You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/02/08 10:15:12 UTC
[GitHub] [apisix-ingress-controller] yin6516008 commented on issue #854: request help: How to configure ApisixPluginConfig?
yin6516008 commented on issue #854:
URL: https://github.com/apache/apisix-ingress-controller/issues/854#issuecomment-1032438425
I create succeeded in using the following way:
```yaml
apiVersion: apisix.apache.org/v2beta3
kind: ApisixPluginConfig
metadata:
name: openapi-auth
namespace: default
spec:
plugins:
- name: authz-casbin
enable: true
config:
model: "[request_definition]\nr = sub, obj, act\n[policy_definition]\np = sub, obj, act\n[role_definition]\ng = _, _\n[policy_effect]\ne = some(where (p.eft == allow))\n[matchers]\nm = g(r.sub, p.sub) && globMatch(r.obj,p.obj) && regexMatch(r.act,p.act)"
policy: "p, test, /*, *\np,test2 /*, GET"
username: "user"
```
```bash
/ingress-apisix # curl "http://apisix-admin.apisix.svc.cluster.local:9180/apisix/admin/plugin_configs" -H 'X-API-KEY: edxxxxxxxxxxxxxxx25c8f1'
{"count":1,"node":{"key":"\/apisix\/plugin_configs","dir":true,"nodes":[{"key":"\/apisix\/plugin_configs\/6191bd21","value":{"plugins":{"authz-casbin":{"model":"[request_definition]\nr = sub, obj, act\n[policy_definition]\np = sub, obj, act\n[role_definition]\ng = _, _\n[policy_effect]\ne = some(where (p.eft == allow))\n[matchers]\nm = g(r.sub, p.sub) && globMatch(r.obj,p.obj) && regexMatch(r.act,p.act)","policy":"p, test, \/foo, GET\np,test2 \/bar, GET","username":"user"}},"labels":{"managed-by":"apisix-ingress-controller"},"id":"6191bd21","update_time":1644314331,"name":"default_openapi-auth","desc":"Created by apisix-ingress-controller, DO NOT modify it manually","create_time":1644311280},"modifiedIndex":62,"createdIndex":41}]},"action":"get"}
```
create a consumer
```yaml
apiVersion: apisix.apache.org/v2beta3
kind: ApisixConsumer
metadata:
name: test
namespace: default
spec:
authParameter:
keyAuth:
value:
key: ZTLb3X1qmf5e
```
```bash
/ingress-apisix # curl "http://apisix-admin.apisix.svc.cluster.local:9180/apisix/admin/consumers" -H 'X-API-KEY: edxxxxxxxxxxxxc8f1'
{"count":1,"node":{"key":"\/apisix\/consumers","dir":true,"nodes":[{"key":"\/apisix\/consumers\/default_test","value":{"plugins":{"key-auth":{"key":"ZTLb3X1qmf5e"}},"labels":{"managed-by":"apisix-ingress-controller"},"desc":"Created by apisix-ingress-controller, DO NOT modify it manually","update_time":1644228859,"username":"default_test","create_time":1644228859},"modifiedIndex":38,"createdIndex":38}]},"action":"get"}
```
But when I quote this plugin in routing, don't take effect.
```yaml
apiVersion: apisix.apache.org/v2beta3
kind: ApisixRoute
metadata:
name: echo
namespace: default
spec:
http:
- name: echo
match:
hosts:
- echo.jc-ai.cn
paths:
- /*
plugin_config_name: openapi-auth
backends:
- serviceName: echo
servicePort: 8080
```
plugin config is not in the route:
```bash
curl "http://apisix-admin.apisix.svc.cluster.local:9180/apisix/admin/routes/f2035783" -H 'X-API-KEY: ecccccccccxxcc5c8f1'
{"count":1,"node":{"key":"\/apisix\/routes\/f2035783","value":{"name":"default_echo_echo","id":"f2035783","priority":0,"upstream_id":"e4f10124","labels":{"managed-by":"apisix-ingress-controller"},"create_time":1644313158,"update_time":1644313158,"uris":["\/*"],"desc":"Created by apisix-ingress-controller, DO NOT modify it manually","status":1,"hosts":["echo.jc-ai.cn"]}},"action":"get"}
```
Don`t take request header also can get to success.
```bash
[root@skywalking ~]# curl echo.jc-ai.cn/foo
Hostname: echo-5ddc95c657-4m85q
Pod Information:
-no pod information available-
Server values:
server_version=nginx: 1.14.2 - lua: 10015
Request Information:
client_address=172.30.0.57
method=GET
real path=/foo
query=
request_version=1.1
request_scheme=http
request_uri=http://echo.jc-ai.cn:8080/foo
Request Headers:
accept=*/*
host=echo.jc-ai.cn
user-agent=curl/7.29.0
x-forwarded-for=172.30.0.1
x-forwarded-host=echo.jc-ai.cn
x-forwarded-port=9080
x-forwarded-proto=http
x-real-ip=172.30.0.1
Request Body:
-no body in request-
```
Why response status code is not 401?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org