0 then
+
+        for _, global_rule in config_util.iterate_values(global_rules.values) do
+            if global_rule and global_rule.value
+                and global_rule.value.plugins
+                and up_id_in_plugins(global_rule.value.plugins, id) then
+                 return 400, {error_msg = "can not delete this upstream,"
+                                          .. " plugin in global_rule ["
+                                          .. global_rule.value.id
+                                          .. "] is still using it now"}
             end
         end
     end

diff --git a/apisix/cli/ops.lua b/apisix/cli/ops.lua
@@ -185,12 +185,16 @@ local function init(env)
     local checked_admin_key = false
     local allow_admin = yaml_conf.deployment.admin and
         yaml_conf.deployment.admin.allow_admin
-    if yaml_conf.apisix.enable_admin and allow_admin then
-        for _, allow_ip in ipairs(allow_admin) do
-            if allow_ip == "127.0.0.0/24" then
-                checked_admin_key = true
-            end
-        end
+    if yaml_conf.apisix.enable_admin and allow_admin
+       and #allow_admin == 1 and allow_admin[1] == "127.0.0.0/24" then
+        checked_admin_key = true
+    end
+    -- check if admin_key is required
+    if yaml_conf.deployment.admin.admin_key_required == false then
+        checked_admin_key = true
+        print("Warning! Admin key is bypassed! "
+                .. "If you are deploying APISIX in a production environment, "
+                .. "please disable `admin_key_required` and set a secure admin key!")
     end
 
     if yaml_conf.apisix.enable_admin and not checked_admin_key then

diff --git a/apisix/cli/schema.lua b/apisix/cli/schema.lua
@@ -353,6 +353,9 @@ local admin_schema = {
         https_admin = {
             type = "boolean",
         },
+        admin_key_required = {
+            type = "boolean",
+        },
     }
 }
 

diff --git a/apisix/consumer_group.lua b/apisix/consumer_group.lua
@@ -39,6 +39,14 @@ function _M.init_worker()
 end
 
 
+function _M.consumer_groups()
+    if not consumer_groups then
+        return nil, nil
+    end
+    return consumer_groups.values, consumer_groups.conf_version
+end
+
+
 function _M.get(id)
     return consumer_groups:get(id)
 end