Merge branch 'release/0.10.2'

CHANGELOG.md

@@ -1,42 +1,71 @@
 ## [Unreleased][unreleased]
 
+## [0.10.2] - 2017/05/01
+
 ### Changed
 
 - The Kong DNS resolver now honors the `MAXNS` setting (3) when parsing the
   nameservers specified in `resolv.conf`.
   [#2290](https://github.com/Mashape/kong/issues/2290)
+- Kong now matches incoming requests via the `$request_uri` property, instead
+  of `$uri`, in order to better handle percent-encoded URIS. A more detailed
+  explanation will be included in the below "Fixed" section.
+  [#2377](https://github.com/Mashape/kong/pull/2377)
+- Upstream calls do not unconditionally include a trailing `/` anymore. See the
+  below "Added" section for more details.
+  [#2315](https://github.com/Mashape/kong/pull/2315)
 - Admin API:
   - The "active targets" endpoint now only return the most recent nonzero
     weight Targets, instead of all nonzero weight targets. This is to provide
     a better picture of the Targets currently in use by the Kong load balancer.
     [#2310](https://github.com/Mashape/kong/pull/2310)
-- Plugins:
-  - key-auth: Allow setting API key header names with an underscore.
-    [#2370](https://github.com/Mashape/kong/pull/2370)
 
 ### Added
 
+- :fireworks: Plugins can implement a new `rewrite_by_lua` handler to execute
+  code in the Nginx rewrite phase. This phase is executed prior to matching a
+  registered Kong API, and prior to any authentication plugin. As such, plugins
+  implementing this phase don't have to be configured via the Admin API to be
+  executed. Enabled plugins (loaded via the `custom_plugins` Kong configuration
+  value) will execute their `rewrite_by_lua` handler for each request.
+  [#2354](https://github.com/Mashape/kong/pull/2354)
 - Ability for the client to chose whether the upstream request (Kong <->
   upstream) should contain a trailing slash in its URI. Prior to this change,
   Kong 0.10 would unconditionally append a trailing slash to all upstream
   requests. The added functionality is described in
   [#2211](https://github.com/Mashape/kong/issues/2211), and was implemented in
   [#2315](https://github.com/Mashape/kong/pull/2315).
+- Ability to hide Kong-specific response headers. Two new configuration fields:
+  `server_tokens` and `latency_tokens` will respectively toggle whether the
+  `Server` and `X-Kong-*-Latency` headers should be sent to downstream clients.
+  [#2259](https://github.com/Mashape/kong/pull/2259)
+- New `cassandra_schema_consensus_timeout` configuration property, to allow for
+  Kong to wait for the schema consensus of your Cassandra cluster during
+  migrations.
+  [#2326](https://github.com/Mashape/kong/pull/2326)
 - Serf commands executed by a running Kong node are now logged in the Nginx
   error logs with a `DEBUG` level.
   [#2410](https://github.com/Mashape/kong/pull/2410)
+- Ensure the required shared dictionaries are defined in the Nginx
+  configuration. This will prevent custom Nginx templates from potentially
+  resulting in a breaking upgrade for users.
+  [#2466](https://github.com/Mashape/kong/pull/2466)
+- Admin API:
+  - Target Objects can now be deleted with their ID as well as their name. The
+    endpoint becomes: `/upstreams/:name_or_id/targets/:target_or_id`.
+    [#2304](https://github.com/Mashape/kong/pull/2304)
 - Plugins:
   - :fireworks: **New Request termination plugin**. This plugin allows to
     temporarily disable an API and return a pre-configured response status and
     body to your client. Useful for use-cases such as maintenance mode for your
     upstream services. Thanks to [@pauldaustin](https://github.com/pauldaustin)
     for the contribution.
     [#2051](https://github.com/Mashape/kong/pull/2051)
-  - Logging plugins: The produced logs include two new fields. A `consumer`
+  - Logging plugins: The produced logs include two new fields: a `consumer`
     field, which contains the properties of the authenticated Consumer
     (`id`, `custom_id`, and `username`), if any, and a `tries` field, which
-    includes, if any, failures informations recorded by the load balancer
-    when contacting the upstream service.
+    includes the upstream connection successes and failures of the load-
+    balancer.
     [#2367](https://github.com/Mashape/kong/pull/2367)
     [#2429](https://github.com/Mashape/kong/pull/2429)
   - http-log: Now set an upstream HTTP basic access authentication header if
@@ -49,6 +78,8 @@
   - jwt: Returns `401 Unauthorized` on invalid claims instead of the previous
     `403 Forbidden` status.
     [#2433](https://github.com/Mashape/kong/pull/2433)
+  - key-auth: Allow setting API key header names with an underscore.
+    [#2370](https://github.com/Mashape/kong/pull/2370)
   - cors: When `config.credentials = true`, we do not send an ACAO header with
     value `*`. The ACAO header value will be that of the request's `Origin: `
     header.
@@ -73,14 +104,18 @@
 - If no API was configured with a `hosts` matching rule, then the
   `preserve_host` flag would never be honored.
   [#2344](https://github.com/Mashape/kong/pull/2344)
+- CNAME records are now properly being cached by the DNS resolver. This results
+  in a performance improvement over previous 0.10 versions.
+  [#2303](https://github.com/Mashape/kong/pull/2303)
 - When using Cassandra, some migrations would not be performed on the same
   coordinator as the one originally chosen. The same migrations would also
   require a response from other replicas in a cluster, but were not waiting
   for a schema consensus beforehand, causing undeterministic failures in the
   migrations, especially if the cluster's inter-nodes communication is slow.
   [#2326](https://github.com/Mashape/kong/pull/2326)
-- CNAME records are now properly cached by the DNS resolver.
-  [#2303](https://github.com/Mashape/kong/pull/2303)
+- The `cassandra_timeout` configuraiton property is now correctly taken into
+  consideration by Kong.
+  [#2326](https://github.com/Mashape/kong/pull/2326)
 - Correctly trigger plugins configured on the anonymous Consumer for anonymous
   requests (from auth plugins with the new `config.anonymous` parameter).
   [#2424](https://github.com/Mashape/kong/pull/2424)
@@ -95,6 +130,11 @@
 - Prevent an upstream or legitimate internal error in the load balancing code
   from throwing a Lua-land error as well.
   [#2327](https://github.com/Mashape/kong/pull/2327)
+- Allow backwards compatibility with custom Nginx configurations that still
+  define the `resolver ${{DNS_RESOLVER}}` directive. Vales from the Kong
+  `dns_resolver` property will be flattened to a string and appended to the
+  directive.
+  [#2386](https://github.com/Mashape/kong/pull/2386)
 - Plugins:
   - hmac: Better handling of invalid base64-encoded signatures. Previously Kong
     would return an HTTP 500 error. We now properly return HTTP 403 Forbidden.
@@ -103,18 +143,19 @@
   - Detect conflicts between SNI Objects in the `/snis` and `/certificates`
     endpoint.
     [#2285](https://github.com/Mashape/kong/pull/2285)
-  - The "active targets" endpoint does not require a trailing slash anymore.
-    [#2307](https://github.com/Mashape/kong/pull/2307)
-  - Target Objects can now be deleted with their ID as well as their name. The
-    endpoint becomes: `/upstreams/:name_or_id/targets/:target_or_id`.
-    [#2304](https://github.com/Mashape/kong/pull/2304)
-  - Upstream Objects can now be deleted properly when using Cassandra.
-    [#2404](https://github.com/Mashape/kong/pull/2404)
+  - The `/certificates` route used to not return the `total` and `data` JSON
+    fields. We now send those fields back instead of a root list of certificate
+    objects.
+    [#2463](https://github.com/Mashape/kong/pull/2463)
   - Endpoints with path parameters like `/xxx_or_id` will now also yield the
     proper result if the `xxx` field is formatted as a UUID. Most notably, this
     fixes a problem for Consumers whose `username` is a UUID, that could not be
     found when requesting `/consumers/{username_as_uuid}`.
     [#2420](https://github.com/Mashape/kong/pull/2420)
+  - The "active targets" endpoint does not require a trailing slash anymore.
+    [#2307](https://github.com/Mashape/kong/pull/2307)
+  - Upstream Objects can now be deleted properly when using Cassandra.
+    [#2404](https://github.com/Mashape/kong/pull/2404)
 
 ## [0.10.1] - 2017/03/27
 
@@ -1171,7 +1212,8 @@ First version running with Cassandra.
 - CLI `bin/kong` script.
 - Database migrations (using `db.lua`).
 
-[unreleased]: https://github.com/mashape/kong/compare/0.10.1...next
+[unreleased]: https://github.com/mashape/kong/compare/0.10.2...next
+[0.10.2]: https://github.com/mashape/kong/compare/0.10.1...0.10.2
 [0.10.1]: https://github.com/mashape/kong/compare/0.10.0...0.10.1
 [0.10.0]: https://github.com/mashape/kong/compare/0.9.9...0.10.0
 [0.9.9]: https://github.com/mashape/kong/compare/0.9.8...0.9.9

kong-0.10.1-0.rockspec → kong-0.10.2-0.rockspec

@@ -1,9 +1,9 @@
 package = "kong"
-version = "0.10.1-0"
+version = "0.10.2-0"
 supported_platforms = {"linux", "macosx"}
 source = {
   url = "git://github.com/Mashape/kong",
-  tag = "0.10.1"
+  tag = "0.10.2"
 }
 description = {
   summary = "Kong is a scalable and customizable API Management Layer built on top of Nginx.",

kong.conf.default

@@ -115,6 +115,16 @@
                                  # process. When this number is exceeded, the
                                  # least recently used connections are closed.
 
+#server_tokens = on              # Enables or disables emitting Kong version on
+                                 # error pages and in the "Server" or "Via"
+                                 # (in case the request was proxied) response
+                                 # header field.
+
+#latency_tokens = on             # Enables or disables emitting Kong latency
+                                 # information in the "X-Kong-Proxy-Latency"
+                                 # and "X-Kong-Upstream-Latency" response
+                                 # header fields.
+
 #------------------------------------------------------------------------------
 # DATASTORE
 #------------------------------------------------------------------------------

kong/api/routes/certificates.lua

@@ -99,7 +99,10 @@ return {
         end
       end
 
-      return helpers.responses.send_HTTP_OK(ssl_certificates)
+      return helpers.responses.send_HTTP_OK({
+        data = #ssl_certificates > 0 and ssl_certificates or cjson.empty_array,
+        total = #ssl_certificates,
+      })
     end,
 
 

kong/cmd/utils/kill.lua

@@ -1,4 +1,5 @@
 local pl_path = require "pl.path"
+local pl_utils = require "pl.utils"
 local log = require "kong.cmd.utils.log"
 
 local cmd_tmpl = [[kill %s `cat %s` >/dev/null 2>&1]]
@@ -8,7 +9,8 @@ local function kill(pid_file, args)
   local cmd = string.format(cmd_tmpl, args or "-0", pid_file)
   if pl_path.exists(pid_file) then
     log.debug(cmd)
-    return os.execute(cmd)
+    local _, code = pl_utils.execute(cmd)
+    return code
   else
     log.debug("no pid file at: %s", pid_file)
     return 0

kong/conf_loader.lua

@@ -61,6 +61,8 @@ local CONF_INFERENCES = {
   cluster_advertise = {typ = "string"},
   nginx_worker_processes = {typ = "string"},
   upstream_keepalive = {typ = "number"},
+  server_tokens = {typ = "boolean"},
+  latency_tokens = {typ = "boolean"},
 
   database = {enum = {"postgres", "cassandra"}},
   pg_port = {typ = "number"},
@@ -437,7 +439,7 @@ local function load(path, custom_conf)
   -- initialize the dns client, so the globally patched tcp.connect method
   -- will work from here onwards.
   assert(require("kong.tools.dns")(conf))
-  
+
   return setmetatable(conf, nil) -- remove Map mt
 end
 

kong/constants.lua

@@ -69,5 +69,6 @@ return {
   },
   CACHE = {
     CLUSTER = "cluster"
-  }
+  },
+  DICTS = { "kong", "cache", "cache_locks", "process_events", "cassandra"},
 }

kong/core/error_handlers.lua

@@ -1,3 +1,5 @@
+local singletons = require "kong.singletons"
+
 local find = string.find
 local format = string.format
 
@@ -52,7 +54,10 @@ return function(ngx)
   local status = ngx.status
   message = BODIES["s"..status] and BODIES["s"..status] or format(BODIES.default, status)
 
-  ngx.header["Server"] = SERVER_HEADER
+  if singletons.configuration.server_tokens then
+    ngx.header["Server"] = SERVER_HEADER
+  end
+
   ngx.header["Content-Type"] = content_type
   ngx.say(format(template, message))
-end
+end

kong/core/handler.lua

@@ -66,6 +66,15 @@ return {
       certificate.execute()
     end
   },
+  rewrite = {
+    before = function()
+      ngx.ctx.KONG_REWRITE_START = get_now()
+    end,
+    after = function ()
+      local ctx = ngx.ctx
+      ctx.KONG_REWRITE_TIME = get_now() - ctx.KONG_REWRITE_START -- time spent in Kong's rewrite_by_lua
+    end
+  },
   access = {
     before = function()
       if not router then
@@ -120,7 +129,7 @@ return {
       end
 
       -- if set `host_header` is the original header to be preserved
-      var.upstream_host = host_header or 
+      var.upstream_host = host_header or
           balancer_address.hostname..":"..balancer_address.port
 
     end,
@@ -138,19 +147,34 @@ return {
   },
   header_filter = {
     before = function()
-      if ngx.ctx.KONG_PROXIED then
+      local ctx = ngx.ctx
+
+      if ctx.KONG_PROXIED then
         local now = get_now()
-        ngx.ctx.KONG_WAITING_TIME = now - ngx.ctx.KONG_ACCESS_ENDED_AT -- time spent waiting for a response from upstream
-        ngx.ctx.KONG_HEADER_FILTER_STARTED_AT = now
+        ctx.KONG_WAITING_TIME = now - ctx.KONG_ACCESS_ENDED_AT -- time spent waiting for a response from upstream
+        ctx.KONG_HEADER_FILTER_STARTED_AT = now
       end
     end,
     after = function()
-      if ngx.ctx.KONG_PROXIED then
-        ngx.header[constants.HEADERS.UPSTREAM_LATENCY] = ngx.ctx.KONG_WAITING_TIME
-        ngx.header[constants.HEADERS.PROXY_LATENCY] = ngx.ctx.KONG_PROXY_LATENCY
-        ngx.header["Via"] = server_header
+      local ctx, header = ngx.ctx, ngx.header
+
+      if ctx.KONG_PROXIED then
+        if singletons.configuration.latency_tokens then
+          header[constants.HEADERS.UPSTREAM_LATENCY] = ctx.KONG_WAITING_TIME
+          header[constants.HEADERS.PROXY_LATENCY]    = ctx.KONG_PROXY_LATENCY
+        end
+
+        if singletons.configuration.server_tokens then
+          header["Via"] = server_header
+        end
+
       else
-        ngx.header["Server"] = server_header
+        if singletons.configuration.server_tokens then
+          header["Server"] = server_header
+
+        else
+          header["Server"] = nil
+        end
       end
     end
   },

kong/core/plugins_iterator.lua

@@ -66,7 +66,8 @@ local function iter_plugins_for_req(loaded_plugins, access_or_cert_ctx)
   local function get_next()
     i = i + 1
     local plugin = loaded_plugins[i]
-    if plugin and ctx.api then
+    local api = ctx.api
+    if plugin then
       -- load the plugin configuration in early phases
       if access_or_cert_ctx then
 
@@ -75,15 +76,19 @@ local function iter_plugins_for_req(loaded_plugins, access_or_cert_ctx)
         -- Search API and Consumer specific, or consumer specific
         local consumer_id = (ctx.authenticated_consumer or empty).id        
         if consumer_id and plugin.schema and not plugin.schema.no_consumer then
-          plugin_configuration = load_plugin_configuration(ctx.api.id, consumer_id, plugin.name)
+          if api then
+            plugin_configuration = load_plugin_configuration(api.id, consumer_id, plugin.name)
+          end
           if not plugin_configuration then
             plugin_configuration = load_plugin_configuration(nil, consumer_id, plugin.name)
           end
         end
 
         if not plugin_configuration then
           -- Search API specific, or global
-          plugin_configuration = load_plugin_configuration(ctx.api.id, nil, plugin.name)
+          if api then
+            plugin_configuration = load_plugin_configuration(api.id, nil, plugin.name)
+          end
           if not plugin_configuration then
             plugin_configuration = load_plugin_configuration(nil, nil, plugin.name)
           end