From 9134a92fe2dc5c8af7200938c2dd6eeb631d14dd Mon Sep 17 00:00:00 2001 From: Ashish Tiwari Date: Mon, 27 Jan 2025 13:37:48 +0530 Subject: [PATCH] fix security warning test --- apisix/plugins/opentelemetry.lua | 10 +++-- t/plugin/security-warning2.t | 69 ++++++++++++++++++++++---------- 2 files changed, 54 insertions(+), 25 deletions(-) diff --git a/apisix/plugins/opentelemetry.lua b/apisix/plugins/opentelemetry.lua index 0b6df75c82c9..d98ac44ae69d 100644 --- a/apisix/plugins/opentelemetry.lua +++ b/apisix/plugins/opentelemetry.lua @@ -198,7 +198,13 @@ local _M = { function _M.check_schema(conf, schema_type) if schema_type == core.schema.TYPE_METADATA then - return core.schema.check(metadata_schema, conf) + local ok, err = core.schema.check(metadata_schema, conf) + if not ok then + return ok, err + end + local check = {"collector.address"} + core.utils.check_https(check, conf, plugin_name) + return true end return core.schema.check(schema, conf) end @@ -308,8 +314,6 @@ function _M.rewrite(conf, api_ctx) end core.log.info("metadata: ", core.json.delay_encode(metadata)) local plugin_info = metadata.value - local check = {"collector.address"} - core.utils.check_https(check, plugin_info, plugin_name) local vars = api_ctx.var local tracer, err = core.lrucache.plugin_ctx(lrucache, api_ctx, nil, diff --git a/t/plugin/security-warning2.t b/t/plugin/security-warning2.t index acfd4664965a..a0e4a8fadc35 100644 --- a/t/plugin/security-warning2.t +++ b/t/plugin/security-warning2.t @@ -138,21 +138,30 @@ Using openid-connect proxy_opts.http_proxy with no TLS is a security risk --- extra_yaml_config plugins: - opentelemetry -plugin_attr: - opentelemetry: - trace_id_source: x-request-id - batch_span_processor: - max_export_batch_size: 1 - inactive_timeout: 0.5 - collector: - address: http://127.0.0.1:4318 - request_timeout: 3 - request_headers: - foo: bar --- config location /t { content_by_lua_block { local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/plugin_metadata/opentelemetry', + ngx.HTTP_PUT, + [[{ + "batch_span_processor": { + "max_export_batch_size": 1, + "inactive_timeout": 0.5 + }, + "trace_id_source": "x-request-id", + "collector": { + "address": "http://127.0.0.1:4318", + "request_timeout": 3, + "request_headers": { + "foo": "bar" + } + } + }]] + ) + if code >= 300 then + ngx.status = code + end local code, body = t('/apisix/admin/routes/1', ngx.HTTP_PUT, [[{ @@ -176,6 +185,13 @@ plugin_attr: if code >= 300 then ngx.status = code end + --- deleting this data so this doesn't effect when metadata schema is validated + --- at init in next test. + local code, body = t('/apisix/admin/plugin_metadata/opentelemetry', + ngx.HTTP_DELETE) + if code >= 300 then + ngx.status = code + end ngx.say(body) } } @@ -190,21 +206,30 @@ Using opentelemetry collector.address with no TLS is a security risk --- extra_yaml_config plugins: - opentelemetry -plugin_attr: - opentelemetry: - trace_id_source: x-request-id - batch_span_processor: - max_export_batch_size: 1 - inactive_timeout: 0.5 - collector: - address: https://127.0.0.1:4318 - request_timeout: 3 - request_headers: - foo: bar --- config location /t { content_by_lua_block { local t = require("lib.test_admin").test + local code, body = t('/apisix/admin/plugin_metadata/opentelemetry', + ngx.HTTP_PUT, + [[{ + "batch_span_processor": { + "max_export_batch_size": 1, + "inactive_timeout": 0.5 + }, + "trace_id_source": "x-request-id", + "collector": { + "address": "https://127.0.0.1:4318", + "request_timeout": 3, + "request_headers": { + "foo": "bar" + } + } + }]] + ) + if code >= 300 then + ngx.status = code + end local code, body = t('/apisix/admin/routes/1', ngx.HTTP_PUT, [[{