fix merge conflict

Signed-off-by: Ashish Tiwari <[email protected]>

.asf.yaml

@@ -53,6 +53,10 @@ github:
           dismiss_stale_reviews: true
           require_code_owner_reviews: true
           required_approving_review_count: 2
+      release/3.7:
+        required_pull_request_reviews:
+          require_code_owner_reviews: true
+          required_approving_review_count: 2
       release/3.6:
         required_pull_request_reviews:
           require_code_owner_reviews: true

.github/workflows/fuzzing-ci.yaml

@@ -43,14 +43,25 @@ jobs:
       run: |
         project_compose_ci=ci/pod/docker-compose.common.yml make ci-env-up
 
+    - name: Linux Before install
+      run: sudo ./ci/linux_openresty_runner.sh before_install
+
+    - name: Linux Install
+      run: |
+        sudo --preserve-env=OPENRESTY_VERSION \
+        ./ci/linux_openresty_runner.sh do_install
+
     - name: run apisix
       run: |
+        source ./ci/common.sh
+        export_version_info
+        export_or_prefix
         wget -qO - https://openresty.org/package/pubkey.gpg | sudo apt-key add -
         sudo apt-get update
         sudo apt-get -y install software-properties-common
         sudo add-apt-repository -y "deb http://openresty.org/package/ubuntu $(lsb_release -sc) main"
         sudo apt-get update
-        sudo apt-get install -y git openresty curl openresty-openssl111-dev unzip make gcc libldap2-dev
+        sudo apt-get install -y git curl openresty-openssl111-dev unzip make gcc libldap2-dev
         ./utils/linux-install-luarocks.sh
 
         make deps
@@ -59,7 +70,10 @@ jobs:
 
     - name: run upstream
       run: |
-        sudo openresty -c $PWD/t/fuzzing/upstream/nginx.conf
+        source ./ci/common.sh
+        export_version_info
+        export_or_prefix
+        sudo /usr/local/openresty/bin/openresty -c $PWD/t/fuzzing/upstream/nginx.conf
 
     - name: install boofuzz
       run: |
@@ -69,6 +83,9 @@ jobs:
 
     - name: run tests
       run: |
+        source ./ci/common.sh
+        export_version_info
+        export_or_prefix
         export APISIX_FUZZING_PWD=$PWD
         python $PWD/t/fuzzing/simpleroute_test.py
         python $PWD/t/fuzzing/serverless_route_test.py

CHANGELOG.md

@@ -23,6 +23,7 @@ title: Changelog
 
 ## Table of Contents
 
+- [3.7.0](#370)
 - [3.6.0](#360)
 - [3.5.0](#350)
 - [3.4.0](#340)
@@ -73,6 +74,44 @@ title: Changelog
 - [0.7.0](#070)
 - [0.6.0](#060)
 
+## 3.7.0
+
+### Change
+
+- :warning: Creating core resources does not allow passing in `create_time` and `update_time`: [#10232](https://github.com/apache/apisix/pull/10232)
+- :warning: Remove self-contained info fields `exptime` and `validity_start` and `validity_end` from ssl schema: [10323](https://github.com/apache/apisix/pull/10323)
+- :warning: Replace `route` with `apisix.route_name`, `service` with `apisix.service_name` in the attributes of opentelemetry plugin to follow the standards for span name and attributes: [#10393](https://github.com/apache/apisix/pull/10393)
+
+### Core
+
+- :sunrise: Added token to support access control for consul discovery: [#10278](https://github.com/apache/apisix/pull/10278)
+- :sunrise: Support configuring `service_id` in stream_route to reference service resources: [#10298](https://github.com/apache/apisix/pull/10298)
+- :sunrise: Using `apisix-runtime` as the apisix runtime:
+  - [#10415](https://github.com/apache/apisix/pull/10415)
+  - [#10427](https://github.com/apache/apisix/pull/10427)
+
+### Plugins
+
+- :sunrise: Add tests for authz-keycloak with apisix secrets: [#10353](https://github.com/apache/apisix/pull/10353)
+- :sunrise: Add authorization params to openid-connect plugin: [#10058](https://github.com/apache/apisix/pull/10058)
+- :sunrise: Support set variable in zipkin plugin: [#10361](https://github.com/apache/apisix/pull/10361)
+- :sunrise: Support Nacos ak/sk authentication: [#10445](https://github.com/apache/apisix/pull/10445)
+
+### Bugfixes
+
+- Fix: Use warn log for get healthcheck target status failure:
+  - [#10156](https://github.com/apache/apisix/pull/10156)
+- Fix: Keep healthcheck target state when upstream changes:
+  - [#10312](https://github.com/apache/apisix/pull/10312)
+  - [#10307](https://github.com/apache/apisix/pull/10307)
+- Fix: Add name field in plugin_config schema for consistency: [#10315](https://github.com/apache/apisix/pull/10315)
+- Fix: Optimize tls in upstream_schema and wrong variable: [#10269](https://github.com/apache/apisix/pull/10269)
+- Fix(consul): Failed to exit normally: [#10342](https://github.com/apache/apisix/pull/10342)
+- Fix: The request header with `Content-Type: application/x-www-form-urlencoded;charset=utf-8` will cause vars condition `post_arg_xxx` matching to failed: [#10372](https://github.com/apache/apisix/pull/10372)
+- Fix: Make install failed on mac: [#10403](https://github.com/apache/apisix/pull/10403)
+- Fix(log-rotate): Log compression timeout caused data loss: [#8620](https://github.com/apache/apisix/pull/8620)
+- Fix(kafka-logger): Remove 0 from enum of required_acks: [#10469](https://github.com/apache/apisix/pull/10469)
+
 ## 3.6.0
 
 ### Change

apisix/core/version.lua

@@ -20,5 +20,5 @@
 -- @module core.version
 
 return {
-    VERSION = "3.6.0"
+    VERSION = "3.7.0"
 }

apisix/plugins/multi-auth.lua

@@ -0,0 +1,89 @@
+--
+-- Licensed to the Apache Software Foundation (ASF) under one or more
+-- contributor license agreements.  See the NOTICE file distributed with
+-- this work for additional information regarding copyright ownership.
+-- The ASF licenses this file to You under the Apache License, Version 2.0
+-- (the "License"); you may not use this file except in compliance with
+-- the License.  You may obtain a copy of the License at
+--
+--     http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+--
+local core = require("apisix.core")
+local require = require
+local pairs = pairs
+
+local schema = {
+    type = "object",
+    title = "work with route or service object",
+    properties = {
+        auth_plugins = { type = "array", minItems = 2 }
+    },
+    required = { "auth_plugins" },
+}
+
+
+local plugin_name = "multi-auth"
+
+local _M = {
+    version = 0.1,
+    priority = 2600,
+    type = 'auth',
+    name = plugin_name,
+    schema = schema
+}
+
+function _M.check_schema(conf)
+    local ok, err = core.schema.check(schema, conf)
+    if not ok then
+        return false, err
+    end
+
+    local auth_plugins = conf.auth_plugins
+    for k, auth_plugin in pairs(auth_plugins) do
+        for auth_plugin_name, auth_plugin_conf in pairs(auth_plugin) do
+            local auth = require("apisix.plugins." .. auth_plugin_name)
+            if auth == nil then
+                return false, auth_plugin_name .. " plugin did not found"
+                else
+                if auth.type ~= 'auth' then
+                    return false, auth_plugin_name .. " plugin is not supported"
+                end
+            end
+        end
+    end
+
+    return true
+end
+
+function _M.rewrite(conf, ctx)
+    local auth_plugins = conf.auth_plugins
+    local status_code
+    for k, auth_plugin in pairs(auth_plugins) do
+        for auth_plugin_name, auth_plugin_conf in pairs(auth_plugin) do
+            local auth = require("apisix.plugins." .. auth_plugin_name)
+            -- returns 401 HTTP status code if authentication failed, otherwise returns nothing.
+            local auth_code = auth.rewrite(auth_plugin_conf, ctx)
+            status_code = auth_code
+            if auth_code == nil then
+                core.log.debug(auth_plugin_name .. " succeed to authenticate the request")
+                goto authenticated
+            else
+                core.log.debug(auth_plugin_name .. " failed to authenticate the request, code: "
+                        .. auth_code)
+            end
+        end
+    end
+
+    :: authenticated ::
+    if status_code ~= nil then
+        return 401, { message = "Authorization Failed" }
+    end
+end
+
+return _M

apisix/plugins/openid-connect.lua

@@ -56,6 +56,10 @@ local schema = {
             type = "string",
             default = "client_secret_basic"
         },
+        token_endpoint_auth_method = {
+            type = "string",
+            default = "client_secret_basic"
+        },
         bearer_only = {
             type = "boolean",
             default = false,

conf/config-default.yaml

@@ -457,6 +457,7 @@ plugins:                           # plugin list (sorted by priority)
   - uri-blocker                    # priority: 2900
   - request-validation             # priority: 2800
   - chaitin-waf                    # priority: 2700
+  - multi-auth                     # priority: 2600
   - openid-connect                 # priority: 2599
   - cas-auth                       # priority: 2597
   - authz-casbin                   # priority: 2560

docs/en/latest/building-apisix.md

@@ -54,7 +54,7 @@ curl https://raw.githubusercontent.com/apache/apisix/master/utils/install-depend
 Save the APISIX version to an environment variable to be used next:
 
 ```shell
-APISIX_VERSION='3.6.0'
+APISIX_VERSION='3.7.0'
 ```
 
 Clone the APISIX source code of this version into a new directory `apisix-APISIX_VERSION`:

docs/en/latest/config.json

@@ -1,5 +1,5 @@
 {
-  "version": "3.6.0",
+  "version": "3.7.0",
   "sidebar": [
     {
       "type": "category",
@@ -111,7 +111,8 @@
             "plugins/authz-casbin",
             "plugins/ldap-auth",
             "plugins/opa",
-            "plugins/forward-auth"
+            "plugins/forward-auth",
+            "plugins/multi-auth"
           ]
         },
         {

docs/en/latest/getting-started/key-authentication.md

@@ -28,6 +28,7 @@ APISIX has a flexible plugin extension system and a number of existing plugins f
 - [LDAP](https://apisix.apache.org/docs/apisix/plugins/ldap-auth/)
 - [Open Policy Agent (OPA)](https://apisix.apache.org/docs/apisix/plugins/opa/)
 - [Forward Authentication](https://apisix.apache.org/docs/apisix/plugins/forward-auth/)
+- [Multiple Authentications](https://apisix.apache.org/docs/apisix/plugins/multi-auth/)
 
 In this tutorial, you will create a _consumer_ with _key authentication_, and learn how to enable and disable key authentication.