diff --git a/changelog/unreleased/kong/dynamic-set-tls-in-pdk-set_scheme.yml b/changelog/unreleased/kong/dynamic-set-tls-in-pdk-set_scheme.yml new file mode 100644 index 000000000000..1cc1b3edf553 --- /dev/null +++ b/changelog/unreleased/kong/dynamic-set-tls-in-pdk-set_scheme.yml @@ -0,0 +1,3 @@ +message: dynamic control upstream tls when kong.service.request.set_scheme was called +type: feature +scope: PDK diff --git a/kong/pdk/service/request.lua b/kong/pdk/service/request.lua index f583d390fa14..72aa1a03394a 100644 --- a/kong/pdk/service/request.lua +++ b/kong/pdk/service/request.lua @@ -6,7 +6,7 @@ local cjson = require "cjson.safe" local buffer = require "string.buffer" local checks = require "kong.pdk.private.checks" local phase_checker = require "kong.pdk.private.phases" - +local balancer = require "ngx.balancer" local ngx = ngx local ngx_var = ngx.var @@ -112,6 +112,15 @@ local function new(self) error("invalid scheme: " .. scheme, 2) end + if ngx.get_phase() == "balancer" then + if scheme == "https" then + kong.service.request.enable_tls() + end + if scheme == "http" then + kong.service.request.disable_tls() + end + end + ngx_var.upstream_scheme = scheme end @@ -711,6 +720,14 @@ local function new(self) return disable_proxy_ssl() end + else + request.disable_tls = function() + return balancer.set_upstream_tls(false) + end + + request.enable_tls = function() + return balancer.set_upstream_tls(true) + end end return request diff --git a/t/01-pdk/06-service-request/00-phase_checks.t b/t/01-pdk/06-service-request/00-phase_checks.t index 493e4926c0e8..b2e7a992c774 100644 --- a/t/01-pdk/06-service-request/00-phase_checks.t +++ b/t/01-pdk/06-service-request/00-phase_checks.t @@ -186,6 +186,30 @@ qq{ body_filter = false, log = false, admin_api = "forced false", + },{ + method = "disable_tls", + args = { }, + init_worker = "forced false", + certificate = "pending", + rewrite = "forced false", + access = "forced false", + response = "forced false", + header_filter = "forced false", + body_filter = "forced false", + log = "forced false", + admin_api = "forced false", + },{ + method = "enable_tls", + args = { }, + init_worker = "forced false", + certificate = "pending", + rewrite = "forced false", + access = "forced false", + response = "forced false", + header_filter = "forced false", + body_filter = "forced false", + log = "forced false", + admin_api = "forced false", }, }