Merge branch 'master' into feat/implement-missing-www-authenticate-he…

…aders-oauth2

DEVELOPER.md

@@ -473,7 +473,7 @@ The [EmmyLuaDebugger](https://github.com/EmmyLua/EmmyLuaDebugger) is a standalon
 that runs on the same machine as Kong Gateway and that mediates between the IDE's
 debugger and the Lua code running in Kong Gateway.  It can be downloaded from
 [GitHub](https://github.com/EmmyLua/EmmyLuaDebugger/releases).  The release
-ZIP file contains a single share library named emmy_core.so (Linux) or emmy_core.dylib (macOS).
+ZIP file contains a single shared library named emmy_core.so (Linux) or emmy_core.dylib (macOS).
 Place this file in a directory that is convenient for you and remember the path.
 
 Depending on your Linux version, you may need to compile
@@ -486,7 +486,7 @@ recent version of GLIBC to be present.
 To enable the EmmyLua debugger, the `KONG_EMMY_DEBUGGER` environment variable must be set to
 the absolute path of the debugger shared library file when Kong Gateway is started.  It is
 also advisable to start Kong Gateway with only one worker process, as debugging multiple worker
-processes is not supported.  For example:
+processes requires special care.  For example:
 
 ```shell
 KONG_EMMY_DEBUGGER=/path/to/emmy_core.so KONG_NGINX_WORKER_PROCESSES=1 kong start
@@ -515,6 +515,33 @@ a breakpoint in the global `access` function that is defined `runloop/handler.lu
 a proxy request to the Gateway.  The debugger should stop at the breakpoint and you can
 inspect the variables in the request context.
 
+### Debugging `busted` tests
+
+To debug `busted` tests, you can set the `BUSTED_EMMY_DEBUGGER` environment variable to the path
+to the EmmyLua debugger shared library.  When debugging is enabled, `busted` will always wait for
+the IDE to connect during startup.
+
+### Debugging environment variables
+
+The following environment variables can be set to control the behavior of the EmmyLua debugger
+integration:
+
+- `KONG_EMMY_DEBUGGER`: The path to the EmmyLua debugger shared library.
+- `KONG_EMMY_DEBUGGER_HOST`: The IP address that the EmmyLua debugger will listen on.  The default
+  is `localhost`.
+- `KONG_EMMY_DEBUGGER_PORT`: The port that the EmmyLua debugger will listen on.  The default is
+  `9966`.
+- `KONG_EMMY_DEBUGGER_WAIT`: If set, Kong Gateway will wait for the debugger to connect
+  before starting continuing to start.
+- `KONG_EMMY_DEBUGGER_SOURCE_PATH`: The path to the source code that the EmmyLua debugger will
+  use to resolve source code locations.  The default is the current working directory.
+- `KONG_EMMY_DEBUGGER_MULTI_WORKER`: If set, a debugger will be started for each worker process, using
+  incrementing port numbers starting at `KONG_EMMY_DEBUGGER_PORT`.  The default is to start
+  only one debugger for worker zero.
+
+To control debugger behavior while running `busted` tests, a similar set of environment variables
+prefixed with `BUSTED_` instead of `KONG_` can be used.
+
 ## What's next
 
 - Refer to the [Kong Gateway Docs](https://docs.konghq.com/gateway/) for more information.

bin/busted

@@ -8,6 +8,8 @@ local pl_file = require("pl.file")
 
 local tools_system = require("kong.tools.system")
 
+local emmy_debugger = require("kong.tools.emmy_debugger")
+
 local cert_path do
   local busted_cert_file = pl_path.tmpname()
   local busted_cert_content = pl_file.read("spec/fixtures/kong_spec.crt")
@@ -72,6 +74,16 @@ end
 
 pcall(require, "luarocks.loader")
 
+if os.getenv("BUSTED_EMMY_DEBUGGER") then
+  emmy_debugger.init({
+    debugger = os.getenv("BUSTED_EMMY_DEBUGGER"),
+    host = os.getenv("BUSTED_EMMY_DEBUGGER_HOST"),
+    port = os.getenv("BUSTED_EMMY_DEBUGGER_PORT"),
+    wait = true,
+    source_path = os.getenv("BUSTED_EMMY_DEBUGGER_SOURCE_PATH"),
+  })
+end
+
 require("kong.globalpatches")({
   cli = true,
   rbusted = true
@@ -88,4 +100,5 @@ _G.require = require "spec.require".require
 -- Busted command-line runner
 require 'busted.runner'({ standalone = false })
 
+
 -- vim: set ft=lua ts=2 sw=2 sts=2 et :

changelog/unreleased/kong/add-ai-data-report.yml

@@ -1,3 +1,3 @@
-"message": Add `events:ai:response_tokens`, `events:ai:prompt_tokens` and `events:ai:requests` to the anonymous report to start counting AI usage
+"message": Added `events:ai:response_tokens`, `events:ai:prompt_tokens` and `events:ai:requests` to the anonymous report to start counting AI usage
 "type": feature
 "scope": Core

changelog/unreleased/kong/add-messages-api-to-anthropic.yml

@@ -1,5 +1,5 @@
 "message": |
-  **AI-Proxy**: To support the new messages API of `Anthropic`, the upstream path of the `Anthropic` for `llm/v1/chat` route type is changed from `/v1/complete` to `/v1/messages`
+  **AI Proxy**: To support the new messages API of `Anthropic`, the upstream path of the `Anthropic` for `llm/v1/chat` route type has changed from `/v1/complete` to `/v1/messages`.
 "type": breaking_change
 "scope": Plugin
 "jiras":

changelog/unreleased/kong/add_tzdata.yml

@@ -1,3 +1,3 @@
 message: |
-  Add package `tzdata` to DEB Docker image for convenient timezone setting.
+  Added package `tzdata` to DEB Docker image for convenient timezone setting.
 type: dependency

changelog/unreleased/kong/ai-proxy-client-params.yml

@@ -1,6 +1,6 @@
 message: |
-  AI Proxy now reads most prompt tuning parameters from the client, whilst the
-  plugin config 'model options' are now just defaults. This fixes support for 
-  using the respective provider's native SDK.
+  AI Proxy now reads most prompt tuning parameters from the client,
+  while the plugin config parameters under `model_options` are now just defaults.
+  This fixes support for using the respective provider's native SDK.
 type: feature
 scope: Plugin

changelog/unreleased/kong/ai-proxy-preserve-mode.yml

@@ -1,6 +1,6 @@
 message: |
-  AI Proxy now has a 'preserve' route_type option, where the requests and responses 
-  are passed directly to the upstream LLM. This is to enable compatilibity with any  
-  and all models and SDKs, that may be used when calling the AI services.
+  AI Proxy now has a `preserve` option for `route_type`, where the requests and responses
+  are passed directly to the upstream LLM. This is to enable compatibility with any
+  and all models and SDKs that may be used when calling the AI services.
 type: feature
 scope: Plugin

changelog/unreleased/kong/analytics-for-anthropic.yml

@@ -1,4 +1,4 @@
 message: |
-  **AI-proxy-plugin**: Fix the bug that the route_type `/llm/v1/chat` does not include the analytics in the responses.
+  **AI-proxy-plugin**: Fixed the bug that the `route_type` `/llm/v1/chat` didn't include the analytics in the responses.
 scope: Plugin
 type: bugfix

changelog/unreleased/kong/bump-lua-protobuf.yml

@@ -1,3 +1,3 @@
-message: "Bump lua-protobuf to 0.5.1"
+message: "Bumped lua-protobuf to 0.5.1"
 type: dependency
 scope: Core

changelog/unreleased/kong/bump-lua-resty-http-0.17.2.yml

@@ -1,2 +1,2 @@
-message: Bump lua-resty-http to 0.17.2.
+message: Bumped lua-resty-http to 0.17.2.
 type: dependency

changelog/unreleased/kong/bump-ngx-wasm-module.yml

@@ -1,2 +1,2 @@
-message: "Bump `ngx_wasm_module` to `91d447ffd0e9bb08f11cc69d1aa9128ec36b4526`"
+message: "Bumped `ngx_wasm_module` to `91d447ffd0e9bb08f11cc69d1aa9128ec36b4526`"
 type: dependency

changelog/unreleased/kong/bump-v8.yml

@@ -1,2 +1,2 @@
-message: "Bump `V8` version to `12.0.267.17`"
+message: "Bumped `V8` version to `12.0.267.17`"
 type: dependency

changelog/unreleased/kong/bump-wasmtime.yml

@@ -1,2 +1,2 @@
-message: "Bump `Wasmtime` version to `19.0.0`"
+message: "Bumped `Wasmtime` version to `19.0.0`"
 type: dependency

changelog/unreleased/kong/cleanup_ai.yml

@@ -1,4 +1,4 @@
 message: |
-  Cleanup some AI plugins, and improve errorhandling.
+  Improve error handling in AI plugins.
 type: bugfix
 scope: Plugin

changelog/unreleased/kong/decrease-cocurrency-limit-of-timer-ng.yml

@@ -1,3 +1,3 @@
 message: |
-    Fix a bug where the ulimit setting (open files) is low Kong will fail to start as the lua-resty-timer-ng exhausts the available worker_connections. Decrease the concurrency range of the lua-resty-timer-ng library from [512, 2048] to [256, 1024] to fix this bug.
+    Fixed a bug where, if the the ulimit setting (open files) was low, Kong would fail to start as the `lua-resty-timer-ng` exhausted the available `worker_connections`. Decreased the concurrency range of the `lua-resty-timer-ng` library from `[512, 2048]` to `[256, 1024]` to fix this bug.
 type: bugfix

changelog/unreleased/kong/disable-TLSv1_1-in-openssl3.yml

@@ -1,3 +1,3 @@
-message: now TLSv1.1 and lower is by default disabled in OpenSSL 3.x
+message: TLSv1.1 and lower versions are disabled by default in OpenSSL 3.x.
 type: feature
 scope: Configuration

changelog/unreleased/kong/feat-ai-proxy-add-streaming.yml

@@ -1,4 +1,4 @@
 message: |
-  **AI-Proxy**: add support for streaming event-by-event responses back to client on supported providers
+  **AI Proxy**: Added support for streaming event-by-event responses back to the client on supported providers.
 scope: Plugin
 type: feature

changelog/unreleased/kong/feat-hybrid-sync-mixed-route-policy.yml

@@ -1,7 +1,7 @@
 message: |
-  When CP runs with `expressions` flavor:
-  - if mixed config is detected and a lower DP is attached to the CP, no config will be sent at all
-  - if the expression is invalid on CP, no config will be sent at all
-  - if the expression is invalid on lower DP, it will be sent to the DP and DP validation will catch this and communicate back to the CP (this could result in partial config application)
+  Improved config handling when the CP runs with the router set to the `expressions` flavor:
+    - If mixed config is detected and a lower DP is attached to the CP, no config will be sent at all
+    - If the expression is invalid on the CP, no config will be sent at all
+    - If the expression is invalid on a lower DP, it will be sent to the DP and DP validation will catch this and communicate back to the CP (this could result in partial config application)
 type: feature
 scope: Core

changelog/unreleased/kong/feat-increase-ai-anthropic-regex-expression-length.yml

@@ -1,4 +1,4 @@
 message: |
-  **AI-Prompt-Guard**: increase the maximum length of regex expression to 500 for both allow and deny parameter
+  **AI Prompt Guard**: Increased the maximum length of regex expressions to 500 for the allow and deny parameters.
 scope: Plugin
 type: feature

changelog/unreleased/kong/feat-wasm-general-shm-kv.yml

@@ -1,5 +1,5 @@
 message: |
-   Introduce `nginx_wasm_main_shm_kv` configuration entry, which enables
+   Introduced `nginx_wasm_main_shm_kv` configuration parameter, which enables
    Wasm filters to use the Proxy-Wasm operations `get_shared_data` and
    `set_shared_data` without namespaced keys.
 type: feature

changelog/unreleased/kong/fix-aws-lambda-kong-latency.yml

@@ -1,3 +1,3 @@
-message: "**AWS-Lambda**: fix an issue that the latency attributed to AWS Lambda API requests will be counted as part of the latency in Kong"
+message: "**AWS-Lambda**: Fixed an issue where the latency attributed to AWS Lambda API requests was counted as part of the latency in Kong."
 type: bugfix
 scope: Plugin

changelog/unreleased/kong/fix-cjson-t-end.yml

@@ -1,3 +1,3 @@
 message: |
-  Improve the robustness of lua-cjson when handling unexpected input. 
+  Improved the robustness of lua-cjson when handling unexpected input.
 type: dependency

changelog/unreleased/kong/fix-ctx-host-port.yml

@@ -1,5 +1,5 @@
 message: |
-  **PDK:** fix kong.request.get_forwarded_port to always return a number which was caused by an incorrectly
-  stored string value in ngx.ctx.host_port.
+  **PDK:** Fixed `kong.request.get_forwarded_port` to always return a number,
+  which was caused by an incorrectly stored string value in `ngx.ctx.host_port`.
 type: bugfix
 scope: PDK

changelog/unreleased/kong/fix-dbless-duplicate-target-error.yml

@@ -1,3 +1,3 @@
-message: "Fixed an issue wherein `POST /config?flatten_errors=1` could not return a proper response if the input included duplicate upstream targets"
+message: "Fixed an issue where `POST /config?flatten_errors=1` could not return a proper response if the input included duplicate upstream targets."
 type: bugfix
 scope: Core

changelog/unreleased/kong/fix-default-value-of-upstream-keepalive-max-requests.yml

@@ -1,5 +1,5 @@
 message: |
-    Fixed default value in kong.conf.default documentation from 1000 to 10000
-    for upstream_keepalive_max_requests option.
+  Fixed the default value in kong.conf.default documentation from 1000 to 10000
+  for the `upstream_keepalive_max_requests` option.
 type: bugfix
 scope: Configuration

changelog/unreleased/kong/fix-external-plugin-instance.yml

@@ -1,5 +1,5 @@
 message: |
-    Fix an issue where an external plugin (Go, Javascript, or Python) would fail to
+    Fixed an issue where an external plugin (Go, Javascript, or Python) would fail to
     apply a change to the plugin config via the Admin API.
 type: bugfix
 scope: Configuration

changelog/unreleased/kong/fix-file-permission-of-logrotate.yml

@@ -1,3 +1,3 @@
-message: update file permission of kong.logrotate to 644
+message: Updated the file permission of `kong.logrotate` to 644.
 type: bugfix
 scope: Core

changelog/unreleased/kong/fix-hybrid-dp-certificate-with-vault-not-refresh.yml

@@ -1,3 +1,3 @@
-message: Fixed a problem that in hybrid DP mode a certificate entity configured with vault reference may not get refreshed on time
+message: Fixed a problem on hybrid mode DPs, where a certificate entity configured with a vault reference may not get refreshed on time.
 type: bugfix
 scope: Core

changelog/unreleased/kong/fix-jwt-plugin-check.yml

@@ -1,3 +1,3 @@
-message: "**Jwt**: fix an issue where the plugin would fail when using invalid public keys for ES384 and ES512 algorithms."
+message: "**Jwt**: Fixed an issue where the plugin would fail when using invalid public keys for ES384 and ES512 algorithms."
 type: bugfix
 scope: Plugin

changelog/unreleased/kong/fix-missing-router-section-of-request-debugging.yml

@@ -1,3 +1,3 @@
-message: Fix the missing router section for the output of the request-debugging
+message: Fixed the missing router section for the output of the request-debugging.
 type: bugfix
 scope: Core

changelog/unreleased/kong/fix-mlcache-renew-lock-leaks.yml

@@ -1,4 +1,4 @@
 message: |
-  Fixed an issue that leaking locks in the internal caching logic
+  Fixed an issue in the internal caching logic where mutexes could get never unlocked.
 type: bugfix
 scope: Core

changelog/unreleased/kong/fix-request-transformer-uri-replace.yml

@@ -0,0 +1,4 @@
+message: |
+  Fixed an issue where the URI captures are unavailable when the first capture group is absent.
+type: bugfix
+scope: Core

changelog/unreleased/kong/fix-router-rebuing-flag.yml

@@ -1,5 +1,5 @@
 message: |
-  Fixed an issue where router may not work correctly
-  when the routes configuration changed.
+  Fixed an issue where the router didn't work correctly
+  when the route's configuration changed.
 type: bugfix
 scope: Core

changelog/unreleased/kong/fix-snis-tls-passthrough-in-trad-compat.yml

@@ -1,5 +1,5 @@
 message: |
-  Fixed an issue where SNI-based routing does not work
-  using tls_passthrough and the traditional_compatible router flavor
+  Fixed an issue where SNI-based routing didn't work
+  using `tls_passthrough` and the `traditional_compatible` router flavor.
 type: bugfix
 scope: Core

changelog/unreleased/kong/fix-upstream-status-unset.yml

@@ -1,3 +1,3 @@
-message: fix a bug that `X-Kong-Upstream-Status` will not appear in the response headers even if it is set in the `headers` parameter in the kong.conf when the response is hit and returned by proxy cache plugin.
+message: Fixed a bug that `X-Kong-Upstream-Status` didn't appear in the response headers even if it was set in the `headers` parameter in the `kong.conf` file when the response was hit and returned by the Proxy Cache plugin.
 scope: Core
 type: bugfix

changelog/unreleased/kong/fix-vault-init-worker.yml

@@ -1,3 +1,3 @@
-message: fix vault initialization by postponing vault reference resolving on init_worker
+message: Fixed vault initialization by postponing vault reference resolving on init_worker
 type: bugfix
 scope: Core

changelog/unreleased/kong/fix-wasm-disable-pwm-lua-resolver.yml

@@ -1,4 +1,4 @@
 message: |
-   Disable usage of the Lua DNS resolver from proxy-wasm by default.
+   Disabled usage of the Lua DNS resolver from proxy-wasm by default.
 type: bugfix
 scope: Configuration

changelog/unreleased/kong/flavor-expressions-supports-traditional-fields.yml

@@ -1,7 +1,7 @@
 message: |
-  Supported fields `methods`, `hosts`, `paths`, `headers`,
-  `snis`, `sources`, `destinations` and `regex_priority`
-  for the `route` entity when the `router_flavor` is `expressions`.
+  The route entity now supports the following fields when the
+  `router_flavor` is `expressions`: `methods`, `hosts`, `paths`, `headers`,
+  `snis`, `sources`, `destinations`, and `regex_priority`.
   The meaning of these fields are consistent with the traditional route entity.
 type: feature
 scope: Core

changelog/unreleased/kong/key_auth_www_authenticate.yml

@@ -1,3 +1,3 @@
-message: Add WWW-Authenticate headers to all 401 response in key auth plugin.
+message: Added WWW-Authenticate headers to all 401 responses in the Key Auth plugin.
 type: bugfix
 scope: Plugin

changelog/unreleased/kong/log-serializer-kong-latency.yml

@@ -5,6 +5,7 @@ message: |
   the new `latencies.receive` metric, so if desired, the old value can be
   calculated as `latencies.kong + latencies.receive`. **Note:** this also
   affects payloads from all logging plugins that use the log serializer:
-  `file-log`, `tcp-log`, `udp-log`,`http-log`, `syslog`, and `loggly`.
+  `file-log`, `tcp-log`, `udp-log`,`http-log`, `syslog`, and `loggly`, e.g.
+  [descriptions of JSON objects for the HTTP Log Plugin's log format](https://docs.konghq.com/hub/kong-inc/http-log/log-format/#json-object-descriptions).
 type: bugfix
 scope: PDK

changelog/unreleased/kong/log-serializer-receive-latency.yml

@@ -1,3 +1,3 @@
-message: 'Add `latencies.receive` property to log serializer'
+message: 'Added the `latencies.receive` property to the log serializer'
 type: feature
 scope: PDK

changelog/unreleased/kong/otel-increase-queue-max-batch-size.yml

@@ -1,3 +1,3 @@
-message: "**Opentelemetry**: increase queue max batch size to 200"
+message: "**Opentelemetry**: Increased queue max batch size to 200."
 type: performance
 scope: Plugin

changelog/unreleased/kong/otel-sampling-panic-when-header-trace-id-enable.yml

@@ -1,3 +1,3 @@
-message: "**Opentelemetry**: fix otel sampling mode lua panic bug when http_response_header_for_traceid option enable"
+message: "**Opentelemetry**: Fixed an OTEL sampling mode Lua panic bug, which happened when the `http_response_header_for_traceid` option was enabled."
 type: bugfix
 scope: Plugin

changelog/unreleased/kong/plugin_server_restart.yml

@@ -1,3 +1,3 @@
-message: "**Plugin Server**: fix an issue where Kong fails to properly restart MessagePack-based pluginservers (used in Python and Javascript plugins, for example)"
+message: "**Plugin Server**: Fixed an issue where Kong failed to properly restart MessagePack-based pluginservers (used in Python and Javascript plugins, for example)."
 type: bugfix
 scope: Core

changelog/unreleased/kong/propagation-module-rework.yml

@@ -1,5 +1,5 @@
 message: |
-  **OpenTelemetry, Zipkin**: the propagation module has been reworked, new
+  **OpenTelemetry, Zipkin**: The propagation module has been reworked. The new
   options allow better control over the configuration of tracing headers propagation.
 type: feature
 scope: Plugin

changelog/unreleased/kong/revert-req-body-limitation-patch.yml

@@ -1,3 +1,3 @@
-message: revert the hard-coded limitation of the ngx.read_body() API in OpenResty upstreams' new versions when downstream connections are in HTTP/2 or HTTP/3 stream modes.
+message: Reverted the hard-coded limitation of the `ngx.read_body()` API in OpenResty upstreams' new versions when downstream connections are in HTTP/2 or HTTP/3 stream modes.
 type: bugfix
 scope: Core

changelog/unreleased/kong/set_grpc_tls_seclevel.yml

@@ -1,3 +1,3 @@
-message: Set security level of gRPC's TLS to 0 when ssl_cipher_suite is set to old
+message: Set security level of gRPC's TLS to 0 when `ssl_cipher_suite` is set to `old`.
 type: bugfix
 scope: Configuration

changelog/unreleased/kong/speed_up_router.yml

@@ -1,3 +1,3 @@
-message: Speeded up the router matching when the `router_flavor` is `traditional_compatible` or `expressions`.
+message: Sped up the router matching when the `router_flavor` is `traditional_compatible` or `expressions`.
 type: performance
 scope: Performance

changelog/unreleased/kong/update-ai-proxy-telemetry.yml

@@ -1,3 +1,3 @@
-message: Update telemetry collection for AI Plugins to allow multiple plugins data to be set for the same request.
+message: Updated telemetry collection for AI Plugins to allow multiple plugins data to be set for the same request.
 type: bugfix
 scope: Core

changelog/unreleased/kong/wasm-bundled-filters.yml

@@ -1,3 +1,3 @@
-message: Add `wasm_filters` configuration value for enabling individual filters
+message: Added the `wasm_filters` configuration parameter for enabling individual filters
 type: feature
 scope: Configuration