fix(api7): mismatch fields in upstream mtls (#202)

apps/cli/src/linter/exporter.ts

@@ -1,7 +1,7 @@
 /**
  * Export jsonschema file by:
  *
- * $ ts-node apps/cli/src/linter/exporter.ts
+ * $ nx export-schema cli
  *
  */
 import { writeFileSync } from 'fs';

apps/cli/src/linter/schema.ts

@@ -138,15 +138,17 @@ const upstreamSchema = z
     timeout: timeoutSchema.optional(),
     tls: z
       .object({
-        cert: z.string(),
-        key: z.string(),
-        client_cert_id: z.string(),
-        verify: z.boolean(),
+        client_cert: z.string().optional(),
+        client_key: z.string().optional(),
+        client_cert_id: z.string().optional(),
+        verify: z.boolean().optional(),
       })
+      .strict()
       .refine(
         (data) =>
-          (data.cert && data.key && !data.client_cert_id) ||
-          (data.client_cert_id && !data.cert && !data.key),
+          (data.client_cert && data.client_key && !data.client_cert_id) ||
+          (data.client_cert_id && !data.client_cert && !data.client_key),
+        'The client_cert and client_key certificate pair or client_cert_id SSL reference ID must be set',
       )
       .optional(),
     keepalive_pool: z

apps/cli/src/linter/specs/upstream.spec.ts

@@ -93,6 +93,30 @@ describe('Upstream Linter', () => {
       } as ADCSDK.Configuration,
       expect: true,
     },
+    {
+      name: 'should only allow upstream mtls in client_cert and client_key',
+      input: {
+        services: [
+          {
+            name: 'Upstream mTLS',
+            upstream: {
+              nodes: [
+                {
+                  host: '1.1.1.1',
+                  port: 443,
+                  weight: 100,
+                },
+              ],
+              tls: {
+                client_cert: '0000',
+                client_key: '0000',
+              },
+            },
+          },
+        ],
+      } as ADCSDK.Configuration,
+      expect: true,
+    },
   ];
 
   // test cases runner

libs/backend-api7/README.md

@@ -4,5 +4,13 @@
 
 | Features      | Supported |
 | ------------- | --------- |
-| Dump to ADC   | ✅        |
-| Sync from ADC | ✅        |
+| Dump to ADC   | ✅         |
+| Sync from ADC | ✅         |
+
+## Supported Versions
+
+| Versions | Supported |
+| -------- | --------- |
+| 3.2.14.6 | ✅         |
+| 3.2.15.2 | ✅         |
+| 3.2.16.2 | ✅         |

libs/backend-api7/src/typing.ts

@@ -118,6 +118,12 @@ export interface Upstream {
   retries?: number;
   retry_timeout?: number;
   timeout?: UpstreamTimeout;
+  tls?: {
+    client_cert: string;
+    client_key: string;
+    client_cert_id: string;
+    verify: boolean;
+  };
   keepalive_pool?: {
     size: number;
     idle_timeout: number;

libs/sdk/src/core/index.ts

@@ -67,8 +67,8 @@ export interface UpstreamTimeout {
   read: number;
 }
 export interface UpstreamClientTLS {
-  cert: string;
-  key: string;
+  client_cert: string;
+  client_key: string;
   client_cert_id: string;
   verify: boolean;
 }

schema.json

@@ -312,10 +312,10 @@
               "tls": {
                 "type": "object",
                 "properties": {
-                  "cert": {
+                  "client_cert": {
                     "type": "string"
                   },
-                  "key": {
+                  "client_key": {
                     "type": "string"
                   },
                   "client_cert_id": {
@@ -325,12 +325,6 @@
                     "type": "boolean"
                   }
                 },
-                "required": [
-                  "cert",
-                  "key",
-                  "client_cert_id",
-                  "verify"
-                ],
                 "additionalProperties": false
               },
               "keepalive_pool": {