Squashed commit of the following:

commit f84bdde
Author: Wangchong Zhou <[email protected]>
Date:   Thu May 19 18:23:05 2022 +0800

    fix(clustering) localize config_version to avoid race condition from (#8818)

    yield

    `update_config` can yield, so we need to cache fields in `self`, otherwise it might got updated (on L89) before we read it (on L208), and causes L202 become false next time, thus prevent next ConfigSync being executed. This probably become more visiable as we introduce more `yield` from #8800.

commit 6558e99
Author: Thijs Schreijer <[email protected]>
Date:   Thu May 19 09:39:12 2022 +0200

    feat(api) report plugin versions on server (#8810)

    * feat(api) report plugin versions on server
    * add changelog entry
    * update to object containing version: this allows for easier extension later, without breaking changes

commit fba1993
Author: Vinicius Mignot <[email protected]>
Date:   Thu May 12 16:17:00 2022 -0300

    fix(balancer) set target status using hostname

    When target is added using hostname, it was not possible to update its
    health status using only the hostname. This change fixes that issue.

commit ce5e6a2
Author: Xumin <[email protected]>
Date:   Wed May 18 21:50:21 2022 +0800

    perf(pdk) faster request.get_header (#8716)

    * perf(pdk) faster reqeust.get_header
    * typo
    * cache ngx.var
    * more effecient implementation of string process
    * no need to lower
    * bug fix
    * try to archive better performance
    * style
    * bug fix

commit 6a0a579
Author: Qi <[email protected]>
Date:   Wed May 18 20:38:14 2022 +0800

    tests(*) make the `host` and `port` of `grpcbin` configurable (#8625)

commit 9da3dee
Author: Isa Farnik <[email protected]>
Date:   Tue May 17 10:26:23 2022 -0700

    [ENGEN-450] chore(changelog) debian 8 deprecation notice (#8807)

commit e80acd0
Author: Aapo Talvensaari <[email protected]>
Date:   Fri May 13 11:36:48 2022 +0300

    chore(db) small cleanups on off strategy dao

commit 337122e
Author: Aapo Talvensaari <[email protected]>
Date:   Fri May 13 10:22:53 2022 +0300

    perf(schema) no deep copy on select on process auto fields

    It is inefficient to create deep copies of tables when e.g. looping through
    database rows. In my testing with uploading some 64k routes with dbless
    (which calls process auto fields twice), this can cut the time looping the
    data by 1/4th. It also generates much less garbage.

    I searched our code bases where we use "select" context, and could not
    find anything that might break because of this.

commit 88e60a2
Author: Aapo Talvensaari <[email protected]>
Date:   Tue May 17 09:47:07 2022 +0300

    perf(db) yield on DB-less daos methods

    DBless doesn't naturally yield (not with `shared dict`, nor with `lmdb`). This may cause
    latency spikes when iterating over bigger lists, e.g. `kong.db.routes:each()`. This commit
    adds some yields so that iterating doesn't fully block the worker from doing other work
    too, so this is about cooperative multitasking.

commit 86f67e5
Author: Qirui(Keery) Nie <[email protected]>
Date:   Tue May 17 14:05:25 2022 +0800

    feat(plugins/aws-lambda) accept string type `statusCode` under proxy integration mode

    Co-authored-by: Datong Sun <[email protected]>

commit 46eeef8
Author: Qi <[email protected]>
Date:   Tue May 17 00:46:26 2022 +0800

    tests(helpers) make `host` and `port` of `Zipkin` configurable (#8626)

    Move zipkin default host and port into spec/helpers and update plugin test to use those.

commit 82fa99d
Author: Aapo Talvensaari <[email protected]>
Date:   Mon May 16 19:31:05 2022 +0300

    chore(migrations) remove deprecated Cassandra migrations helpers (#8781)

    This library had only one function left uncommented and that
    was about `Cassandra`. As `Cassandra` is deprecated with upcoming
    `3.0.0`, we don't use / need this anymore, thus removing it.

commit dd7f298
Author: Michael Martin <[email protected]>
Date:   Mon May 16 09:24:07 2022 -0700

    tests(rockspec) improve validation script for rockspec file (#8801)

commit 4759a29
Author: Datong Sun <[email protected]>
Date:   Tue May 10 02:57:55 2022 -0700

    chore(rockspec) add missing rockspec entry for
    `kong.db.migrations.core.016_280_to_300` which caused the packaging
    failure before

    Thanks @hutchic @flrgh for pointing out.

commit 49c3ae7
Author: Datong Sun <[email protected]>
Date:   Thu Apr 28 01:42:48 2022 -0700

    Revert "Revert "feat(dao) use `cache_key` for target uniqueness detection" (#8705)"

    This reverts commit 579537b.

commit 1439f9c
Author: Thijs Schreijer <[email protected]>
Date:   Thu May 12 12:16:38 2022 +0200

    chore(httplog) bump version for breaking change (#8792)

commit b440737
Author: Thijs Schreijer <[email protected]>
Date:   Wed May 11 18:15:26 2022 +0200

    fix(http-log) set headers with single value, not array (#6992)

commit 22f4cb2
Author: Colin Hutchinson <[email protected]>
Date:   Wed May 11 13:07:12 2022 +0000

    chore(ci) adjust the version string format for our nightlies

commit d09c66b
Author: Michael Martin <[email protected]>
Date:   Wed May 11 06:04:17 2022 -0700

    docs(changelog) add entry for http-stream API improvements (#8750)

commit 1265280
Author: Mayo <[email protected]>
Date:   Wed May 11 21:00:49 2022 +0800

    perf(clustering) log `push_config` duration to help debugging config export performance

    Co-authored-by: Datong Sun <[email protected]>
    Co-authored-by: Harry <[email protected]>

commit 78fa687
Author: Michael Martin <[email protected]>
Date:   Tue May 10 18:09:26 2022 -0700

    tests(rockspec) add a script to validate rockspec file

commit d569af6
Author: Javier <[email protected]>
Date:   Tue May 10 07:13:56 2022 -0500

    chore(plugins) remove deprecated BasePlugin (#7961)

    * chore(plugins) remove deprecated BasePlugin

    It has been removed from the docs for some time, but the core still
    has to check each method to see if it's actually reimplemented or just
    inherited.

    Updated several fixture plugins that still used it.

    Co-authored-by: Alan Boudreault <[email protected]>

commit 23f50ea
Author: Chrono <[email protected]>
Date:   Sat May 7 15:42:05 2022 +0800

    chore(tools) small optimization for grpc (#8763)

commit c5fd723
Author: Zachary Hu <[email protected]>
Date:   Thu May 5 15:25:16 2022 +0800

    feat(pdk) support HTTP/2 on Admin API server by adding new PDK function `nginx.get_statistics()` for fetching Nginx statistics

    Retired the `/nginx_status` location block and use LuaJIT FFI to fetch the counters directly instead.

    Co-authored-by: Datong Sun <[email protected]>

commit 0b000d2
Author: Aapo Talvensaari <[email protected]>
Date:   Mon May 2 14:50:05 2022 +0300

    fix(cmd) check db connection on reload

    Database connection may be changed on `kong reload`, so it is good that we
    check that before we signal to actual Kong server process to `reload`.

commit bc2879d
Author: Aapo Talvensaari <[email protected]>
Date:   Sun Apr 24 18:41:55 2022 +0300

    fix(conf) remove sensitive turns resolved configuration values back to references

    When Vault references are used in `kong.conf` settings, these may be displayed in
    plain in Kong Admin API, e.g. in `http :8001` (except the `pg_password,
    `cassandra_password`, and `pg_ro_password` which were masked properly).
    This commit turns configuration values back to references as part of removing
    sensitive values (`conf_loader.remove_sensitive`).

commit 9fa4647
Author: Aapo Talvensaari <[email protected]>
Date:   Fri Apr 22 11:21:19 2022 +0300

    fix(conf) allow only the enabled vaults

    There was some logic that allowed the default bundled vaults
    even in case they were not enabled. This commit fixes that.

commit d55d33b
Author: Aapo Talvensaari <[email protected]>
Date:   Tue Apr 19 20:46:20 2022 +0300

    fix(conf) ngx.socket.tcp not available on init

    Kong's initialization parses Kong configuration twice:

    1. first the config is parsed in timer context by kong start (cli)
    2. then the config is parsed again in init context when kong server is started

    Many Vault implementations will require the availability of `ngx.socket.tcp`
    to be able to fetch secrets. Unfortunately the `ngx.socket.tcp` is not available
    on init or init worker phases, but it works on timer context.

    Alternative approach would be to fetch secrets using `LuaSocket` on init phase,
    but that would mean that each secret is fetched twice (added latency + possible
    costs of accessing Vaults). Also, it is impossible to make `LuaSocket` and
    `ngx.socket.tcp` fully compatible, but there is one project that at least tried it:
    https://github.com/thibaultcha/lua-resty-socket

    This commit takes yet another approach:
    1. it fetches secret on CLI
    2. it passes secrets to server via environment variable
    3. except on `kong reload` it passes it to server via file `.kong_process_secrets`

    The error on current master branch looks like this:
    ```
    Error: ./kong/cmd/start.lua:64: nginx: [error] init_by_lua error: ./kong/globalpatches.lua:396: no request found
    ```

    This commit fixes it.

commit 79ad5fc
Author: Aapo Talvensaari <[email protected]>
Date:   Wed Apr 13 12:43:47 2022 +0300

    fix(conf) infer vault references

    Kong escapes e.g. `"#"` with `"\#"`, and these need to be removed before
    passing them to vault functions as otherwise reference like:

    ```
    {vault://env/pg-password#1}
    ```

    Doesn't work as it gets past as:

    ```
    {vault://env/pg-password\#1}
    ```

    This fixes that.

commit 2554988
Author: Aapo Talvensaari <[email protected]>
Date:   Wed May 4 19:04:50 2022 +0300

    chore(deps) bump resty.healthcheck from 1.5.0 to 1.5.1 (#8755)

    * Fix: avoid breaking active health checks when adding or removing targets.

commit fb00d31
Author: Aapo Talvensaari <[email protected]>
Date:   Wed May 4 16:41:18 2022 +0300

    chore(deps) bump luacheck (dev dep) from 0.26.0 to 0.26.1 (#8756)

    - Exempt special builtin \_ENV from 214 warning

    - In case of no home environment, default to caching in CWD (#60)
    - Add multi-thread support to container (#59)

    - Tweak warning message for 214 to be more explicit

commit 9376948
Author: Aapo Talvensaari <[email protected]>
Date:   Wed May 4 16:40:49 2022 +0300

    chore(deps) bump luasec from 1.0.2 to 1.1.0 (#8754)

    * Fix missing DANE flag
    * Remove unused parameter in https.lua

commit 54d46b9
Author: Aapo Talvensaari <[email protected]>
Date:   Wed May 4 16:00:37 2022 +0300

    chore(deps) bump resty.openssl from 0.8.7 to 0.8.8 (#8753)
    - **ctx:** use global ctx where request is unavailable [e3590cf](fffonion/lua-resty-openssl@e3590cf)
    - **x509.extension:** correct X509V3_CTX size for OpenSSL 3.0 [0946c59](fffonion/lua-resty-openssl@0946c59)
    - **x509.extension:** add X509V3_set_issuer_pkey in OpenSSL 3.0 [dbd3f74](fffonion/lua-resty-openssl@dbd3f74)
    - **x509.store:** add set_purpose and verify_method parameter [b7500fe](fffonion/lua-resty-openssl@b7500fe)

commit 6163945
Author: Aapo Talvensaari <[email protected]>
Date:   Wed May 4 15:19:43 2022 +0300

    chore(deps) bump openssl from 1.1.1n to 1.1.1o (#8752)

    Fixed a bug in the c_rehash script which was not properly sanitising shell
    metacharacters to prevent command injection
    ([CVE-2022-1292](https://www.openssl.org/news/vulnerabilities.html#CVE-2022-1292)).

commit 0973036
Author: Colin Hutchinson <[email protected]>
Date:   Thu Apr 28 17:05:38 2022 +0000

    chore(ci): fix the test packaging (#8723)

    * chore(ci): dummy commit to test ci
    * fix(ci): use relative path
    * Delete touchfile

commit 1bfdf97
Author: Colin Hutchinson <[email protected]>
Date:   Mon Apr 25 19:58:49 2022 +0000

    test(packaging): do a quick validation that Kong can viably be packaged, installed and used (#8707)

commit 86de704
Author: Murillo <[email protected]>
Date:   Wed Apr 20 20:18:14 2022 -0300

    fix(cp) proper error handling for export_deflated_reconfigure_payload

commit 612648c
Author: Murillo <[email protected]>
Date:   Wed Apr 13 11:28:29 2022 -0300

    fix(wrpc) do a pcall for all export_deflated_reconfigure_payload calls

    We are already wrapping some calls to
    `export_deflated_reconfigure_payload()` inside a pcall in the
    `wrpc_control_plane.lua` file. This change is doing a pcall in all the
    remaining calls to `export_deflated_reconfigure_payload()` in this file
    to avoid the CP crash whenever we find errors during initialization of
    modules for example.

commit 3c89fa1
Author: Murillo <[email protected]>
Date:   Mon Apr 11 16:05:09 2022 -0300

    fix(cp) do a pcall for all calls to export_deflated_reconfigure_payload

    We are already wrapping some calls to
    `export_deflated_reconfigure_payload()` inside a pcall in the
    `control_plane.lua` file. This change is doing a pcall in all the
    remaining calls to `export_deflated_reconfigure_payload()` in this file
    to avoid the CP crash whenever we find errors during initialization of
    modules for example.

commit 6f20f2f
Author: Enrique García Cota <[email protected]>
Date:   Fri Apr 22 15:18:24 2022 +0200

    tests(hybrid) mark test as flaky (#8713)

commit fb8aa2d
Author: Suika <[email protected]>
Date:   Fri Apr 22 01:24:15 2022 +0800

    fix(pdk) ignore user set Tranfer-Encoding (#8698)

commit 31ca6ea
Author: Colin Hutchinson <[email protected]>
Date:   Thu Apr 21 11:33:23 2022 +0000

    chore(release): cleanup the Jenkins release logic (#8706)

commit 39dd728
Author: Aapo Talvensaari <[email protected]>
Date:   Thu Apr 21 13:32:50 2022 +0300

    feat(clustering) atomic export of declarative config with Postgres

    This minimizes the possibilities of inconsistencies in exported config, especially under high Admin API update traffic.

commit 579537b
Author: Colin Hutchinson <[email protected]>
Date:   Wed Apr 20 18:00:04 2022 +0000

    Revert "feat(dao) use `cache_key` for target uniqueness detection" (#8705)

    This reverts commit 9eba2a1.

commit a05cc4c
Author: Vinicius Mignot <[email protected]>
Date:   Tue Apr 19 16:42:12 2022 -0300

    docs(CHANGELOG) added fix entry

commit 9a65902
Author: Vinicius Mignot <[email protected]>
Date:   Tue Apr 19 15:41:43 2022 -0300

    fix(balancer) do not reschedule resolve timer when reloading

commit f6aae6f
Author: Aapo Talvensaari <[email protected]>
Date:   Tue Apr 19 17:56:27 2022 +0300

    chore(deps) bump luarocks 3.8.0 to 3.9.0 (#8700)

    * `builtin` build mode now always respects CC, CFLAGS and LDFLAGS
    * Check that lua.h version matches the desired Lua version
    * Check that the version of the Lua C library matches the desired Lua version
    * Fixed deployment of non-wrapped binaries
    * Fixed crash when `--lua-version` option is malformed
    * Fixed help message for `--pin` option
    * Unix: use native methods and don't always rely on $USER to determine user
    * Windows: use native CLI tooling more
    * macOS: support .tbd extension when checking for libraries
    * macOS: add XCode SDK path to search paths
    * macOS: add best-effort heuristic for library search using Homebrew paths
    * macOS: avoid quoting issues with LIBFLAG
    * macOS: deployment target is now 11.0 on macOS 11+
    * added DragonFly BSD support
    * LuaRocks test suite now runs on Lua 5.4 and LuaJIT
    * Internal dependencies of standalone LuaRocks executable were bumped

commit eb9a8ba
Author: Aapo Talvensaari <[email protected]>
Date:   Mon Apr 11 16:35:08 2022 +0300

    perf(conf) localize variables needed for configuration parsing

    Just localizes some variable for a faster configuration parsing, and tidier
    code.

commit 951b93f
Author: Aapo Talvensaari <[email protected]>
Date:   Mon Apr 11 15:57:22 2022 +0300

    fix(conf) properly support vault configurations with process secrets

    Default vault configurations can be configured with Kong configuration.

    For example using environment variables:

    - `KONG_VAULT_ENV_PREFIX=vault_`
    - `KONG_VAULT_HCV_TOKEN=xxx`

    Previously these settings were not honoured when kong configuration references
    were dereferenced. This fixes that issue.

commit 3d583c8
Author: Aapo Talvensaari <[email protected]>
Date:   Mon Apr 11 12:49:35 2022 +0300

    refactor(pdk) vault pdk to be more like rest of the pdk modules

    Refactor Vault PDK to follow other Kong PDK modules. This means that functions
    are created inside `.new` function. This has benefit of being able to access
    up-value `self`, which means that no direct references to global `kong` is needed.

    In general, it makes testing and mocking easier too.

    I need this so I can pass some initial configuration very early on when Kong does
    process secrets resolving of Kong configuration references.

commit 5156596
Author: Aapo Talvensaari <[email protected]>
Date:   Fri Apr 8 16:33:33 2022 +0300

    feat(vaults) store dao references in $refs (needed for rotation)

    When there are references used in dao fields with `referenceable=true`,
    Kong replaces the references with values when the data is read
    (excluding admin api and control planes). When Kong replaces the reference,
    it is basically lost, and thus the automatic secret rotation cannot be
    implemented. This commit stores the references on returned entities to
    `"$refs"` property:

    ```
    local certificate = kong.db.certificates:select(...)
    -- the possible reference can be found here:
    print(certificate["$refs"].key)
    ```

    There will be helper functions so `"$refs"` property is not intended to
    end users.

commit ac69743
Author: Aapo Talvensaari <[email protected]>
Date:   Fri Apr 8 16:00:49 2022 +0300

    fix(vaults) do not leak resolved vault references to .kong_env file

    When Kong prepares a `prefix` directory, it also stores current environment
    related to Kong in file called `.kong_env`. As Kong resolves the Vault
    references when it starts, the resolved values got leaked to `.kong_env`
    file. This was partly because for `vaults-beta` we didn't yet implement
    secret rotation, and we decided to also not keep the references around
    when they were resolved. Not that we have added the `"$refs"` property
    to `kong.configuration`, we can replace the values of configuration with
    the references before we write the `.kong_env` file.

    This commit fixes that.

commit 7f13cbc
Author: Aapo Talvensaari <[email protected]>
Date:   Fri Apr 8 15:53:29 2022 +0300

    feat(vaults) store configuration references in $refs (needed for rotation and .kong_env cleanup)

    Kong vault references like `{vault://env/my-env-var}` when used in Kong configuration are replaced
    with actual secrets. This makes it hard to implement secret rotation as the reference is lost when
    it is replaced. This commit stores the original references on a side:

    ```lua
    kong.configuration[$refs][<key>] = <reference>
    ```

commit bffa4af
Author: Mayo <[email protected]>
Date:   Tue Apr 19 17:57:40 2022 +0800

    chore(ci) changelog label

    Any PR includes a changelog will add a “core/docs” label which is unnecessary, this PR added an extra label 'changelog' to detect changelog file changes.

commit 9eba2a1
Author: yankun-li-kong <[email protected]>
Date:   Tue Apr 19 19:27:23 2022 +0900

    feat(dao) use `cache_key` for target uniqueness detection

    Add new `cache_key(upstream, target)` in targets table for atomic
    uniqueness detection.
    Delete useless targets uniqueness detection functions.
    Targets API returns `409` when creating/updating delicate targets.
    Add migration functions to add `cache_key` column,
    delete duplicate targets and add `cache_key` for existing targets.

    Co-authored-by: Mayo <[email protected]>

commit d7a8e66
Author: Mayo <[email protected]>
Date:   Tue Apr 19 17:36:33 2022 +0800

    fix(ldap-auth) free internal pointer after covert to lua string (#8696)

commit d4bdae5
Author: Mayo <[email protected]>
Date:   Tue Apr 19 12:08:09 2022 +0800

    refactor(ldap-auth) openssl ffi based asn1 parser/decoder (#8663)

    Replace asn1 parser/decoder with openssl ffi based functions.

commit 79f362d
Author: Wheeler Law <[email protected]>
Date:   Mon Apr 18 04:51:32 2022 -0500

    chore(CODEOWNERS) add `CODEOWNERS` file to the repo

Author: ADD-SP

.github/workflows/build_and_test.yml

@@ -109,6 +109,11 @@ jobs:
     #       eval `luarocks path`
     #       luacheck -q .
 
+    - name: Validate rockspec file
+      run: |
+          eval `luarocks path`
+          scripts/validate-rockspec
+
     - name: Unit tests
       run: |
           eval `luarocks path`
@@ -129,6 +134,8 @@ jobs:
       KONG_TEST_PG_DATABASE: kong
       KONG_TEST_PG_USER: kong
       KONG_TEST_DATABASE: postgres
+      KONG_SPEC_TEST_GRPCBIN_PORT: "15002"
+      KONG_SPEC_TEST_GRPCBIN_SSL_PORT: "15003"
       TEST_SUITE: ${{ matrix.suite }}
       TEST_SPLIT: ${{ matrix.split }}
 
@@ -209,6 +216,8 @@ jobs:
       KONG_TEST_PG_DATABASE: kong
       KONG_TEST_PG_USER: kong
       KONG_TEST_DATABASE: 'off'
+      KONG_SPEC_TEST_GRPCBIN_PORT: "15002"
+      KONG_SPEC_TEST_GRPCBIN_SSL_PORT: "15003"
       TEST_SUITE: dbless
 
     services:
@@ -262,6 +271,8 @@ jobs:
 
     env:
       KONG_TEST_DATABASE: cassandra
+      KONG_SPEC_TEST_GRPCBIN_PORT: "15002"
+      KONG_SPEC_TEST_GRPCBIN_SSL_PORT: "15003"
       TEST_SUITE: ${{ matrix.suite }}
       TEST_SPLIT: ${{ matrix.split }}
 
@@ -318,7 +329,7 @@ jobs:
       run: |
           echo "127.0.0.1 grpcs_1.test" | sudo tee -a /etc/hosts
           echo "127.0.0.1 grpcs_2.test" | sudo tee -a /etc/hosts
-    
+
     - name: Enable SSL for Redis
       run: |
           docker cp ${{ github.workspace }} kong_redis:/workspace

.requirements

@@ -4,7 +4,7 @@ KONG_LICENSE="ASL 2.0"
 
 RESTY_VERSION=1.19.9.1
 RESTY_LUAROCKS_VERSION=3.9.0
-RESTY_OPENSSL_VERSION=1.1.1n
+RESTY_OPENSSL_VERSION=1.1.1o
 RESTY_PCRE_VERSION=8.45
 RESTY_LMDB_VERSION=master
 LIBYAML_VERSION=0.2.5

CHANGELOG.md

@@ -73,6 +73,10 @@
 
 ### Breaking Changes
 
+- Deprecate/stop producing Debian 8 "Jessie" containers and packages (EOLed June 2020)
+  [Kong/kong-build-tools #448](https://github.com/Kong/kong-build-tools/pull/448)
+  [Kong/kong-distributions #766](https://github.com/Kong/kong-distributions/pull/766)
+
 #### Admin API
 
 - Insert and update operations on target entities require using the `PUT` HTTP
@@ -81,18 +85,30 @@
   when updating to Kong 3.0.
 - Insert and update operations on duplicated target entities returns 409.
   [#8179](https://github.com/Kong/kong/pull/8179)
+- The list of reported plugins available on the server now returns a table of
+  metadata per plugin instead of a boolean `true`.
+  [#8810](https://github.com/Kong/kong/pull/8810)
 
 #### PDK
 
 - The PDK is no longer versioned
   [#8585](https://github.com/Kong/kong/pull/8585)
 
+#### Plugins
+
+- The HTTP-log plugin `headers` field now only takes a single string per header name,
+  where it previously took an array of values
+  [#6992](https://github.com/Kong/kong/pull/6992)
+
 ### Deprecations
 
 - The `go_pluginserver_exe` and `go_plugins_dir` directives are no longer supported.
   [#8552](https://github.com/Kong/kong/pull/8552). If you are using
   [Go plugin server](https://github.com/Kong/go-pluginserver), please migrate your plugins to use the
   [Go PDK](https://github.com/Kong/go-pdk) before upgrading.
+- The migration helper library is no longer supplied with Kong (we didn't use it for anything,
+  and the only function it had, was for the deprecated Cassandra).
+  [#8781](https://github.com/Kong/kong/pull/8781)
 
 
 #### Plugins
@@ -115,19 +131,30 @@
 
 - Bumped pgmoon from 1.13.0 to 1.14.0
   [#8429](https://github.com/Kong/kong/pull/8429)
-- OpenSSL bumped to 1.1.1n
+- OpenSSL bumped to from 1.1.1n to 1.1.1o
   [#8544](https://github.com/Kong/kong/pull/8544)
+  [#8752](https://github.com/Kong/kong/pull/8752)
 - Bumped resty.openssl from 0.8.5 to 0.8.7
   [#8592](https://github.com/Kong/kong/pull/8592)
+  [#8753](https://github.com/Kong/kong/pull/8753)
 - Bumped inspect from 3.1.2 to 3.1.3
   [#8589](https://github.com/Kong/kong/pull/8589)
 - Bumped resty.acme from 0.7.2 to 0.8.0
   [#8680](https://github.com/Kong/kong/pull/8680)
 - Bumped luarocks from 3.8.0 to 3.9.0
   [#8700](https://github.com/Kong/kong/pull/8700)
+- Bumped luasec from 1.0.2 to 1.1.0
+  [#8754](https://github.com/Kong/kong/pull/8754)
+- Bumped resty.healthcheck from 1.5.0 to 1.5.1
+  [#8755](https://github.com/Kong/kong/pull/8755)
 
 ### Additions
 
+#### Core
+
+- Added `cache_key` on target entity for uniqueness detection.
+  [#8179](https://github.com/Kong/kong/pull/8179)
+
 #### Plugins
 
 - **Zipkin**: add support for including HTTP path in span name
@@ -157,6 +184,8 @@ a restart (e.g., upon a plugin server crash).
   [#8547](https://github.com/Kong/kong/pull/8547)
 - Fixed an issue on trying to reschedule the DNS resolving timer when Kong was
   being reloaded. [#8702](https://github.com/Kong/kong/pull/8702)
+- The private stream API has been rewritten to allow for larger message payloads
+  [#8641](https://github.com/Kong/kong/pull/8641)
 
 #### Plugins
 
@@ -413,6 +442,7 @@ In this release we continued our work on better performance:
   Thanks [beldahanit](https://github.com/beldahanit) for reporting the issue!
 - Old `BasePlugin` is deprecated and will be removed in a future version of Kong.
   Porting tips in the [documentation](https://docs.konghq.com/gateway-oss/2.3.x/plugin-development/custom-logic/#porting-from-old-baseplugin-style)
+- The deprecated **BasePlugin** has been removed. [#7961](https://github.com/Kong/kong/pull/7961)
 
 ### Fixes
 
@@ -898,6 +928,7 @@ grpc-gateway plugin first:
 
 #### Plugins
 
+- All custom plugins that are using the deprecated `BasePlugin` class have to remove this inheritance.
 - **LDAP-auth**: The LDAP Authentication schema now includes a default value for the `config.ldap_port` parameter
   that matches the documentation. Before the plugin documentation [Parameters](https://docs.konghq.com/hub/kong-inc/ldap-auth/#parameters)
   section included a reference to a default value for the LDAP port; however, the default value was not included in the plugin schema.

Jenkinsfile

@@ -9,7 +9,6 @@ pipeline {
         DOCKER_CREDENTIALS = credentials('dockerhub')
         DOCKER_USERNAME = "${env.DOCKER_CREDENTIALS_USR}"
         DOCKER_PASSWORD = "${env.DOCKER_CREDENTIALS_PSW}"
-        KONG_PACKAGE_NAME = "kong"
         DOCKER_CLI_EXPERIMENTAL = "enabled"
         PULP_HOST_PROD = "https://api.pulp.konnect-prod.konghq.com"
         PULP_PROD = credentials('PULP')
@@ -19,6 +18,24 @@ pipeline {
         DEBUG = 0
     }
     stages {
+        stage('Test The Package') {
+            agent {
+                node {
+                    label 'bionic'
+                }
+            }
+            when { changeRequest target: 'master' }
+            environment {
+                KONG_BUILD_TOOLS_LOCATION = "${env.WORKSPACE}/../kong-build-tools"
+                KONG_SOURCE_LOCATION = "${env.WORKSPACE}"
+            }
+            steps {
+                sh 'echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin || true'
+                sh 'make setup-kong-build-tools'
+                sh 'cd ../kong-build-tools && make package-kong test'
+            }
+            
+        }
         stage('Release Per Commit') {
             when {
                 beforeAgent true
@@ -30,7 +47,6 @@ pipeline {
                 }
             }
             environment {
-                KONG_PACKAGE_NAME = "kong"
                 KONG_SOURCE_LOCATION = "${env.WORKSPACE}"
                 KONG_BUILD_TOOLS_LOCATION = "${env.WORKSPACE}/../kong-build-tools"
                 AWS_ACCESS_KEY = credentials('AWS_ACCESS_KEY')
@@ -45,7 +61,7 @@ pipeline {
             steps {
                 sh 'echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin || true'
                 sh 'make setup-kong-build-tools'
-                sh 'KONG_VERSION=`git rev-parse --short HEAD` DOCKER_MACHINE_ARM64_NAME="jenkins-kong-"`cat /proc/sys/kernel/random/uuid` make release'
+                sh 'KONG_VERSION=`echo kong-*.rockspec | sed \'s,.*/,,\' | cut -d- -f2`-`git rev-parse --short HEAD` DOCKER_MACHINE_ARM64_NAME="jenkins-kong-"`cat /proc/sys/kernel/random/uuid` make release'
             }
         }
         stage('Release') {

Makefile

@@ -1,7 +1,7 @@
 OS := $(shell uname | awk '{print tolower($$0)}')
 MACHINE := $(shell uname -m)
 
-DEV_ROCKS = "busted 2.0.0" "busted-htest 1.0.0" "luacheck 0.26.0" "lua-llthreads2 0.1.6" "http 0.4" "ldoc 1.4.6"
+DEV_ROCKS = "busted 2.0.0" "busted-htest 1.0.0" "luacheck 0.26.1" "lua-llthreads2 0.1.6" "http 0.4" "ldoc 1.4.6"
 WIN_SCRIPTS = "bin/busted" "bin/kong"
 BUSTED_ARGS ?= -v
 TEST_CMD ?= bin/busted $(BUSTED_ARGS)

kong-2.8.0-0.rockspec

@@ -13,7 +13,7 @@ description = {
 }
 dependencies = {
   "inspect == 3.1.3",
-  "luasec == 1.0.2",
+  "luasec == 1.1.0",
   "luasocket == 3.0-rc1",
   "penlight == 1.12.0",
   "lua-resty-http ~> 0.17",
@@ -33,10 +33,10 @@ dependencies = {
   "luaxxhash >= 1.0",
   "lua-protobuf == 0.3.3",
   "lua-resty-worker-events == 1.0.0",
-  "lua-resty-healthcheck == 1.5.0",
+  "lua-resty-healthcheck == 1.5.1",
   "lua-resty-mlcache == 2.5.0",
   "lua-messagepack == 0.5.2",
-  "lua-resty-openssl == 0.8.7",
+  "lua-resty-openssl == 0.8.8",
   "lua-resty-counter == 0.2.1",
   "lua-resty-ipmatcher == 0.6.1",
   "lua-resty-acme == 0.8.0",
@@ -101,7 +101,6 @@ build = {
     ["kong.resty.dns.client"] = "kong/resty/dns/client.lua",
     ["kong.resty.dns.utils"] = "kong/resty/dns/utils.lua",
     ["kong.resty.ctx"] = "kong/resty/ctx.lua",
-    ["kong.vendor.classic"] = "kong/vendor/classic.lua",
 
     ["kong.cmd"] = "kong/cmd/init.lua",
     ["kong.cmd.roar"] = "kong/cmd/roar.lua",
@@ -125,6 +124,7 @@ build = {
     ["kong.cmd.utils.tty"] = "kong/cmd/utils/tty.lua",
     ["kong.cmd.utils.nginx_signals"] = "kong/cmd/utils/nginx_signals.lua",
     ["kong.cmd.utils.prefix_handler"] = "kong/cmd/utils/prefix_handler.lua",
+    ["kong.cmd.utils.process_secrets"] = "kong/cmd/utils/process_secrets.lua",
 
     ["kong.api"] = "kong/api/init.lua",
     ["kong.api.api_helpers"] = "kong/api/api_helpers.lua",
@@ -226,7 +226,6 @@ build = {
     ["kong.db.strategies.off.tags"] = "kong/db/strategies/off/tags.lua",
 
     ["kong.db.migrations.state"] = "kong/db/migrations/state.lua",
-    ["kong.db.migrations.helpers"] = "kong/db/migrations/helpers.lua",
     ["kong.db.migrations.subsystems"] = "kong/db/migrations/subsystems.lua",
     ["kong.db.migrations.core"] = "kong/db/migrations/core/init.lua",
     ["kong.db.migrations.core.000_base"] = "kong/db/migrations/core/000_base.lua",
@@ -243,9 +242,11 @@ build = {
     ["kong.db.migrations.core.013_220_to_230"] = "kong/db/migrations/core/013_220_to_230.lua",
     ["kong.db.migrations.core.014_230_to_270"] = "kong/db/migrations/core/014_230_to_270.lua",
     ["kong.db.migrations.core.015_270_to_280"] = "kong/db/migrations/core/015_270_to_280.lua",
+    ["kong.db.migrations.core.016_280_to_300"] = "kong/db/migrations/core/016_280_to_300.lua",
     ["kong.db.migrations.operations.200_to_210"] = "kong/db/migrations/operations/200_to_210.lua",
     ["kong.db.migrations.operations.210_to_211"] = "kong/db/migrations/operations/210_to_211.lua",
     ["kong.db.migrations.operations.212_to_213"] = "kong/db/migrations/operations/212_to_213.lua",
+    ["kong.db.migrations.operations.280_to_300"] = "kong/db/migrations/operations/280_to_300.lua",
 
     ["kong.pdk"] = "kong/pdk/init.lua",
     ["kong.pdk.private.checks"] = "kong/pdk/private/checks.lua",
@@ -267,8 +268,6 @@ build = {
     ["kong.pdk.cluster"] = "kong/pdk/cluster.lua",
     ["kong.pdk.vault"] = "kong/pdk/vault.lua",
 
-    ["kong.plugins.base_plugin"] = "kong/plugins/base_plugin.lua",
-
     ["kong.plugins.basic-auth.migrations"] = "kong/plugins/basic-auth/migrations/init.lua",
     ["kong.plugins.basic-auth.migrations.000_base_basic_auth"] = "kong/plugins/basic-auth/migrations/000_base_basic_auth.lua",
     ["kong.plugins.basic-auth.migrations.002_130_to_140"] = "kong/plugins/basic-auth/migrations/002_130_to_140.lua",
@@ -310,6 +309,8 @@ build = {
 
     ["kong.plugins.http-log.handler"] = "kong/plugins/http-log/handler.lua",
     ["kong.plugins.http-log.schema"] = "kong/plugins/http-log/schema.lua",
+    ["kong.plugins.http-log.migrations"] = "kong/plugins/http-log/migrations/init.lua",
+    ["kong.plugins.http-log.migrations.001_280_to_300"] = "kong/plugins/http-log/migrations/001_280_to_300.lua",
 
     ["kong.plugins.file-log.handler"] = "kong/plugins/file-log/handler.lua",
     ["kong.plugins.file-log.schema"] = "kong/plugins/file-log/schema.lua",

kong/api/routes/health.lua

@@ -1,17 +1,12 @@
 local utils = require "kong.tools.utils"
 local declarative = require "kong.db.declarative"
 
-local find = string.find
-local select = select
 local tonumber = tonumber
 local kong = kong
 local knode  = (kong and kong.node) and kong.node or
                require "kong.pdk.node".new()
 
 
-local select = select
-local tonumber = tonumber
-local kong = kong
 local dbless = kong.configuration.database == "off"
 local data_plane_role = kong.configuration.role == "data_plane"
 
@@ -41,27 +36,9 @@ return {
       end
 
       -- nginx stats
-
-      local r = ngx.location.capture "/nginx_status"
-      if r.status ~= 200 then
-        kong.log.err(r.body)
-        return kong.response.exit(500, { message = "An unexpected error happened" })
-      end
-
-      local var = ngx.var
-      local accepted, handled, total = select(3, find(r.body, "accepts handled requests\n (%d*) (%d*) (%d*)"))
-
       local status_response = {
         memory = knode.get_memory_stats(unit, scale),
-        server = {
-          connections_active = tonumber(var.connections_active),
-          connections_reading = tonumber(var.connections_reading),
-          connections_writing = tonumber(var.connections_writing),
-          connections_waiting = tonumber(var.connections_waiting),
-          connections_accepted = tonumber(accepted),
-          connections_handled = tonumber(handled),
-          total_requests = tonumber(total)
-        },
+        server = kong.nginx.get_statistics(),
         database = {
           reachable = true,
         },

kong/api/routes/kong.lua

@@ -91,18 +91,25 @@ return {
         ngx.log(ngx.ERR, "could not get node id: ", err)
       end
 
+      local available_plugins = {}
+      for name in pairs(singletons.configuration.loaded_plugins) do
+        available_plugins[name] = {
+          version = kong.db.plugins.handlers[name].VERSION or true
+        }
+      end
+
       return kong.response.exit(200, {
         tagline = tagline,
         version = version,
         hostname = knode.get_hostname(),
         node_id = node_id,
         timers = {
           running = ngx.timer.running_count(),
-          pending = ngx.timer.pending_count()
+          pending = ngx.timer.pending_count(),
         },
         plugins = {
-          available_on_server = singletons.configuration.loaded_plugins,
-          enabled_in_cluster = distinct_plugins
+          available_on_server = available_plugins,
+          enabled_in_cluster = distinct_plugins,
         },
         lua_version = lua_version,
         configuration = conf_loader.remove_sensitive(singletons.configuration),