janiussyafiq opened a new pull request, #13091:
URL: https://github.com/apache/apisix/pull/13091
### Description
<!-- Please include a summary of the change and which issue is fixed. -->
<!-- Please also include relevant motivation and context. -->
This PR fixes a bug where APISIX rewrites the entire `conf/config.yaml` file
when `admin_key` is empty, causing all user comments and formatting to be
permanently stripped from the configuration file.
#### Which issue(s) this PR fixes:
<!--
*Automatically closes linked issue when PR is merged.
Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`.
-->
Fixes #12170
#### What was the problem
When deployment.admin.admin_key is left empty, APISIX auto-generates a
random key and writes it back to `conf/config.yaml` using `lyaml.dump()`. This
serialization process operates on the fully merged in-memory config table and
has no awareness of the original file causing:
- All comments stripped — lyaml.dump() serializes a Lua table, which has no
concept of YAML comments. All inline documentation in the original file is
permanently lost on first boot
- Config file bloated — the written-back file contains the full merge of
config.yaml and system defaults, replacing the user's minimal config with a
large auto-generated one
- The core issue is that APISIX should never destructively overwrite a
user-managed configuration file.
#### What was changed
Instead of serializing and rewriting the entire config file, the fix
performs a targeted string substitution — only replacing the empty `key: ''`
value in the raw file content with the generated key, leaving everything else
untouched.
Key changes in apisix/core/id.lua:
- Removed the `generate_yaml()` call and full file rewrite from `_M.init()`
- Modified `autogenerate_admin_key()` to return the generated key value as a
third return
- Added a targeted `gsub` to substitute only the key field in the raw file
- Added a log.warn() that surfaces the generated key so users are aware and
can set a permanent one
If the key field is not found in the raw file (e.g. it came from merged
defaults and was never explicitly in config.yaml), APISIX logs the generated
key and instructs the user to set it manually — no file write is attempted.
### Checklist
- [x] I have explained the need for this PR and the problem it solves
- [x] I have explained the changes or the new features added to this PR
- [ ] I have added tests corresponding to this change
- [ ] I have updated the documentation to reflect this change
- [ ] I have verified that this change is backward compatible (If not,
please discuss on the [APISIX mailing
list](https://github.com/apache/apisix/tree/master#community) first)
<!--
Note
1. Mark the PR as draft until it's ready to be reviewed.
2. Always add/update tests for any changes unless you have a good reason.
3. Always update the documentation to reflect the changes made in the PR.
4. Make a new commit to resolve conversations instead of `push -f`.
5. To resolve merge conflicts, merge master instead of rebasing.
6. Use "request review" to notify the reviewer after making changes.
7. Only a reviewer can mark a conversation as resolved.
-->
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
