nic-6443 commented on code in PR #13201: URL: https://github.com/apache/apisix/pull/13201#discussion_r3067584088
########## apisix/discovery/kubernetes/core.lua: ########## @@ -0,0 +1,739 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one or more +-- contributor license agreements. See the NOTICE file distributed with +-- this work for additional information regarding copyright ownership. +-- The ASF licenses this file to You under the Apache License, Version 2.0 +-- (the "License"); you may not use this file except in compliance with +-- the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. +-- + +--- Reusable building blocks for Kubernetes service discovery. +--- Extracted from init.lua so that both static-config mode and +--- dynamic-config mode can share the same core logic. + +local ngx = ngx +local ipairs = ipairs +local pairs = pairs +local type = type +local unpack = unpack +local string = string +local tonumber = tonumber +local tostring = tostring +local os = os +local pcall = pcall +local setmetatable = setmetatable + +local core = require("apisix.core") +local util = require("apisix.cli.util") +local default_informer_factory = require("apisix.discovery.kubernetes.informer_factory") + + +local _M = {} + +local endpoint_buffer = {} +local kubernetes_service_name_label = "kubernetes.io/service-name" + + +-- ─── helpers ────────────────────────────────────────────────────────── + +local function sort_nodes_cmp(left, right) + if left.host ~= right.host then + return left.host < right.host + end + return left.port < right.port +end + + +local function build_endpoint_key(key_prefix, namespace, name) + if key_prefix and key_prefix ~= "" then + return key_prefix .. "/" .. namespace .. "/" .. name + end + return namespace .. "/" .. name +end + + +-- ─── config parsing (exported) ──────────────────────────────────────── + +function _M.read_env(key) + if #key > 3 then + local first, second = string.byte(key, 1, 2) + if first == string.byte('$') and second == string.byte('{') then + local last = string.byte(key, #key) + if last == string.byte('}') then + local env = string.sub(key, 3, #key - 1) + local value = os.getenv(env) + if not value then + return nil, "not found environment variable " .. env + end + return value + end + end + end + return key +end + + +function _M.read_token(token_file) + local token, err = util.read_file(token_file) + if err then + return nil, err + end + return util.trim(token) +end + + +function _M.get_apiserver(conf) + local apiserver = { + schema = "", + host = "", + port = "", + } + + apiserver.schema = conf.service.schema + if apiserver.schema ~= "http" and apiserver.schema ~= "https" then + return nil, "service.schema should set to one of [http,https] but " .. apiserver.schema + end + + local err + apiserver.host, err = _M.read_env(conf.service.host) + if err then + return nil, err + end + if apiserver.host == "" then + return nil, "service.host should set to non-empty string" + end + + local port + port, err = _M.read_env(conf.service.port) + if err then + return nil, err + end + apiserver.port = tonumber(port) + if not apiserver.port or apiserver.port <= 0 or apiserver.port > 65535 then + return nil, "invalid port value: " .. (apiserver.port or "nil") + end + + if conf.client.token then + local token + token, err = _M.read_env(conf.client.token) + if err then + return nil, err + end + apiserver.token = util.trim(token) + elseif conf.client.token_file and conf.client.token_file ~= "" then + setmetatable(apiserver, { + __index = function(_, key) + if key ~= "token" then + return + end + local token_file + token_file, err = _M.read_env(conf.client.token_file) + if err then + core.log.error("failed to read token file path: ", err) + return + end + local token + token, err = _M.read_token(token_file) + if err then + core.log.error("failed to read token from file: ", err) + return + end + core.log.debug("re-read the token value") + return token + end + }) + else + return nil, "one of [client.token,client.token_file] should be set but none" + end + + if apiserver.schema == "https" and apiserver.token == "" then + return nil, "apiserver.token should set to non-empty string when service.schema is https" + end + + -- ssl_verify: use explicit config if set, otherwise default to false + if conf.service.ssl_verify ~= nil then + apiserver.ssl_verify = conf.service.ssl_verify + else + apiserver.ssl_verify = false + end + + return apiserver Review Comment: By design — `get_apiserver()` reads from `conf.service` which is the standard K8s config. The `ssl_server_name` support in informer_factory is wired via the handle's apiserver object, which programmatic consumers can set directly. `create_handle()` already passes the apiserver (with `ssl_server_name` if present on it) into the handle/informer. ########## apisix/discovery/nacos/client.lua: ########## @@ -0,0 +1,363 @@ +-- +-- Licensed to the Apache Software Foundation (ASF) under one or more +-- contributor license agreements. See the NOTICE file distributed with +-- this work for additional information regarding copyright ownership. +-- The ASF licenses this file to You under the Apache License, Version 2.0 +-- (the "License"); you may not use this file except in compliance with +-- the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. +-- + +--- Reusable HTTP client primitives for Nacos service discovery. +--- Extracted from init.lua so that both static-config mode and +--- dynamic-config mode can share the same core logic. + +local require = require +local http = require('resty.http') +local core = require('apisix.core') +local ipairs = ipairs +local pairs = pairs +local type = type +local ngx = ngx +local ngx_re = require('ngx.re') +local string = string +local string_sub = string.sub +local str_byte = string.byte +local str_find = core.string.find +local log = core.log + +local auth_path = 'auth/login' +local instance_list_path = 'ns/instance/list?healthyOnly=true&serviceName=' +local default_namespace_id = "public" +local default_group_name = "DEFAULT_GROUP" + + +local _M = {} + + +-- ─── HTTP primitives ────────────────────────────────────────────────── + +function _M.request(request_uri, path, body, method, basic_auth, timeout) + local url = request_uri .. path + log.info('request url:', url) Review Comment: Already fixed in the latest commit — `request()` now logs path separately from base URI (no query params), and the login error no longer includes the password. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
