Skip to content

Commit

Permalink
fix security warning test
Browse files Browse the repository at this point in the history
  • Loading branch information
@Revolyssup
Revolyssup committed Jan 27, 2025
1 parent 480b385 commit 9134a92
Show file tree
Hide file tree
Showing 2 changed files with 54 additions and 25 deletions.
10 changes: 7 additions & 3 deletions apisix/plugins/opentelemetry.lua
View file
Original file line number Diff line number Diff line change
Expand Up @@ -198,7 +198,13 @@ local _M = {

function _M.check_schema(conf, schema_type)
if schema_type == core.schema.TYPE_METADATA then
return core.schema.check(metadata_schema, conf)
local ok, err = core.schema.check(metadata_schema, conf)
if not ok then
return ok, err
end
local check = {"collector.address"}
core.utils.check_https(check, conf, plugin_name)
return true
end
return core.schema.check(schema, conf)
end
Expand Down Expand Up @@ -308,8 +314,6 @@ function _M.rewrite(conf, api_ctx)
end
core.log.info("metadata: ", core.json.delay_encode(metadata))
local plugin_info = metadata.value
local check = {"collector.address"}
core.utils.check_https(check, plugin_info, plugin_name)
local vars = api_ctx.var

local tracer, err = core.lrucache.plugin_ctx(lrucache, api_ctx, nil,
Expand Down
69 changes: 47 additions & 22 deletions t/plugin/security-warning2.t
View file
Original file line number Diff line number Diff line change
Expand Up @@ -138,21 +138,30 @@ Using openid-connect proxy_opts.http_proxy with no TLS is a security risk
--- extra_yaml_config
plugins:
- opentelemetry
plugin_attr:
opentelemetry:
trace_id_source: x-request-id
batch_span_processor:
max_export_batch_size: 1
inactive_timeout: 0.5
collector:
address: http://127.0.0.1:4318
request_timeout: 3
request_headers:
foo: bar
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/plugin_metadata/opentelemetry',
ngx.HTTP_PUT,
[[{
"batch_span_processor": {
"max_export_batch_size": 1,
"inactive_timeout": 0.5
},
"trace_id_source": "x-request-id",
"collector": {
"address": "http://127.0.0.1:4318",
"request_timeout": 3,
"request_headers": {
"foo": "bar"
}
}
}]]
)
if code >= 300 then
ngx.status = code
end
local code, body = t('/apisix/admin/routes/1',
ngx.HTTP_PUT,
[[{
Expand All @@ -176,6 +185,13 @@ plugin_attr:
if code >= 300 then
ngx.status = code
end
--- deleting this data so this doesn't effect when metadata schema is validated
--- at init in next test.
local code, body = t('/apisix/admin/plugin_metadata/opentelemetry',
ngx.HTTP_DELETE)
if code >= 300 then
ngx.status = code
end
ngx.say(body)
}
}
Expand All @@ -190,21 +206,30 @@ Using opentelemetry collector.address with no TLS is a security risk
--- extra_yaml_config
plugins:
- opentelemetry
plugin_attr:
opentelemetry:
trace_id_source: x-request-id
batch_span_processor:
max_export_batch_size: 1
inactive_timeout: 0.5
collector:
address: https://127.0.0.1:4318
request_timeout: 3
request_headers:
foo: bar
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/plugin_metadata/opentelemetry',
ngx.HTTP_PUT,
[[{
"batch_span_processor": {
"max_export_batch_size": 1,
"inactive_timeout": 0.5
},
"trace_id_source": "x-request-id",
"collector": {
"address": "https://127.0.0.1:4318",
"request_timeout": 3,
"request_headers": {
"foo": "bar"
}
}
}]]
)
if code >= 300 then
ngx.status = code
end
local code, body = t('/apisix/admin/routes/1',
ngx.HTTP_PUT,
[[{
Expand Down

0 comments on commit 9134a92

Please sign in to comment.