You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2020/09/21 05:29:07 UTC
[GitHub] [apisix] membphis commented on a change in pull request #2265: doc: `consumer-restriction` plug-in document changes

membphis commented on a change in pull request #2265:
URL: https://github.com/apache/apisix/pull/2265#discussion_r491798612



##########
File path: doc/plugins/consumer-restriction.md
##########
@@ -20,31 +20,40 @@
 - [中文](../zh-cn/plugins/consumer-restriction.md)
 
 # Summary
-- [**Name**](#name)
-- [**Attributes**](#attributes)
-- [**How To Enable**](#how-to-enable)
-- [**Test Plugin**](#test-plugin)
-- [**Disable Plugin**](#disable-plugin)
+- [Summary](#summary)
+  - [Name](#name)
+  - [Attributes](#attributes)
+  - [How To Enable `consumer_name`](#how-to-enable-consumer_name)
+    - [Test Plugin](#test-plugin)
+  - [How To Enable `service_id`](#how-to-enable-service_id)
+    - [Route Test](#route-test)
+    - [Route Test](#route-test-1)
+  - [Disable Plugin](#disable-plugin)
 
 
 ## Name
 
-The `consumer-restriction` can restrict access to a Service or a Route by either
-whitelisting or blacklisting consumers. Support single or multiple consumers.
+The `consumer-restriction` makes corresponding access restrictions based on different objects selected, and supports two restriction types: consumer and service.
+* consumer: Add the `username` of `consumer` to a whitelist or blacklist (supporting single or multiple consumers) to restrict access to services or routes.

Review comment:
       move `consumer` and `service` into `Attributes`

##########
File path: doc/zh-cn/plugins/consumer-restriction.md
##########
@@ -85,31 +94,131 @@ curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f13
 }'
 ```
 
-## 测试插件
+### 测试插件
 
 jack1 访问:
 
 ```shell
-$ curl -u jack2019:123456 http://127.0.0.1:9080/index.html
+curl -u jack2019:123456 http://127.0.0.1:9080/index.html -i
 HTTP/1.1 200 OK
 ...
 ```
 
 jack2 访问:
 
 ```shell
-$ curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
+curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
 HTTP/1.1 403 Forbidden
 ...
-{"message":"You are not allowed"}
+{"message":"The consumer_name is forbidden."}
+```
+
+## 如何启用 service_id
+`service_id`方式需要与授权插件一起配合使用，这里以key-auth授权插件为例。
+
+1、创建两个service
+```shell

Review comment:
       markdown style: need one blank line before this line

##########
File path: doc/plugins/consumer-restriction.md
##########
@@ -20,31 +20,40 @@
 - [中文](../zh-cn/plugins/consumer-restriction.md)
 
 # Summary
-- [**Name**](#name)
-- [**Attributes**](#attributes)
-- [**How To Enable**](#how-to-enable)
-- [**Test Plugin**](#test-plugin)
-- [**Disable Plugin**](#disable-plugin)
+- [Summary](#summary)
+  - [Name](#name)
+  - [Attributes](#attributes)
+  - [How To Enable `consumer_name`](#how-to-enable-consumer_name)
+    - [Test Plugin](#test-plugin)
+  - [How To Enable `service_id`](#how-to-enable-service_id)
+    - [Route Test](#route-test)
+    - [Route Test](#route-test-1)
+  - [Disable Plugin](#disable-plugin)
 
 
 ## Name
 
-The `consumer-restriction` can restrict access to a Service or a Route by either
-whitelisting or blacklisting consumers. Support single or multiple consumers.
+The `consumer-restriction` makes corresponding access restrictions based on different objects selected, and supports two restriction types: consumer and service.
+* consumer: Add the `username` of `consumer` to a whitelist or blacklist (supporting single or multiple consumers) to restrict access to services or routes.

Review comment:
       In the "Name" section, only a brief description of the information is required.

##########
File path: doc/zh-cn/plugins/consumer-restriction.md
##########
@@ -85,31 +94,131 @@ curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f13
 }'
 ```
 
-## 测试插件
+### 测试插件
 
 jack1 访问:
 
 ```shell
-$ curl -u jack2019:123456 http://127.0.0.1:9080/index.html
+curl -u jack2019:123456 http://127.0.0.1:9080/index.html -i
 HTTP/1.1 200 OK
 ...
 ```
 
 jack2 访问:
 
 ```shell
-$ curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
+curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
 HTTP/1.1 403 Forbidden
 ...
-{"message":"You are not allowed"}
+{"message":"The consumer_name is forbidden."}
+```
+
+## 如何启用 service_id
+`service_id`方式需要与授权插件一起配合使用，这里以key-auth授权插件为例。
+
+1、创建两个service
+```shell
+curl http://127.0.0.1:9080/apisix/admin/services/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+    "upstream": {
+        "nodes": {
+            "127.0.0.1:1980": 1
+        },
+        "type": "roundrobin"
+    },
+    "desc": "new service 001"
+}'
+
+curl http://127.0.0.1:9080/apisix/admin/services/2 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+    "upstream": {
+        "nodes": {
+            "127.0.0.1:1980": 1
+        },
+        "type": "roundrobin"
+    },
+    "desc": "new service 002"
+}'
+```
+
+2、在`consumer`上绑定`consumer-restriction`插件(需要与一个授权插件配合才能绑定),并添加`service_id`白名单列表
+```shell

Review comment:
       ditto, and please fix same points

##########
File path: doc/zh-cn/plugins/consumer-restriction.md
##########
@@ -20,24 +20,33 @@
 - [English](../../plugins/consumer-restriction.md)
 
 # 目录
-- [**名字**](#名字)
-- [**属性**](#属性)
-- [**如何启用**](#如何启用)
-- [**测试插件**](#测试插件)
-- [**禁用插件**](#禁用插件)
+- [目录](#目录)
+  - [名字](#名字)
+  - [属性](#属性)
+  - [如何启用 `consumer_name`](#如何启用-consumer_name)
+    - [测试插件](#测试插件)
+  - [如何启用 service_id](#如何启用-service_id)
+    - [路由测试](#路由测试)
+    - [路由测试](#路由测试-1)
+  - [禁用插件](#禁用插件)
 
 ## 名字
 
-`consumer-restriction` 可以通过以下方式限制对服务或路线的访问，将 consumer 列入白名单或黑名单。 支持单个或多个 consumer。
+`consumer-restriction` 根据选择的不同对象做相应的访问限制，支持consumer和service两种限制类型。
+* consumer：把`consumer`的`username`列入白名单或黑名单（支持单个或多个 consumer）来限制对服务或路线的访问。

Review comment:
       please update the Chinese version too.

##########
File path: doc/zh-cn/plugins/consumer-restriction.md
##########
@@ -85,31 +94,131 @@ curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f13
 }'
 ```
 
-## 测试插件
+### 测试插件
 
 jack1 访问:
 
 ```shell
-$ curl -u jack2019:123456 http://127.0.0.1:9080/index.html
+curl -u jack2019:123456 http://127.0.0.1:9080/index.html -i
 HTTP/1.1 200 OK
 ...
 ```
 
 jack2 访问:
 
 ```shell
-$ curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
+curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
 HTTP/1.1 403 Forbidden
 ...
-{"message":"You are not allowed"}
+{"message":"The consumer_name is forbidden."}
+```
+
+## 如何启用 service_id

Review comment:
       need a better title, eg: "How to restrict service ID?"




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org