Merge branch 'v3' into check-allowed-dir

Author: aphralG

.github/workflows/release-branch.yml

@@ -38,7 +38,7 @@ on:
       uploadUrl:
         description: 'Location to publish packages to'
         required: false
-        default: "up-ap.nginx.com"
+        default: "https://up-ap.nginx.com"
   workflow_call:
     inputs:
       githubRelease:
@@ -67,7 +67,7 @@ on:
         required: true
       uploadUrl:
         type: string
-        default: "up-ap.nginx.com"
+        default: "https://up-ap.nginx.com"
 
 env:
   NFPM_VERSION: 'v2.35.3'

internal/config/config.go

@@ -456,7 +456,7 @@ func getConfigFilePaths() []string {
 	if err == nil {
 		paths = append(paths, path)
 	} else {
-		slog.Warn("Unable to determine process's current directory")
+		slog.Warn("Unable to determine process's current directory", "error", err)
 	}
 
 	return paths
@@ -544,7 +544,7 @@ func resolveEnvironmentVariableLabels() map[string]string {
 			if len(splitLabel) == KeyValueNumber {
 				envLabels[splitLabel[0]] = splitLabel[1]
 			} else {
-				slog.Warn("Unable to parse label: " + label)
+				slog.Warn("Unable to parse label ", "label", label)
 			}
 		}
 	}

internal/watcher/credentials/credential_watcher_service.go

@@ -107,11 +107,6 @@ func (cws *CredentialWatcherService) addWatcher(ctx context.Context, filePath st
 
 	if err := cws.watcher.Add(filePath); err != nil {
 		slog.ErrorContext(ctx, "Failed to add credential watcher", "path", filePath, "error", err)
-		removeError := cws.watcher.Remove(filePath)
-		if removeError != nil {
-			slog.ErrorContext(
-				ctx, "Failed to remove credential watcher", "path", filePath, "error", removeError)
-		}
 
 		return
 	}
@@ -183,6 +178,19 @@ func credentialPaths(agentConfig *config.Config) []string {
 		}
 	}
 
+	// agent's tls certs
+	if agentConfig.Command.TLS != nil {
+		if agentConfig.Command.TLS.Ca != "" {
+			paths = append(paths, agentConfig.Command.TLS.Ca)
+		}
+		if agentConfig.Command.TLS.Cert != "" {
+			paths = append(paths, agentConfig.Command.TLS.Cert)
+		}
+		if agentConfig.Command.TLS.Key != "" {
+			paths = append(paths, agentConfig.Command.TLS.Key)
+		}
+	}
+
 	return paths
 }
 

internal/watcher/credentials/credential_watcher_service_test.go

@@ -211,6 +211,9 @@ func Test_credentialPaths(t *testing.T) {
 			agentConfig: types.AgentConfig(),
 			want: []string{
 				"/tmp/token",
+				"ca.pem",
+				"cert.pem",
+				"key.pem",
 			},
 		},
 		{
@@ -224,6 +227,27 @@ func Test_credentialPaths(t *testing.T) {
 			},
 			want: nil,
 		},
+		{
+			name: "Test 3: Add TLS paths if Command TLS is set",
+			agentConfig: &config.Config{
+				Command: &config.Command{
+					Server: nil,
+					Auth:   nil,
+					TLS: &config.TLSConfig{
+						Cert:       "/tmp-ca",
+						Key:        "/tmp-token",
+						Ca:         "/tmp-key",
+						ServerName: "my-server",
+						SkipVerify: false,
+					},
+				},
+			},
+			want: []string{
+				"/tmp-key",
+				"/tmp-ca",
+				"/tmp-token",
+			},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {

internal/watcher/instance/nginx_config_parser.go

@@ -74,10 +74,14 @@ func (ncp *NginxConfigParser) Parse(ctx context.Context, instance *mpi.Instance)
 		"instance_id", instance.GetInstanceMeta().GetInstanceId(),
 	)
 
+	lua := crossplane.Lua{}
 	payload, err := crossplane.Parse(configPath,
 		&crossplane.ParseOptions{
 			SingleFile:         false,
 			StopParsingOnError: true,
+			LexOptions: crossplane.LexOptions{
+				Lexers: []crossplane.RegisterLexer{lua.RegisterLexer()},
+			},
 		},
 	)
 	if err != nil {

test/config/nginx/nginx-with-multiple-access-logs.conf

@@ -32,6 +32,15 @@ http {
             "\treqtime:$request_time"
             "\tapptime:$upstream_response_time";
 
+    server {
+      listen 9093;
+      server_name lua.example.com;
+    
+      ssl_certificate_by_lua_block {
+        print("Test lua block")
+      }
+    }
+   
     server {
         access_log %s ltsv;