nic-6443 commented on code in PR #13062:
URL: https://github.com/apache/apisix/pull/13062#discussion_r3393121873
##########
apisix/schema_def.lua:
##########
@@ -838,7 +838,12 @@ _M.ssl = {
client = {
type = "object",
properties = {
- ca = certificate_scheme,
+ ca = {
+ oneOf = {
+ certificate_scheme,
+ secret_uri_schema
Review Comment:
This hunk should be dropped when you merge master (the PR is currently
conflicting): `secret_uri_schema` was removed in #13312, which made schema
validation skip `$secret://`/`$env://` string values centrally
(`skip_validation = secret.is_secret_ref` in `apisix/core/schema.lua`). So on
current master `client.ca = "$env://..."` already passes the schema check
without any schema change. Worse, git auto-merges this file, so after merging
master this would reference an undefined variable and the `oneOf` silently
degrades to a no-op.
The part of #13020 that still needs fixing on master is the unconditional
`validate(conf.client.ca, nil)` in `check_ssl_conf` — your ssl.lua change
covers exactly that, so the fix stays intact without this hunk.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
