Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[THREESCALE-8486] TLS and path routing #1486

Merged
merged 2 commits into from
Jul 23, 2024

Conversation

tkan145
Copy link
Contributor

@tkan145 tkan145 commented Jul 16, 2024

What

Fix https://issues.redhat.com/browse/THREESCALE-8486
and
https://issues.redhat.com/browse/THREESCALE-11036

Verification steps

  • Check out this branch
  • Build runtime image
make runtime-image IMAGE_NAME=apicast-test
  • Modify listen-tls environment as follow
diff --git a/dev-environments/listen-tls/docker-compose.yml b/dev-environments/listen-tls/docker-compose.yml
index 6d89464f..ce6ea12b 100644
--- a/dev-environments/listen-tls/docker-compose.yml
+++ b/dev-environments/listen-tls/docker-compose.yml
@@ -15,6 +15,7 @@ services:
       THREESCALE_CONFIG_FILE: /tmp/config.json
       THREESCALE_DEPLOYMENT_ENV: staging
       APICAST_CONFIGURATION_LOADER: lazy
+      APICAST_PATH_ROUTING:true
       APICAST_WORKERS: 1
       APICAST_LOG_LEVEL: debug
       APICAST_CONFIGURATION_CACHE: "0"
  • Run local apicast
make gateway IMAGE_NAME=apicast-test
  • Test with a request
curl --resolve example.com:8443:127.0.0.1 -v --cacert cert/rootCA.pem "https://example.com:8443/?user_key=123"

This line should appear as debug log

[debug] 943340#943340: *3 find_service.lua:58: Configured to do path-based routing, but it is not compatible with ssl_certificate phase. Skipping.

@tkan145 tkan145 requested a review from a team as a code owner July 16, 2024 06:10
@tkan145 tkan145 force-pushed the THREESCALE-8486-tls-and-path_routing branch from 81e1141 to 6818bb5 Compare July 19, 2024 02:21
tkan145 added 2 commits July 23, 2024 15:17
Previously APIcast outputs the warning message said would switch over
using host routing if TLS and APICAST_PATH_ROUTING are enabled. However
this is not true because the service lookup is handled during the rewrite
phase and path_routing still works normally.

This PR modifies the output message to reflect this fact.
@tkan145 tkan145 force-pushed the THREESCALE-8486-tls-and-path_routing branch from 6818bb5 to 9cf87e7 Compare July 23, 2024 05:18
@tkan145 tkan145 merged commit 4e7c87b into 3scale:master Jul 23, 2024
14 checks passed
@tkan145 tkan145 deleted the THREESCALE-8486-tls-and-path_routing branch July 23, 2024 07:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants