You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by "spacewander (via GitHub)" <gi...@apache.org> on 2023/03/23 01:25:11 UTC
[GitHub] [apisix] spacewander commented on a diff in pull request #9146: fix(cli): fix allow_admin allows non-`127.0.0.0/24` to access admin api with empty admin_key
spacewander commented on code in PR #9146:
URL: https://github.com/apache/apisix/pull/9146#discussion_r1145568879
##########
apisix/cli/ops.lua:
##########
@@ -185,12 +186,9 @@ local function init(env)
local checked_admin_key = false
local allow_admin = yaml_conf.deployment.admin and
yaml_conf.deployment.admin.allow_admin
- if yaml_conf.apisix.enable_admin and allow_admin then
- for _, allow_ip in ipairs(allow_admin) do
- if allow_ip == "127.0.0.0/24" then
- checked_admin_key = true
- end
- end
+ if yaml_conf.apisix.enable_admin and allow_admin
+ and table.getn(allow_admin) == 1 and allow_admin[1] == "127.0.0.0/24" then
Review Comment:
table.getn is deprecated, use `#` instead
##########
t/cli/test_admin.sh:
##########
@@ -154,6 +154,45 @@ fi
echo "pass: missing admin key and show ERROR message"
+# missing admin key, only allow 127.0.0.0/24 to access admin api
+
+git checkout conf/config.yaml
Review Comment:
We don't need to checkout the config and then override it
##########
t/cli/test_admin.sh:
##########
@@ -154,6 +154,45 @@ fi
echo "pass: missing admin key and show ERROR message"
+# missing admin key, only allow 127.0.0.0/24 to access admin api
+
+git checkout conf/config.yaml
+
+echo '
+deployment:
+ admin:
+ allow_admin:
+ - 127.0.0.0/24
+ allow_admin: ~
+' > conf/config.yaml
+
+make init > output.log 2>&1 | true
+
+grep -E "ERROR: missing valid Admin API token." output.log > /dev/null
+if [ ! $? -ne 0 ]; then
Review Comment:
The condition here is incorrect?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org