fix(env): support for uppercase reference to get ENV and SECRET

[LinkinStars]

Description

Fixes #11141

"cert": "$ENV://APISIX_ENV_CERT",
"key": "$ENV://APISIX_ENV_KEY",

Only lowercase is matched in the 'cert' and 'key' parameters. To maintain consistency, match the uppercase as well.

Checklist

• I have explained the need for this PR and the problem it solves
• I have explained the changes or the new features added to this PR
• I have added tests corresponding to this change
• I have updated the documentation to reflect this change
• I have verified that this change is backward compatible (If not, please discuss on the APISIX mailing list first)

[shreemaan-abhishek]

@LinkinStars please add test cases as well

[shreemaan-abhishek]

also, please fix the code lint problem

[LinkinStars]

also, please fix the code lint problem

I think it's probably not a code issue that's causing the lint to not pass.

FYI: https://github.com/orgs/community/discussions/120966

[shreemaan-abhishek]

@LinkinStars, okay. Please rebase with master for the fix for CI failures.

[shreemaan-abhishek]

@LinkinStars I think using lowercase "$env://" and uppercase "$SECRET://" might still not work as the code hardcodes the case for sanity checks:

Hardcoding for secret reference:
https://github.com/shreemaan-abhishek/apisix/blob/07b3cc3f63db8fc4ae3706baa324a76ee3049338/apisix/secret.lua#L34
https://github.com/shreemaan-abhishek/apisix/blob/07b3cc3f63db8fc4ae3706baa324a76ee3049338/apisix/secret.lua#L121

Hardcoding for env reference:
https://github.com/shreemaan-abhishek/apisix/blob/07b3cc3f63db8fc4ae3706baa324a76ee3049338/apisix/core/env.lua#L30
https://github.com/shreemaan-abhishek/apisix/blob/07b3cc3f63db8fc4ae3706baa324a76ee3049338/apisix/core/env.lua#L70

If you were to write test cases covering the above situation it would fail. What could be a good solution for this?

[LinkinStars]

@shreemaan-abhishek

First, we discuss the issue of env.

After my testing, both the uppercase and lowercase should be supported after changes. There are two reasons for this

1. unit test 18 passed https://github.com/shreemaan-abhishek/apisix/blob/07b3cc3f63db8fc4ae3706baa324a76ee3049338/t/router/radixtree-sni2.t#L700-L725
2. user can use it after changing to lowercase bug: unable to setup ssls with env reference #11141 (comment)

After reading the code I found out why. For env, both checking and parsing converted the target to uppercase preferentially.

if string.has_prefix(upper(uri), core.env.PREFIX) then

Because when characters are cut, the character length is used. Both uppercase and lowercase lengths are the same, so there's no problem.

local path = sub(env_uri, #ENV_PREFIX + 1)

---

Secondly, let's discuss the secret.

Unfortunately, as you said, using the uppercase 'SECRET' is problematic.

I tried adding unit tests and found that they could not pass. The reason is quite simple: 'secret' is not converted to uppercase like 'env' before comparison and parsing.

Dig more. I find the git history. The 'secret' was previously modified by KMS, and there was uppercase conversion before.

However, $SECRET has never been used. It's not even mentioned in the documentation.

So, in my opinion, I would not recommend supporting uppercase SECRET. I think the author who wrote the code at that time must have also considered that.

Of course, these are just my personal thoughts, if there is anything incorrect, please point it out.

---

All in all, there are two options.

1. not support $SECRET
2. suport $SECRET, just like the ENV. such asstring.has_prefix(upper(uri), secret.PREFIX)

[shreemaan-abhishek]

let's only support uppercase for ENV and leave secret as it is. Really appreciate the detailed explanation 🙏🏼

[Neilblaze]

LGTM!

[github-actions]

This pull request has been marked as stale due to 60 days of inactivity. It will be closed in 4 weeks if no further activity occurs. If you think that's incorrect or this pull request should instead be reviewed, please simply write any comment. Even if closed, you can still revive the PR at any time or discuss it on the [email protected] list. Thank you for your contributions.

[shreemaan-abhishek]

@LinkinStars please resolve the conflicts.

[github-actions]

This pull request has been marked as stale due to 60 days of inactivity. It will be closed in 4 weeks if no further activity occurs. If you think that's incorrect or this pull request should instead be reviewed, please simply write any comment. Even if closed, you can still revive the PR at any time or discuss it on the [email protected] list. Thank you for your contributions.

[github-actions]

This pull request/issue has been closed due to lack of activity. If you think that is incorrect, or the pull request requires review, you can revive the PR at any time.