From 27b13bcbd8641851da44759ddbdd96390f0c9878 Mon Sep 17 00:00:00 2001
From: dekowang <dekowang@tencent.com>
Date: Wed, 27 Sep 2023 15:52:47 +0800
Subject: [PATCH 1/4] fix: fix and optimize tls in upstream_schema

---
 apisix/schema_def.lua | 12 +++---------
 1 file changed, 3 insertions(+), 9 deletions(-)

diff --git a/apisix/schema_def.lua b/apisix/schema_def.lua
index cec1c53b3438..0a46bc1868e0 100644
--- a/apisix/schema_def.lua
+++ b/apisix/schema_def.lua
@@ -402,16 +402,10 @@ local upstream_schema = {
                 },
             },
             dependencies = {
-                client_cert = {
-                    required = {"client_key"},
-                    ["not"] = {required = {"client_cert_id"}}
-                },
-                client_key = {
-                    required = {"client_cert"},
-                    ["not"] = {required = {"client_cert_id"}}
-                },
+                client_cert = {required = {"client_key"}},
+                client_key = {required = {"client_cert"}},
                 client_cert_id = {
-                    ["not"] = {required = {"client_client", "client_key"}}
+                    ["not"] = {required = {"client_cert", "client_key"}}
                 }
             }
         },

From 487c621231ae75ccd2b4830851ee5b3526fb568c Mon Sep 17 00:00:00 2001
From: dekowang <dekowang@tencent.com>
Date: Thu, 12 Oct 2023 04:00:31 +0800
Subject: [PATCH 2/4] add:schema_def.upstream test case

---
 t/core/schema_def.t | 99 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 99 insertions(+)

diff --git a/t/core/schema_def.t b/t/core/schema_def.t
index b6a7bba05b0c..ee64d1aab4a7 100644
--- a/t/core/schema_def.t
+++ b/t/core/schema_def.t
@@ -139,3 +139,102 @@ qr/ok: false err: property "(id|plugins)" is required/
 GET /t
 --- response_body
 passed
+
+
+
+=== TEST 1: upstream_schema
+--- yaml_config eval: $::yaml_config
+--- config
+    location /t {
+        content_by_lua_block {
+            local schema_def = require("apisix.schema_def")
+            local core = require("apisix.core")
+            local t = require("lib.test_admin")
+            local ssl_cert = t.read_file("t/certs/apisix.crt")
+            local ssl_key =  t.read_file("t/certs/apisix.key")
+            local upstream = {
+                nodes = {
+                    ["127.0.0.1:8080"] = 1
+                },
+                type = "roundrobin",
+                tls = {
+                    client_cert_id = 1,
+                    client_cert = ssl_cert,
+                    client_key = ssl_key
+                }
+            }
+            local ok, err = core.schema.check(schema_def.upstream, upstream)
+            assert(not ok)
+            assert(err ~= nil)
+
+            upstream = {
+                nodes = {
+                    ["127.0.0.1:8080"] = 1
+                },
+                type = "roundrobin",
+                tls = {
+                    client_cert_id = 1
+                }
+            }
+            local ok, err = core.schema.check(schema_def.upstream, upstream)
+            assert(ok)
+            assert(err == nil, err)
+
+            upstream = {
+                nodes = {
+                    ["127.0.0.1:8080"] = 1
+                },
+                type = "roundrobin",
+                tls = {
+                    client_cert = ssl_cert,
+                    client_key = ssl_key
+                }
+            }
+            local ok, err = core.schema.check(schema_def.upstream, upstream)
+            assert(ok)
+            assert(err == nil, err)
+
+            upstream = {
+                nodes = {
+                    ["127.0.0.1:8080"] = 1
+                },
+                type = "roundrobin",
+                tls = {
+                }
+            }
+            local ok, err = core.schema.check(schema_def.upstream, upstream)
+            assert(ok)
+            assert(err == nil, err)
+
+            upstream = {
+                nodes = {
+                    ["127.0.0.1:8080"] = 1
+                },
+                type = "roundrobin",
+                tls = {
+                    client_cert = ssl_cert
+                }
+            }
+            local ok, err = core.schema.check(schema_def.upstream, upstream)
+            assert(not ok)
+            assert(err ~= nil)
+
+            upstream = {
+                nodes = {
+                    ["127.0.0.1:8080"] = 1
+                },
+                type = "roundrobin",
+                tls = {
+                    client_cert_id = 1,
+                    client_key = ssl_key
+                }
+            }
+            local ok, err = core.schema.check(schema_def.upstream, upstream)
+            assert(not ok)
+            assert(err ~= nil)
+
+            ngx.say("passed")
+        }
+    }
+--- response_body
+passed

From 075bafdb1af16e023726d911f24893f10eb3a7c3 Mon Sep 17 00:00:00 2001
From: dekowang <dekowang@tencent.com>
Date: Thu, 12 Oct 2023 04:13:51 +0800
Subject: [PATCH 3/4] fix: correct test case serial number

---
 t/core/schema_def.t | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/t/core/schema_def.t b/t/core/schema_def.t
index ee64d1aab4a7..a70e76aa82c4 100644
--- a/t/core/schema_def.t
+++ b/t/core/schema_def.t
@@ -142,7 +142,7 @@ passed
 
 
 
-=== TEST 1: upstream_schema
+=== TEST 4: upstream_schema
 --- yaml_config eval: $::yaml_config
 --- config
     location /t {

From 20a3585904a5980cc682fa365629a6b85c1d684a Mon Sep 17 00:00:00 2001
From: dekowang <dekowang@tencent.com>
Date: Thu, 12 Oct 2023 04:18:10 +0800
Subject: [PATCH 4/4] fix: modify test case name and configuration

---
 t/core/schema_def.t | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/t/core/schema_def.t b/t/core/schema_def.t
index a70e76aa82c4..da3bb51f8b26 100644
--- a/t/core/schema_def.t
+++ b/t/core/schema_def.t
@@ -142,8 +142,7 @@ passed
 
 
 
-=== TEST 4: upstream_schema
---- yaml_config eval: $::yaml_config
+=== TEST 4: sanity check upstream_schema
 --- config
     location /t {
         content_by_lua_block {