fix(scripts): fix update-copyright in venv and remove unused repos #12414
+2,232
−584
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* docs(3.5.0): generate 3.5.0 changelog --------- Co-authored-by: Douglas-Lee <[email protected]>
This PR adds Kong Manager Open Source 3.5 changelog. --------- Co-authored-by: Makito <[email protected]>
…11805) Cache the aws lambda service by composing a cache key using the service related fields, so that service object can be reused between plugins and vault refresh can take effect when key/secret is rotated * fix(aws-lambda): aws lambda service cache by service related fields * tests(aws-lambda): add test for checking service cache refresh when vault rotates * style(*): lint Fix KAG-2832
) Behaviour change from #11594 Fix KAG-2855 Fix #11776 (cherry picked from commit a3c249d) Co-authored-by: Wangchong Zhou <[email protected]>
Signed-off-by: Joshua Schmid <[email protected]> (cherry picked from commit 920ba98)
Signed-off-by: Aapo Talvensaari <[email protected]> (cherry picked from commit dc29170)
### Summary KAG-2857 Signed-off-by: Aapo Talvensaari <[email protected]> (cherry picked from commit 9948067)
### Summary
Fixes issue where this was logged to logs:
```
2023/10/18 13:53:33 [warn] 8714#0: [kong] vault.lua:861 error updating secret reference {vault://env/PG_USER}: could not find cached value
```
That happened for example when starting Kong with this command:
```
KONG_LOG_LEVEL=warn PG_USER=kong KONG_PG_USER={vault://env/PG_USER} ./bin/kong start
```
It auto-corrected itself, which was good in this case.
This commit makes it more robust, and does not warn anymore
as caches are properly warmed.
Signed-off-by: Aapo Talvensaari <[email protected]>
(cherry picked from commit d8bd50d)
Signed-off-by: Aapo Talvensaari <[email protected]> (cherry picked from commit aa16028)
when the `balancer` instrumentation was enabled, the parent span was set incorrectly on traces, this fix addresses the problem by setting the parent span correctly on the root (`kong`) span when there is an incoming tracing header. (cherry picked from commit 72580d5)
…onfig (#11843) ### Summary Warmup cache on `init` where we have Lua `coroutines` available so that it won't happen on `init_worker` where we don't have them (and cannot use e.g. lua-resty-http). See KAG-2620 and FTI-5080. Signed-off-by: Aapo Talvensaari <[email protected]> * Update spec/02-integration/02-cmd/02-start_stop_spec.lua --------- Signed-off-by: Aapo Talvensaari <[email protected]> Co-authored-by: Samuele <[email protected]> (cherry picked from commit 12324a1)
* FIX:Repeated sslhandshake in [tcp-log] plugin * add changelog * update message as the comments * Update changelog/unreleased/kong/fix-tcp-log-sslhandshake.yml Co-authored-by: tzssangglass <[email protected]> --------- Co-authored-by: tzssangglass <[email protected]> (cherry picked from commit 3fed60b)
…ct ttl (#11815) ### Summary The vault is rotating secrets on every minute which updates the shared dictionary cache with new values, both negative and positive results. This commit changes the Negative results handling on LRU. Previously the LRU was cleared for negative results, and we just used to cache for config.ttl amount of time. This commit changes it so that LRU values are deleted, and we cache things config.ttl + config.resurrect_ttl amount of time in lru cache too. It was reported by @Hayk-S on KAG-2833. Signed-off-by: Aapo Talvensaari <[email protected]> (cherry picked from commit 1b6c394)
--------- Co-authored-by: Datong Sun <[email protected]> (cherry picked from commit bcbb4d3) Co-authored-by: Xumin <[email protected]>
Signed-off-by: Joshua Schmid <[email protected]> (cherry picked from commit 6bccc87)
This is a temporary workaround for the DNS client blocking issue until a more permanent solution can be developed. Fix FTI-5348 --------- Co-authored-by: Datong Sun <[email protected]> (cherry picked from commit 3be2513)
…ling authentication headers (#11780) (#11887) * refactor(plugins/ldap-auth): optimize the process of parsing and handling authentication headers 1. use the `ngx.re.find` and `ngx.re.match` functions for more robust and efficient string matching operations. 2. adds error handling and logging for potential errors during authentication header parsing and credential decoding. 3. tweak the handling position for the case where `proxy_authorization_value` does not exist. Fix: [FTI-5329](https://konghq.atlassian.net/browse/FTI-5329) Signed-off-by: sabertobihwy <[email protected]> * update by comments --------- Signed-off-by: sabertobihwy <[email protected]> Co-authored-by: tzssangglass <[email protected]> (cherry picked from commit 6ce55c4) Co-authored-by: Kurt Tu <[email protected]>
* docs(COPYRIGHT): update copyright for 3.5.0 * docs(COPYRIGHT): update copyright for 3.5.0 * docs(COPYRIGHT): update copyright for 3.5.0
### Summary The PR #11480 introduced a bug that calls `store_connection` without passing `self`. This fixes that. Signed-off-by: Aapo Talvensaari <[email protected]> (cherry picked from commit 201b0a9)
A longer stale TTL can help reduce the load on less performant/reliable DNS servers, reducing proxy latency and availability impact to Kong's proxy path. KAG-3080 Co-authored-by: Datong Sun <[email protected]> --------- Co-authored-by: Datong Sun <[email protected]> (cherry picked from commit 533d3f7)
… phase filter (Backport from ad1af89)
…timing` to maintain synchronization with the EE code (Backport from f59e36b)
(cherry picked from commit 2adad05)
This also includes a necessary bump of Wasmtime to 14.0.3. Changes since 21732b18fc46f409962ae77ddf01c713b568d078: * 388d572 - docs(changelog) prerelease-0.2.0 * 7d3451b - chore(codecov) specify flags in 'flag_management' section * d59027f - chore(valgrind.supp) consolidate wasmparser::parse suppressions * 7184a57 - chore(deps) bump OpenSSL to 3.2.0 * 338bcbe - chore(deps) bump zlib to 1.3 * 743c3d3 - chore(deps) cargo update * 8964b1f - chore(util) minor cleanup/improvements * f955308 - chore(sdk) separate build and install of .wasm examples * 8f3fa95 - fix(wasi) do not use instance pool in 'fd_write' * 4f47e96 - docs(proxy-wasm) document response body buffering * f813a30 - feat(proxy-wasm) implement response body buffering * f171e0f - chore(util) always invoke the Proxy-Wasm SDK scripts * 3d61ca1 - chore(ci) add code coverage for Valgrind jobs * a278bb7 - tests(*) switch Valgrind tests from 'opt-out' to 'opt-in' * 9584c03 - fix(proxy-wasm) use filter chain pool in 'ngx_proxy_wasm_maps_set' * 175f0b8 - chore(util) minor usage fix and style cohesion for scripts * aefb121 - chore(ci) install Node.js in unit and valgrind jobs * e757482 - chore(*) clone and test proxy-wasm-assemblyscript-sdk examples * f2faf97 - chore(util) build Proxy-Wasm SDKs on 'make setup' * bd1b5b8 - chore(ci) remove 'nginx.sock' before artifact upload on failure * 65a0b46 - chore(util) use 'git fetch --tags' for updating runtimes * b51a15f - chore(*) add a .gitattributes file * 9959389 - fix(*) resolve a possible segfault in the FFI * 8c45ad1 - fix(*) proper filter modules order in dynamic OpenResty builds * 33157a8 - feat(proxy-wasm) custom host properties getters/setters * 81c703e - docs(*) minor fix for a title level * db88b15 - fix(proxy-wasm) free dispatch calls during resume edge-case * 5553ae0 - feat(proxy-wasm) strengthen host functions context checks * ddb3fa8 - docs(*) add AssemblyScript filter example and SDK fork * ecd7896 - refactor(proxy-wasm) improve pwexec resurrection and instance lifecycle * 9d304a1 - fix(proxy-wasm) free trapped instances early * 34c23c6 - fix(proxy-wasm) improve instance recycling robustness * e3d25c7 - chore(release) install setuptools on macOS * 689a460 - tests(*) add suites for client/upstream connection aborts * fa7c59b - misc(tcp) disable a debugging assertion * d6d04b9 - chore(util) add a patch for tcp_listen in HUP mode * 67f295b - misc(wrt) add Wasmtime version checks * ddf8105 - chore(deps) bump Wasmtime to 14.0.3 * de9eb4c - chore(ci) ignore release Dockerfiles changes * 84fb42b - chore(release) use Python 3.8+ in older distributions * 9538ad8 - chore(valgrind.supp) add a new suppression for headers-more-nginx-module * 28e282c - chore(deps) cargo update * 651728c - chore(deps) bump OpenSSL to 3.1.4 * 3cf7537 - chore(deps) bump Nginx to 1.25.3 (cherry picked from commit aba1910) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
### Summary - bugfix: applied the patch for security advisory to NGINX cores. (CVE-2023-44487). Kong already had the patch, but well, now that it is packaged, we can remove ours, and get to the latest OpenResty KAG-3033 Signed-off-by: Aapo Talvensaari <[email protected]> (cherry picked from commit 4b12b23)
(cherry picked from commit c7c44a2)
(cherry picked from commit aed8c05)
Several of these tests contained the following assertion after generating a certificate with the `kong hybrid gen_cert` command: ```lua assert(crt:get_not_before() >= ngx.time()) ``` This produces failures every now and again when the clock has advanced _just_ enough for ngx.time() to return `crt:get_not_before() + 1`. To fix this, we record the time _before_ generating the cert and validate against the stored timestamp. (cherry picked from commit b7a8361)
(cherry picked from commit 7a25ad4) Co-authored-by: Michael Martin <[email protected]>
In the balancer phase, when obtaining a connection from the upstream connection pool, the `cached` attribute of the peer connection is set to 1(`pc->cached = 1;`), indicating that the connection is obtained from the cache. If an error occurs during the use of this connection, such as "upstream prematurely closed connection" the system will increase the `tries` attribute of the peer connection by executing `u->peer.tries++`. `tries` represents the maximum number of attempts to connect to an upstream server. It is equal to the normal 1 attempt + `retries` (default value is 5) = 6. The occurrence of `u->peer.tries++` is unexpected and it results in the actual retry count exceeding 6 in worst cases. This PR restores tries by callbacks to the balancer when `u->peer.tries++` is unexpectedly set. FIX [FTI-5616](https://konghq.atlassian.net/browse/FTI-5616) Signed-off-by: tzssangglass <[email protected]>
github-actions
bot
added
core/cli
core/proxy
core/pdk
core/clustering
plugins/tcp-log
core/templates
plugins/aws-lambda
core/admin-api
core/db
plugins/ldap-auth
core/docs
chore
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
kong-lapisfrom1.14.0.2to1.14.0.3(chore(deps): bump kong-lapis from 1.14.0.2 to 1.14.0.3 #11839)dns_no_synctoon(fix(dns): set defaultdns_no_synctoon#11869)dedicated_config_processingby default (chore(conf): enablededicated_config_processingby default #11889)azure-functionstests (tests(*): fix azure plugin test due to mockbin sunset #11879)syncQuery()to prevent deadlock risk (fix(dns): Eliminate asynchronous timer in syncQuery() to prevent hang risk #11900)dns_stale_ttldefault to 1 hour (feat(templates): bumpdns_stale_ttldefault to 1 hour #12087)ctx.is_timing_enabledtoctx.has_timingto maintain synchronization with the EE code/(feat(admin-api): add gateway edition info to the endpoint/#12097)Summary
Checklist
changelog/unreleased/kongorskip-changeloglabel added on PR if changelog is unnecessary. README.mdIssue reference
Fix #[issue number]