This is an automated email from the ASF dual-hosted git repository.
wenming pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git
The following commit(s) were added to refs/heads/master by this push:
new 499092793 feat: allow to use secrets in clickhouse-logger plugin
(#12951)
499092793 is described below
commit 4990927937280037602e81bb1b9554a784afa076
Author: Vladislav Vinogradov
<[email protected]>
AuthorDate: Mon Mar 16 07:09:20 2026 +0300
feat: allow to use secrets in clickhouse-logger plugin (#12951)
---
apisix/plugins/clickhouse-logger.lua | 4 ++
docs/en/latest/plugins/clickhouse-logger.md | 2 +
docs/zh/latest/plugins/clickhouse-logger.md | 2 +
t/plugin/clickhouse-logger3.t | 91 +++++++++++++++++++++++++++++
4 files changed, 99 insertions(+)
diff --git a/apisix/plugins/clickhouse-logger.lua
b/apisix/plugins/clickhouse-logger.lua
index 301d7309e..7f8bce02c 100644
--- a/apisix/plugins/clickhouse-logger.lua
+++ b/apisix/plugins/clickhouse-logger.lua
@@ -14,6 +14,8 @@
-- See the License for the specific language governing permissions and
-- limitations under the License.
--
+
+local fetch_secrets = require("apisix.secret").fetch_secrets
local bp_manager_mod = require("apisix.utils.batch-processor-manager")
local log_util = require("apisix.utils.log-util")
local plugin = require("apisix.plugin")
@@ -105,6 +107,8 @@ end
local function send_http_data(conf, log_message)
+ conf = fetch_secrets(conf, true)
+
local err_msg
local res = true
local selected_endpoint_addr
diff --git a/docs/en/latest/plugins/clickhouse-logger.md
b/docs/en/latest/plugins/clickhouse-logger.md
index f8cf4cc09..e7b4d9093 100644
--- a/docs/en/latest/plugins/clickhouse-logger.md
+++ b/docs/en/latest/plugins/clickhouse-logger.md
@@ -54,6 +54,8 @@ The `clickhouse-logger` Plugin is used to push logs to
[ClickHouse](https://clic
NOTE: `encrypt_fields = {"password"}` is also defined in the schema, which
means that the field will be stored encrypted in etcd. See [encrypted storage
fields](../plugin-develop.md#encrypted-storage-fields).
+NOTE: In addition, you can use Environment Variables or APISIX secret to store
and reference plugin attributes. APISIX currently supports storing secrets in
two ways - [Environment Variables and HashiCorp
Vault](../terminology/secret.md).
+
This Plugin supports using batch processors to aggregate and process entries
(logs/data) in a batch. This avoids the need for frequently submitting the
data. The batch processor submits data every `5` seconds or when the data in
the queue reaches `1000`. See [Batch
Processor](../batch-processor.md#configuration) for more information or setting
your custom configuration.
### Example of default log format
diff --git a/docs/zh/latest/plugins/clickhouse-logger.md
b/docs/zh/latest/plugins/clickhouse-logger.md
index e18ee8e77..4e047bae2 100644
--- a/docs/zh/latest/plugins/clickhouse-logger.md
+++ b/docs/zh/latest/plugins/clickhouse-logger.md
@@ -52,6 +52,8 @@ description: 本文介绍了 API 网关 Apache APISIX 如何使用 clickhouse-lo
注意:schema 中还定义了 `encrypt_fields = {"password"}`,这意味着该字段将会被加密存储在 etcd 中。具体参考
[加密存储字段](../plugin-develop.md#加密存储字段)。
+此外:你可以使用环境变量或者 APISIX secret 来存放和引用插件配置,APISIX 当前支持通过两种方式配置 secrets -
[Environment Variables and HashiCorp Vault](../terminology/secret.md)。
+
该插件支持使用批处理器来聚合并批量处理条目(日志/数据)。这样可以避免插件频繁地提交数据,默认情况下批处理器每 `5` 秒钟或队列中的数据达到 `1000`
条时提交数据,如需了解批处理器相关参数设置,请参考 [Batch-Processor](../batch-processor.md#配置)。
### 默认日志格式示例
diff --git a/t/plugin/clickhouse-logger3.t b/t/plugin/clickhouse-logger3.t
new file mode 100644
index 000000000..681b196ec
--- /dev/null
+++ b/t/plugin/clickhouse-logger3.t
@@ -0,0 +1,91 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+use t::APISIX 'no_plan';
+
+log_level("info");
+repeat_each(1);
+no_long_string();
+no_root_location();
+
+add_block_preprocessor(sub {
+ my ($block) = @_;
+
+ if (!defined $block->request) {
+ $block->set_value("request", "GET /t");
+ }
+});
+
+BEGIN {
+ $ENV{CLICK_HOUSE_USER} = "default";
+}
+
+run_tests();
+
+__DATA__
+
+=== TEST 1: pass clickhouse user via environment variable
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local code, body = t('/apisix/admin/routes/1',
+ ngx.HTTP_PUT,
+ [[{
+ "plugins": {
+ "clickhouse-logger": {
+ "user": "$ENV://CLICK_HOUSE_USER",
+ "password": "",
+ "database": "default",
+ "logtable": "test",
+ "endpoint_addr": "http://127.0.0.1:8123";
+ }
+ },
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1982": 1
+ },
+ "type": "roundrobin"
+ },
+ "uri": "/opentracing"
+ }]]
+ )
+
+ if code >= 300 then
+ ngx.status = code
+ end
+ ngx.say(body)
+ }
+ }
+--- response_body
+passed
+
+
+
+=== TEST 2: hit route
+--- request
+GET /opentracing
+--- error_code: 200
+--- wait: 5
+
+
+
+=== TEST 3: get log
+--- exec
+echo "select * from default.test" | curl 'http://localhost:8123/'
--data-binary @-
+--- response_body_like
+.*127.0.0.1.*1.*
