From b5787ae1a9cf3adef20ab9fb8b0c270d1467d9a8 Mon Sep 17 00:00:00 2001 From: SkyeYoung Date: Fri, 16 Sep 2022 06:28:41 +0000 Subject: [PATCH 1/6] fix: socket file permission --- apisix/runner/server/server.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/apisix/runner/server/server.py b/apisix/runner/server/server.py index eb7cd3a..b75ae46 100644 --- a/apisix/runner/server/server.py +++ b/apisix/runner/server/server.py @@ -84,6 +84,10 @@ def __init__(self, config: NewServerConfig): self.sock.bind(self.fd) self.sock.listen(1024) + # the default socket permission is 0755, which prevents the 'nobody' worker process + # from writing to it if the APISIX is run under root. + os.chmod(self.fd, 0o766) + self.logger = NewServerLogger(config.logging.level) print("listening on unix:%s" % self.fd) From fc6b5dc3d7e1b0b2b212370138d173b7f6eefc55 Mon Sep 17 00:00:00 2001 From: SkyeYoung Date: Fri, 16 Sep 2022 07:15:36 +0000 Subject: [PATCH 2/6] fix: add permission check --- apisix/runner/server/server.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/apisix/runner/server/server.py b/apisix/runner/server/server.py index b75ae46..347d51b 100644 --- a/apisix/runner/server/server.py +++ b/apisix/runner/server/server.py @@ -87,6 +87,8 @@ def __init__(self, config: NewServerConfig): # the default socket permission is 0755, which prevents the 'nobody' worker process # from writing to it if the APISIX is run under root. os.chmod(self.fd, 0o766) + if os.stat(self.fd).st_mode & 0xfff != 0o766: + raise Exception("can't change mode for unix socket permission to 766") self.logger = NewServerLogger(config.logging.level) From 17532831b126adca14fad565adfb0f419cc34bbd Mon Sep 17 00:00:00 2001 From: SkyeYoung Date: Mon, 19 Sep 2022 03:36:19 +0000 Subject: [PATCH 3/6] chore: update apisix ci config --- ci/docker-compose.yml | 1 + tests/e2e/tools/tools.go | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/ci/docker-compose.yml b/ci/docker-compose.yml index 0843858..40faba1 100644 --- a/ci/docker-compose.yml +++ b/ci/docker-compose.yml @@ -27,6 +27,7 @@ services: depends_on: - etcd ports: + - "9180:9180/tcp" - "9080:9080/tcp" - "9091:9091/tcp" - "9443:9443/tcp" diff --git a/tests/e2e/tools/tools.go b/tests/e2e/tools/tools.go index 064d93b..d5f46d4 100644 --- a/tests/e2e/tools/tools.go +++ b/tests/e2e/tools/tools.go @@ -27,7 +27,7 @@ import ( var ( token = "edd1c9f034335f136f87ad84b625c8f1" - A6Host = "http://127.0.0.1:9080" + A6Host = "http://127.0.0.1:9180" ) func GetAdminToken() string { From c032bbf118d53bd2fd3491de98a5a46c6a948185 Mon Sep 17 00:00:00 2001 From: SkyeYoung Date: Mon, 19 Sep 2022 04:08:32 +0000 Subject: [PATCH 4/6] ci: update apisix, go tests config --- tests/e2e/plugins/plugins_rewrite_test.go | 2 +- tests/e2e/plugins/plugins_stop_test.go | 2 +- tests/e2e/tools/tools.go | 10 ++++++++-- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/tests/e2e/plugins/plugins_rewrite_test.go b/tests/e2e/plugins/plugins_rewrite_test.go index 31056e8..4a23e99 100644 --- a/tests/e2e/plugins/plugins_rewrite_test.go +++ b/tests/e2e/plugins/plugins_rewrite_test.go @@ -32,7 +32,7 @@ var _ = ginkgo.Describe("Rewrite Plugin", func() { tools.RunTestCase(tc) }, table.Entry("create python runner rewrite plugin route success", tools.HttpTestCase{ - Object: tools.GetA6Expect(), + Object: tools.PutA6Conf(), Method: http.MethodPut, Path: "/apisix/admin/routes/1", Body: `{ diff --git a/tests/e2e/plugins/plugins_stop_test.go b/tests/e2e/plugins/plugins_stop_test.go index 19f7410..930c1ba 100644 --- a/tests/e2e/plugins/plugins_stop_test.go +++ b/tests/e2e/plugins/plugins_stop_test.go @@ -32,7 +32,7 @@ var _ = ginkgo.Describe("Stop Plugin", func() { tools.RunTestCase(tc) }, table.Entry("create python runner stop plugin route success", tools.HttpTestCase{ - Object: tools.GetA6Expect(), + Object: tools.PutA6Conf(), Method: http.MethodPut, Path: "/apisix/admin/routes/1", Body: `{ diff --git a/tests/e2e/tools/tools.go b/tests/e2e/tools/tools.go index d5f46d4..69af9d4 100644 --- a/tests/e2e/tools/tools.go +++ b/tests/e2e/tools/tools.go @@ -27,16 +27,22 @@ import ( var ( token = "edd1c9f034335f136f87ad84b625c8f1" - A6Host = "http://127.0.0.1:9180" + A6_CP_Host = "http://127.0.0.1:9180" + A6_DP_Host = "http://127.0.0.1:9080" ) func GetAdminToken() string { return token } +func PutA6Conf() *httpexpect.Expect { + t := ginkgo.GinkgoT() + return httpexpect.New(t, A6_CP_Host) +} + func GetA6Expect() *httpexpect.Expect { t := ginkgo.GinkgoT() - return httpexpect.New(t, A6Host) + return httpexpect.New(t, A6_DP_Host) } type HttpTestCase struct { From 72fcfcb67e23e2cfbe448105573c0fa7ed28d7a3 Mon Sep 17 00:00:00 2001 From: SkyeYoung Date: Mon, 19 Sep 2022 04:34:55 +0000 Subject: [PATCH 5/6] ci: update apisix config --- ci/apisix/config.yaml | 40 +++++++++++++++++++++++++++++----------- 1 file changed, 29 insertions(+), 11 deletions(-) diff --git a/ci/apisix/config.yaml b/ci/apisix/config.yaml index 379137a..b507f7b 100644 --- a/ci/apisix/config.yaml +++ b/ci/apisix/config.yaml @@ -16,21 +16,39 @@ # apisix: - allow_admin: - - 0.0.0.0/0 + node_listen: + - 9080 enable_control: true control: ip: "0.0.0.0" port: 9092 - admin_key: - - name: admin - key: edd1c9f034335f136f87ad84b625c8f1 - role: admin -etcd: - host: - - http://etcd:2379 - prefix: "/apisix" - timeout: 30 + +deployment: + role: traditional + role_traditional: + config_provider: etcd + admin: + admin_key: + - + name: admin + key: edd1c9f034335f136f87ad84b625c8f1 + role: admin + + enable_admin_cors: true + allow_admin: + - 0.0.0.0/0 + admin_listen: + ip: 0.0.0.0 + port: 9180 + + admin_api_version: v3 + + etcd: + host: + - "http://127.0.0.1:2379" + timeout: 30 + startup_retry: 2 + ext-plugin: path_for_test: /tmp/runner.sock nginx_config: From 2bc1818858c3ff91333a88f81fce5ecd988e77a4 Mon Sep 17 00:00:00 2001 From: SkyeYoung Date: Mon, 19 Sep 2022 05:46:25 +0000 Subject: [PATCH 6/6] ci: update apisix etcd config --- ci/apisix/config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/apisix/config.yaml b/ci/apisix/config.yaml index b507f7b..455f2b2 100644 --- a/ci/apisix/config.yaml +++ b/ci/apisix/config.yaml @@ -45,7 +45,7 @@ deployment: etcd: host: - - "http://127.0.0.1:2379" + - "http://etcd:2379" timeout: 30 startup_retry: 2