You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2020/08/20 07:15:53 UTC
[GitHub] [apisix] membphis opened a new pull request #2092: bug: removed default access token for Admin API.
membphis opened a new pull request #2092:
URL: https://github.com/apache/apisix/pull/2092
### What this PR does / why we need it:
<!--- Why is this change required? What problem does it solve? -->
<!--- If it fixes an open issue, please link to the issue here. -->
as title
### Pre-submission checklist:
* [ ] Did you explain what problem does this PR solve? Or what new features have been added?
* [ ] Have you added corresponding test cases?
* [ ] Have you modified the corresponding document?
* [ ] Is this PR backward compatible?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] membphis commented on a change in pull request #2092: bug: removed default access token for Admin API.
Posted by GitBox <gi...@apache.org>.
membphis commented on a change in pull request #2092:
URL: https://github.com/apache/apisix/pull/2092#discussion_r485103731
##########
File path: t/lib/test_admin.lua
##########
@@ -128,6 +128,7 @@ function _M.test(uri, method, body, pattern, headers)
end
if not headers["Content-Type"] then
headers["Content-Type"] = "application/x-www-form-urlencoded"
+ headers["X-API-KEY"] = "TEST_API_KEY"
Review comment:
random key already, please take a look at the new version
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] membphis commented on a change in pull request #2092: bug: removed default access token for Admin API.
Posted by GitBox <gi...@apache.org>.
membphis commented on a change in pull request #2092:
URL: https://github.com/apache/apisix/pull/2092#discussion_r485311928
##########
File path: FAQ.md
##########
@@ -80,7 +80,7 @@ An example, `foo.com/product/index.html?id=204&page=2`, gray release based on `i
here is the way:
```shell
-curl -i http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+curl -i http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: ******' -X PUT -d '
Review comment:
the user will get fail if he copies it directly.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] moonming commented on a change in pull request #2092: bug: removed default access token for Admin API.
Posted by GitBox <gi...@apache.org>.
moonming commented on a change in pull request #2092:
URL: https://github.com/apache/apisix/pull/2092#discussion_r479999769
##########
File path: .travis/linux_apisix_master_luarocks_runner.sh
##########
@@ -63,6 +63,14 @@ script() {
sudo mkdir -p /usr/local/apisix/deps
sudo PATH=$PATH ./utils/install-apisix.sh install > build.log 2>&1 || (cat build.log && exit 1)
+ cat > /usr/local/apisix/conf/config.yaml <<EOF
+apisix:
+ admin_key:
+ -
+ name: "admin"
+ key: YOUR_API_KEY
Review comment:
ditto
##########
File path: .travis/linux_openresty_mtls_runner.sh
##########
@@ -103,6 +103,11 @@ script() {
apisix:
port_admin: 9180
https_admin: true
+ admin_key:
+ -
+ name: "admin"
+ key: MTLS_API_KEY
Review comment:
ditto
##########
File path: conf/config-default.yaml
##########
@@ -69,16 +69,16 @@ apisix:
# *NOTE*: Highly recommended to modify this value to protect APISIX's Admin API.
# Disabling this configuration item means that the Admin API does not
# require any authentication.
- admin_key:
- -
- name: "admin"
- key: edd1c9f034335f136f87ad84b625c8f1
- role: admin # admin: manage all configuration data
- # viewer: only can view configuration data
- -
- name: "viewer"
- key: 4054f7cf07e344346cd3f287985e76a2
- role: viewer
+ # admin_key:
+ # -
+ # name: "admin"
+ # key: YOUR_ADMIN_API_KEY
Review comment:
repeat https://github.com/apache/apisix/pull/2092/files#diff-82e3bcd74a1f6e15d0577acef2d4fa8cR25-R33?
##########
File path: .travis/linux_apisix_current_luarocks_runner.sh
##########
@@ -62,6 +62,15 @@ script() {
# show install file
luarocks show apisix
+ cat > /usr/local/apisix/conf/config.yaml <<EOF
+apisix:
+ admin_key:
+ -
+ name: "admin"
+ key: YOUR_API_KEY
Review comment:
how about make random key as https://github.com/apache/apisix/pull/2092/files#diff-6e12d95c1b302dbedef4dd82dbee073cR26?
##########
File path: t/lib/test_admin.lua
##########
@@ -128,6 +128,7 @@ function _M.test(uri, method, body, pattern, headers)
end
if not headers["Content-Type"] then
headers["Content-Type"] = "application/x-www-form-urlencoded"
+ headers["X-API-KEY"] = "TEST_API_KEY"
Review comment:
random key or hard code key, not using `TEST_API_KEY` as key
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] membphis commented on a change in pull request #2092: bug: removed default access token for Admin API.
Posted by GitBox <gi...@apache.org>.
membphis commented on a change in pull request #2092:
URL: https://github.com/apache/apisix/pull/2092#discussion_r486965508
##########
File path: bin/apisix
##########
@@ -637,6 +637,45 @@ local function read_yaml_conf()
merge_conf(default_conf, user_conf)
end
+ -- check the Admin API token
+ if default_conf.apisix.enable_admin then
+ local help = [[
+ERROR: missing valid apisix.admin_key
+
+Needs to set Admin API key in file `conf/config.yaml` . Here is an example:
+
+#############################
+apisix:
+ admin_key:
+ -
+ name: "admin"
+ key: # <-- replace with your Admin Key
+ role: admin
+#############################
+
+Then you can use it to access Admin API.
+eg: $ curl -i http://127.0.0.1:]] .. default_conf.apisix.node_listen .. [[/apisix/admin/routes/1 -H 'X-API-KEY: YOUR-KEY'
+]]
+ if type(default_conf.apisix.admin_key) ~= "table" or
+ #default_conf.apisix.admin_key == 0
+ then
+ io.stderr:write(help, "\n")
+ os.exit(1)
+ end
+
+ for _, admin in ipairs(default_conf.apisix.admin_key) do
+ if type(admin.key) == "table" then
+ admin.key = ""
+ else
+ admin.key = tostring(admin.key)
+ end
+
+ if admin.key == "" or admin.key:gsub("*", "") == "" then
Review comment:
```shell
$ ./bin/apisix start
ERROR: missing valid apisix.admin_key
You can call `./bin/apisix gen_admin_key` to generate a new Admin API key or
manually update the `conf/config.yaml` file.
$ ./bin/apisix gen_admin_key
generate admin key successfully
$ ./bin/apisix start
$ ps -ef | grep apisix
resty 551863 1 0 06:45 ? 00:00:00 nginx: master process openresty -p /home/resty/git/membphis/apisix -c /home/resty/git/membphis/apisix/conf/nginx.conf
resty 552021 253872 0 06:46 pts/0 00:00:00 grep --color=auto --exclude-dir=.bzr --exclude-dir=CVS --exclude-dir=.git --exclude-dir=.hg --exclude-dir=.svn apisix
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] moonming commented on a change in pull request #2092: bug: removed default access token for Admin API.
Posted by GitBox <gi...@apache.org>.
moonming commented on a change in pull request #2092:
URL: https://github.com/apache/apisix/pull/2092#discussion_r487758643
##########
File path: bin/apisix
##########
@@ -637,6 +637,45 @@ local function read_yaml_conf()
merge_conf(default_conf, user_conf)
end
+ -- check the Admin API token
+ if default_conf.apisix.enable_admin then
+ local help = [[
+ERROR: missing valid apisix.admin_key
+
+Needs to set Admin API key in file `conf/config.yaml` . Here is an example:
+
+#############################
+apisix:
+ admin_key:
+ -
+ name: "admin"
+ key: # <-- replace with your Admin Key
+ role: admin
+#############################
+
+Then you can use it to access Admin API.
+eg: $ curl -i http://127.0.0.1:]] .. default_conf.apisix.node_listen .. [[/apisix/admin/routes/1 -H 'X-API-KEY: YOUR-KEY'
+]]
+ if type(default_conf.apisix.admin_key) ~= "table" or
+ #default_conf.apisix.admin_key == 0
+ then
+ io.stderr:write(help, "\n")
+ os.exit(1)
+ end
+
+ for _, admin in ipairs(default_conf.apisix.admin_key) do
+ if type(admin.key) == "table" then
+ admin.key = ""
+ else
+ admin.key = tostring(admin.key)
+ end
+
+ if admin.key == "" or admin.key:gsub("*", "") == "" then
Review comment:
can we add `gen_admin_key` to the `start` function?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] membphis commented on a change in pull request #2092: bug: removed default access token for Admin API.
Posted by GitBox <gi...@apache.org>.
membphis commented on a change in pull request #2092:
URL: https://github.com/apache/apisix/pull/2092#discussion_r486965508
##########
File path: bin/apisix
##########
@@ -637,6 +637,45 @@ local function read_yaml_conf()
merge_conf(default_conf, user_conf)
end
+ -- check the Admin API token
+ if default_conf.apisix.enable_admin then
+ local help = [[
+ERROR: missing valid apisix.admin_key
+
+Needs to set Admin API key in file `conf/config.yaml` . Here is an example:
+
+#############################
+apisix:
+ admin_key:
+ -
+ name: "admin"
+ key: # <-- replace with your Admin Key
+ role: admin
+#############################
+
+Then you can use it to access Admin API.
+eg: $ curl -i http://127.0.0.1:]] .. default_conf.apisix.node_listen .. [[/apisix/admin/routes/1 -H 'X-API-KEY: YOUR-KEY'
+]]
+ if type(default_conf.apisix.admin_key) ~= "table" or
+ #default_conf.apisix.admin_key == 0
+ then
+ io.stderr:write(help, "\n")
+ os.exit(1)
+ end
+
+ for _, admin in ipairs(default_conf.apisix.admin_key) do
+ if type(admin.key) == "table" then
+ admin.key = ""
+ else
+ admin.key = tostring(admin.key)
+ end
+
+ if admin.key == "" or admin.key:gsub("*", "") == "" then
Review comment:
```shell
$ ./bin/apisix start
ERROR: missing valid apisix.admin_key
You can call `./bin/apisix gen_admin_key` to generate a new Admin API key or
manually update the `conf/config.yaml` file.
$ ./bin/apisix gen_admin_key
generate admin key successfully
$ ./bin/apisix start
$ ps -ef | grep apisix
resty 551863 1 0 06:45 ? 00:00:00 nginx: master process openresty -p /home/resty/git/membphis/apisix -c /home/resty/git/membphis/apisix/conf/nginx.conf
resty 552021 253872 0 06:46 pts/0 00:00:00 grep --color=auto --exclude-dir=.bzr --exclude-dir=CVS --exclude-dir=.git --exclude-dir=.hg --exclude-dir=.svn apisix
##########
File path: bin/apisix
##########
@@ -637,6 +637,45 @@ local function read_yaml_conf()
merge_conf(default_conf, user_conf)
end
+ -- check the Admin API token
+ if default_conf.apisix.enable_admin then
+ local help = [[
+ERROR: missing valid apisix.admin_key
+
+Needs to set Admin API key in file `conf/config.yaml` . Here is an example:
+
+#############################
+apisix:
+ admin_key:
+ -
+ name: "admin"
+ key: # <-- replace with your Admin Key
+ role: admin
+#############################
+
+Then you can use it to access Admin API.
+eg: $ curl -i http://127.0.0.1:]] .. default_conf.apisix.node_listen .. [[/apisix/admin/routes/1 -H 'X-API-KEY: YOUR-KEY'
+]]
+ if type(default_conf.apisix.admin_key) ~= "table" or
+ #default_conf.apisix.admin_key == 0
+ then
+ io.stderr:write(help, "\n")
+ os.exit(1)
+ end
+
+ for _, admin in ipairs(default_conf.apisix.admin_key) do
+ if type(admin.key) == "table" then
+ admin.key = ""
+ else
+ admin.key = tostring(admin.key)
+ end
+
+ if admin.key == "" or admin.key:gsub("*", "") == "" then
Review comment:
the user needs to call `apisix gen_admin_key` if missing a valid Admin API key.
##########
File path: bin/apisix
##########
@@ -637,6 +637,45 @@ local function read_yaml_conf()
merge_conf(default_conf, user_conf)
end
+ -- check the Admin API token
+ if default_conf.apisix.enable_admin then
+ local help = [[
+ERROR: missing valid apisix.admin_key
+
+Needs to set Admin API key in file `conf/config.yaml` . Here is an example:
+
+#############################
+apisix:
+ admin_key:
+ -
+ name: "admin"
+ key: # <-- replace with your Admin Key
+ role: admin
+#############################
+
+Then you can use it to access Admin API.
+eg: $ curl -i http://127.0.0.1:]] .. default_conf.apisix.node_listen .. [[/apisix/admin/routes/1 -H 'X-API-KEY: YOUR-KEY'
+]]
+ if type(default_conf.apisix.admin_key) ~= "table" or
+ #default_conf.apisix.admin_key == 0
+ then
+ io.stderr:write(help, "\n")
+ os.exit(1)
+ end
+
+ for _, admin in ipairs(default_conf.apisix.admin_key) do
+ if type(admin.key) == "table" then
+ admin.key = ""
+ else
+ admin.key = tostring(admin.key)
+ end
+
+ if admin.key == "" or admin.key:gsub("*", "") == "" then
Review comment:
```shell
$ ./bin/apisix start
ERROR: missing valid apisix.admin_key
You can call `./bin/apisix gen_admin_key` to generate a new Admin API key or
manually update the `conf/config.yaml` file.
$ ./bin/apisix gen_admin_key
generate admin key successfully
$ ./bin/apisix start
$ ps -ef | grep apisix
resty 551863 1 0 06:45 ? 00:00:00 nginx: master process openresty -p /home/resty/git/membphis/apisix -c /home/resty/git/membphis/apisix/conf/nginx.conf
resty 552021 253872 0 06:46 pts/0 00:00:00 grep --color=auto --exclude-dir=.bzr --exclude-dir=CVS --exclude-dir=.git --exclude-dir=.hg --exclude-dir=.svn apisix
##########
File path: bin/apisix
##########
@@ -637,6 +637,45 @@ local function read_yaml_conf()
merge_conf(default_conf, user_conf)
end
+ -- check the Admin API token
+ if default_conf.apisix.enable_admin then
+ local help = [[
+ERROR: missing valid apisix.admin_key
+
+Needs to set Admin API key in file `conf/config.yaml` . Here is an example:
+
+#############################
+apisix:
+ admin_key:
+ -
+ name: "admin"
+ key: # <-- replace with your Admin Key
+ role: admin
+#############################
+
+Then you can use it to access Admin API.
+eg: $ curl -i http://127.0.0.1:]] .. default_conf.apisix.node_listen .. [[/apisix/admin/routes/1 -H 'X-API-KEY: YOUR-KEY'
+]]
+ if type(default_conf.apisix.admin_key) ~= "table" or
+ #default_conf.apisix.admin_key == 0
+ then
+ io.stderr:write(help, "\n")
+ os.exit(1)
+ end
+
+ for _, admin in ipairs(default_conf.apisix.admin_key) do
+ if type(admin.key) == "table" then
+ admin.key = ""
+ else
+ admin.key = tostring(admin.key)
+ end
+
+ if admin.key == "" or admin.key:gsub("*", "") == "" then
Review comment:
the user needs to call `apisix gen_admin_key` if missing a valid Admin API key.
##########
File path: bin/apisix
##########
@@ -637,6 +637,45 @@ local function read_yaml_conf()
merge_conf(default_conf, user_conf)
end
+ -- check the Admin API token
+ if default_conf.apisix.enable_admin then
+ local help = [[
+ERROR: missing valid apisix.admin_key
+
+Needs to set Admin API key in file `conf/config.yaml` . Here is an example:
+
+#############################
+apisix:
+ admin_key:
+ -
+ name: "admin"
+ key: # <-- replace with your Admin Key
+ role: admin
+#############################
+
+Then you can use it to access Admin API.
+eg: $ curl -i http://127.0.0.1:]] .. default_conf.apisix.node_listen .. [[/apisix/admin/routes/1 -H 'X-API-KEY: YOUR-KEY'
+]]
+ if type(default_conf.apisix.admin_key) ~= "table" or
+ #default_conf.apisix.admin_key == 0
+ then
+ io.stderr:write(help, "\n")
+ os.exit(1)
+ end
+
+ for _, admin in ipairs(default_conf.apisix.admin_key) do
+ if type(admin.key) == "table" then
+ admin.key = ""
+ else
+ admin.key = tostring(admin.key)
+ end
+
+ if admin.key == "" or admin.key:gsub("*", "") == "" then
Review comment:
```shell
$ ./bin/apisix start
ERROR: missing valid apisix.admin_key
You can call `./bin/apisix gen_admin_key` to generate a new Admin API key or
manually update the `conf/config.yaml` file.
$ ./bin/apisix gen_admin_key
generate admin key successfully
$ ./bin/apisix start
$ ps -ef | grep apisix
resty 551863 1 0 06:45 ? 00:00:00 nginx: master process openresty -p /home/resty/git/membphis/apisix -c /home/resty/git/membphis/apisix/conf/nginx.conf
resty 552021 253872 0 06:46 pts/0 00:00:00 grep --color=auto --exclude-dir=.bzr --exclude-dir=CVS --exclude-dir=.git --exclude-dir=.hg --exclude-dir=.svn apisix
##########
File path: bin/apisix
##########
@@ -637,6 +637,45 @@ local function read_yaml_conf()
merge_conf(default_conf, user_conf)
end
+ -- check the Admin API token
+ if default_conf.apisix.enable_admin then
+ local help = [[
+ERROR: missing valid apisix.admin_key
+
+Needs to set Admin API key in file `conf/config.yaml` . Here is an example:
+
+#############################
+apisix:
+ admin_key:
+ -
+ name: "admin"
+ key: # <-- replace with your Admin Key
+ role: admin
+#############################
+
+Then you can use it to access Admin API.
+eg: $ curl -i http://127.0.0.1:]] .. default_conf.apisix.node_listen .. [[/apisix/admin/routes/1 -H 'X-API-KEY: YOUR-KEY'
+]]
+ if type(default_conf.apisix.admin_key) ~= "table" or
+ #default_conf.apisix.admin_key == 0
+ then
+ io.stderr:write(help, "\n")
+ os.exit(1)
+ end
+
+ for _, admin in ipairs(default_conf.apisix.admin_key) do
+ if type(admin.key) == "table" then
+ admin.key = ""
+ else
+ admin.key = tostring(admin.key)
+ end
+
+ if admin.key == "" or admin.key:gsub("*", "") == "" then
Review comment:
the user needs to call `apisix gen_admin_key` if missing a valid Admin API key.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] moonming commented on a change in pull request #2092: bug: removed default access token for Admin API.
Posted by GitBox <gi...@apache.org>.
moonming commented on a change in pull request #2092:
URL: https://github.com/apache/apisix/pull/2092#discussion_r477824853
##########
File path: .travis/apisix_cli_test.sh
##########
@@ -23,7 +23,14 @@
set -ex
-git checkout conf/config.yaml
+cat > conf/config.yaml <<EOF
+apisix:
+ admin_key:
+ -
+ name: admin
+ key: ADMIN_API_KEY
Review comment:
We should use a more `real` key in the test case
##########
File path: .travis/apisix_cli_test.sh
##########
@@ -166,7 +200,14 @@ echo "passed: admin https enabled"
# rollback to the default
-git checkout conf/config.yaml
+cat > conf/config.yaml <<EOF
+apisix:
+ admin_key:
+ -
+ name: admin
+ key: ADMIN_API_KEY
+ role: admin
+EOF
Review comment:
why repeat those codes so many times?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] moonming commented on a change in pull request #2092: bug: removed default access token for Admin API.
Posted by GitBox <gi...@apache.org>.
moonming commented on a change in pull request #2092:
URL: https://github.com/apache/apisix/pull/2092#discussion_r477822484
##########
File path: conf/config.yaml
##########
@@ -21,3 +21,13 @@
# host:
# - "http://127.0.0.1:2379"
#
+#
+# If you want specify the Admin API token, this is an example:
+#
+# apisix:
+# admin_key:
+# -
+# name: "admin"
+# key: ****** # <-- replace with a random key
Review comment:
how about empty? user don't know `******` is invalid key.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] membphis commented on pull request #2092: bug: removed default access token for Admin API.
Posted by GitBox <gi...@apache.org>.
membphis commented on pull request #2092:
URL: https://github.com/apache/apisix/pull/2092#issuecomment-692493280
I have to close this PR, this PR contains other people's commit logs.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] membphis commented on a change in pull request #2092: bug: removed default access token for Admin API.
Posted by GitBox <gi...@apache.org>.
membphis commented on a change in pull request #2092:
URL: https://github.com/apache/apisix/pull/2092#discussion_r486965508
##########
File path: bin/apisix
##########
@@ -637,6 +637,45 @@ local function read_yaml_conf()
merge_conf(default_conf, user_conf)
end
+ -- check the Admin API token
+ if default_conf.apisix.enable_admin then
+ local help = [[
+ERROR: missing valid apisix.admin_key
+
+Needs to set Admin API key in file `conf/config.yaml` . Here is an example:
+
+#############################
+apisix:
+ admin_key:
+ -
+ name: "admin"
+ key: # <-- replace with your Admin Key
+ role: admin
+#############################
+
+Then you can use it to access Admin API.
+eg: $ curl -i http://127.0.0.1:]] .. default_conf.apisix.node_listen .. [[/apisix/admin/routes/1 -H 'X-API-KEY: YOUR-KEY'
+]]
+ if type(default_conf.apisix.admin_key) ~= "table" or
+ #default_conf.apisix.admin_key == 0
+ then
+ io.stderr:write(help, "\n")
+ os.exit(1)
+ end
+
+ for _, admin in ipairs(default_conf.apisix.admin_key) do
+ if type(admin.key) == "table" then
+ admin.key = ""
+ else
+ admin.key = tostring(admin.key)
+ end
+
+ if admin.key == "" or admin.key:gsub("*", "") == "" then
Review comment:
```shell
$ ./bin/apisix start
ERROR: missing valid apisix.admin_key
You can call `./bin/apisix gen_admin_key` to generate a new Admin API key or
manually update the `conf/config.yaml` file.
$ ./bin/apisix gen_admin_key
generate admin key successfully
$ ./bin/apisix start
$ ps -ef | grep apisix
resty 551863 1 0 06:45 ? 00:00:00 nginx: master process openresty -p /home/resty/git/membphis/apisix -c /home/resty/git/membphis/apisix/conf/nginx.conf
resty 552021 253872 0 06:46 pts/0 00:00:00 grep --color=auto --exclude-dir=.bzr --exclude-dir=CVS --exclude-dir=.git --exclude-dir=.hg --exclude-dir=.svn apisix
##########
File path: bin/apisix
##########
@@ -637,6 +637,45 @@ local function read_yaml_conf()
merge_conf(default_conf, user_conf)
end
+ -- check the Admin API token
+ if default_conf.apisix.enable_admin then
+ local help = [[
+ERROR: missing valid apisix.admin_key
+
+Needs to set Admin API key in file `conf/config.yaml` . Here is an example:
+
+#############################
+apisix:
+ admin_key:
+ -
+ name: "admin"
+ key: # <-- replace with your Admin Key
+ role: admin
+#############################
+
+Then you can use it to access Admin API.
+eg: $ curl -i http://127.0.0.1:]] .. default_conf.apisix.node_listen .. [[/apisix/admin/routes/1 -H 'X-API-KEY: YOUR-KEY'
+]]
+ if type(default_conf.apisix.admin_key) ~= "table" or
+ #default_conf.apisix.admin_key == 0
+ then
+ io.stderr:write(help, "\n")
+ os.exit(1)
+ end
+
+ for _, admin in ipairs(default_conf.apisix.admin_key) do
+ if type(admin.key) == "table" then
+ admin.key = ""
+ else
+ admin.key = tostring(admin.key)
+ end
+
+ if admin.key == "" or admin.key:gsub("*", "") == "" then
Review comment:
the user needs to call `apisix gen_admin_key` if missing a valid Admin API key.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] moonming commented on a change in pull request #2092: bug: removed default access token for Admin API.
Posted by GitBox <gi...@apache.org>.
moonming commented on a change in pull request #2092:
URL: https://github.com/apache/apisix/pull/2092#discussion_r486140004
##########
File path: FAQ.md
##########
@@ -80,7 +80,7 @@ An example, `foo.com/product/index.html?id=204&page=2`, gray release based on `i
here is the way:
```shell
-curl -i http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+curl -i http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: ******' -X PUT -d '
Review comment:
`******` should be the key in `conf/config.yaml`. Is it possible to do this through a shell script?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] moonming commented on a change in pull request #2092: bug: removed default access token for Admin API.
Posted by GitBox <gi...@apache.org>.
moonming commented on a change in pull request #2092:
URL: https://github.com/apache/apisix/pull/2092#discussion_r486140991
##########
File path: FAQ.md
##########
@@ -80,7 +80,7 @@ An example, `foo.com/product/index.html?id=204&page=2`, gray release based on `i
here is the way:
```shell
-curl -i http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+curl -i http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: ******' -X PUT -d '
Review comment:
Or just `YOUR_API_TOKEN in conf/config.yaml` instead of `******`
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] membphis commented on a change in pull request #2092: bug: removed default access token for Admin API.
Posted by GitBox <gi...@apache.org>.
membphis commented on a change in pull request #2092:
URL: https://github.com/apache/apisix/pull/2092#discussion_r488413639
##########
File path: bin/apisix
##########
@@ -637,6 +637,45 @@ local function read_yaml_conf()
merge_conf(default_conf, user_conf)
end
+ -- check the Admin API token
+ if default_conf.apisix.enable_admin then
+ local help = [[
+ERROR: missing valid apisix.admin_key
+
+Needs to set Admin API key in file `conf/config.yaml` . Here is an example:
+
+#############################
+apisix:
+ admin_key:
+ -
+ name: "admin"
+ key: # <-- replace with your Admin Key
+ role: admin
+#############################
+
+Then you can use it to access Admin API.
+eg: $ curl -i http://127.0.0.1:]] .. default_conf.apisix.node_listen .. [[/apisix/admin/routes/1 -H 'X-API-KEY: YOUR-KEY'
+]]
+ if type(default_conf.apisix.admin_key) ~= "table" or
+ #default_conf.apisix.admin_key == 0
+ then
+ io.stderr:write(help, "\n")
+ os.exit(1)
+ end
+
+ for _, admin in ipairs(default_conf.apisix.admin_key) do
+ if type(admin.key) == "table" then
+ admin.key = ""
+ else
+ admin.key = tostring(admin.key)
+ end
+
+ if admin.key == "" or admin.key:gsub("*", "") == "" then
Review comment:
the `gen_admin_key` will modify the `conf/config.yaml`, I think we should only update the `conf/config.yaml` when the user wants to update it.
When the service is started, APISIX should only be able to read the `conf/config.yaml` file by default.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] membphis closed pull request #2092: bug: removed default access token for Admin API.
Posted by GitBox <gi...@apache.org>.
membphis closed pull request #2092:
URL: https://github.com/apache/apisix/pull/2092
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] membphis commented on a change in pull request #2092: bug: removed default access token for Admin API.
Posted by GitBox <gi...@apache.org>.
membphis commented on a change in pull request #2092:
URL: https://github.com/apache/apisix/pull/2092#discussion_r477438713
##########
File path: conf/config.yaml
##########
@@ -21,3 +21,13 @@
# host:
# - "http://127.0.0.1:2379"
#
+#
+# If you want specify the Admin API token, this is an example:
+#
+# apisix:
+# admin_key:
+# -
+# name: "admin"
+# key: ****** # <-- replace with a random key
Review comment:
here is a fake example, `******` is an invalid key.
I think `******` is better than `YOUR_ADMIN_TOKEN`, because `YOUR_ADMIN_TOKEN` is a valid token.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] membphis commented on a change in pull request #2092: bug: removed default access token for Admin API.
Posted by GitBox <gi...@apache.org>.
membphis commented on a change in pull request #2092:
URL: https://github.com/apache/apisix/pull/2092#discussion_r477014540
##########
File path: t/admin/token.t
##########
@@ -155,7 +164,7 @@ PUT /apisix/admin/plugins/reload
=== TEST 6: reload plugins with api key(arguments)
--- request
-PUT /apisix/admin/plugins/reload?api_key=edd1c9f034335f136f87ad84b625c8f1
+PUT /apisix/admin/plugins/reload?api_key=******
Review comment:
this is should be wrong. will fix it later
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] membphis commented on pull request #2092: bug: removed default access token for Admin API.
Posted by GitBox <gi...@apache.org>.
membphis commented on pull request #2092:
URL: https://github.com/apache/apisix/pull/2092#issuecomment-683558590
@apache/apisix-committers please take a look at this PR, it is ready to merge
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] membphis commented on a change in pull request #2092: bug: removed default access token for Admin API.
Posted by GitBox <gi...@apache.org>.
membphis commented on a change in pull request #2092:
URL: https://github.com/apache/apisix/pull/2092#discussion_r479867959
##########
File path: .travis/apisix_cli_test.sh
##########
@@ -166,7 +200,14 @@ echo "passed: admin https enabled"
# rollback to the default
-git checkout conf/config.yaml
+cat > conf/config.yaml <<EOF
+apisix:
+ admin_key:
+ -
+ name: admin
+ key: ADMIN_API_KEY
+ role: admin
+EOF
Review comment:
use a random key in this script now
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] membphis commented on a change in pull request #2092: bug: removed default access token for Admin API.
Posted by GitBox <gi...@apache.org>.
membphis commented on a change in pull request #2092:
URL: https://github.com/apache/apisix/pull/2092#discussion_r485309909
##########
File path: FAQ.md
##########
@@ -80,7 +80,7 @@ An example, `foo.com/product/index.html?id=204&page=2`, gray release based on `i
here is the way:
```shell
-curl -i http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+curl -i http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: ******' -X PUT -d '
Review comment:
that is a fake example. `********` is an invalid key.
https://github.com/apache/apisix/pull/2092/files#diff-62edadffc237f13dc28a694080d293a8R670
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] moonming commented on a change in pull request #2092: bug: removed default access token for Admin API.
Posted by GitBox <gi...@apache.org>.
moonming commented on a change in pull request #2092:
URL: https://github.com/apache/apisix/pull/2092#discussion_r486136441
##########
File path: conf/config.yaml
##########
@@ -14,10 +14,23 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
+#
+# If you want specify the Admin API token. It is highly recommended to set a
+# high-complexity key to protect APISIX. This is an example:
+#
+# apisix:
+# admin_key:
+# -
+# name: "admin"
+# key: # <-- replace with your Admin Key
+# role: admin
Review comment:
Why comment these codes?
##########
File path: bin/apisix
##########
@@ -637,6 +637,45 @@ local function read_yaml_conf()
merge_conf(default_conf, user_conf)
end
+ -- check the Admin API token
+ if default_conf.apisix.enable_admin then
+ local help = [[
+ERROR: missing valid apisix.admin_key
+
+Needs to set Admin API key in file `conf/config.yaml` . Here is an example:
+
+#############################
+apisix:
+ admin_key:
+ -
+ name: "admin"
+ key: # <-- replace with your Admin Key
+ role: admin
+#############################
+
+Then you can use it to access Admin API.
+eg: $ curl -i http://127.0.0.1:]] .. default_conf.apisix.node_listen .. [[/apisix/admin/routes/1 -H 'X-API-KEY: YOUR-KEY'
+]]
+ if type(default_conf.apisix.admin_key) ~= "table" or
+ #default_conf.apisix.admin_key == 0
+ then
+ io.stderr:write(help, "\n")
+ os.exit(1)
+ end
+
+ for _, admin in ipairs(default_conf.apisix.admin_key) do
+ if type(admin.key) == "table" then
+ admin.key = ""
+ else
+ admin.key = tostring(admin.key)
+ end
+
+ if admin.key == "" or admin.key:gsub("*", "") == "" then
Review comment:
After the user installs Apache APISIX, it will definitely fail at start, which is a very bad experience.
As discussed in the mailing list, we need to automatically generate a random key when apisix starts
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] membphis commented on a change in pull request #2092: bug: removed default access token for Admin API.
Posted by GitBox <gi...@apache.org>.
membphis commented on a change in pull request #2092:
URL: https://github.com/apache/apisix/pull/2092#discussion_r486966337
##########
File path: bin/apisix
##########
@@ -637,6 +637,45 @@ local function read_yaml_conf()
merge_conf(default_conf, user_conf)
end
+ -- check the Admin API token
+ if default_conf.apisix.enable_admin then
+ local help = [[
+ERROR: missing valid apisix.admin_key
+
+Needs to set Admin API key in file `conf/config.yaml` . Here is an example:
+
+#############################
+apisix:
+ admin_key:
+ -
+ name: "admin"
+ key: # <-- replace with your Admin Key
+ role: admin
+#############################
+
+Then you can use it to access Admin API.
+eg: $ curl -i http://127.0.0.1:]] .. default_conf.apisix.node_listen .. [[/apisix/admin/routes/1 -H 'X-API-KEY: YOUR-KEY'
+]]
+ if type(default_conf.apisix.admin_key) ~= "table" or
+ #default_conf.apisix.admin_key == 0
+ then
+ io.stderr:write(help, "\n")
+ os.exit(1)
+ end
+
+ for _, admin in ipairs(default_conf.apisix.admin_key) do
+ if type(admin.key) == "table" then
+ admin.key = ""
+ else
+ admin.key = tostring(admin.key)
+ end
+
+ if admin.key == "" or admin.key:gsub("*", "") == "" then
Review comment:
the user needs to call `apisix gen_admin_key` if missing a valid Admin API key.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] moonming commented on a change in pull request #2092: bug: removed default access token for Admin API.
Posted by GitBox <gi...@apache.org>.
moonming commented on a change in pull request #2092:
URL: https://github.com/apache/apisix/pull/2092#discussion_r476292239
##########
File path: conf/config.yaml
##########
@@ -21,3 +21,13 @@
# host:
# - "http://127.0.0.1:2379"
#
+#
+# If you want specify the Admin API token, this is an example:
+#
+# apisix:
+# admin_key:
+# -
+# name: "admin"
+# key: ****** # <-- replace with a random key
Review comment:
please keep the same style as https://github.com/apache/apisix/pull/2092/files#diff-4c362b2e3d4cc07f3af3b469be2a913cR75
##########
File path: FAQ.md
##########
@@ -80,7 +80,7 @@ An example, `foo.com/product/index.html?id=204&page=2`, gray release based on `i
here is the way:
```shell
-curl -i http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+curl -i http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: ******' -X PUT -d '
Review comment:
what is `******`? users will copy-paste this cmd directly.
##########
File path: t/admin/token.t
##########
@@ -155,7 +164,7 @@ PUT /apisix/admin/plugins/reload
=== TEST 6: reload plugins with api key(arguments)
--- request
-PUT /apisix/admin/plugins/reload?api_key=edd1c9f034335f136f87ad84b625c8f1
+PUT /apisix/admin/plugins/reload?api_key=******
Review comment:
`******` as the key is unacceptable
##########
File path: t/APISIX.pm
##########
@@ -81,7 +81,11 @@ apisix:
stream_proxy:
tcp:
- 9100
- admin_key: null
+ admin_key:
+ -
+ name: "admin"
+ key: YOUR_API_KEY
Review comment:
`YOUR_API_KEY` can not be the key
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] lilien1010 commented on a change in pull request #2092: bug: removed default access token for Admin API.
Posted by GitBox <gi...@apache.org>.
lilien1010 commented on a change in pull request #2092:
URL: https://github.com/apache/apisix/pull/2092#discussion_r485292961
##########
File path: FAQ.md
##########
@@ -80,7 +80,7 @@ An example, `foo.com/product/index.html?id=204&page=2`, gray release based on `i
here is the way:
```shell
-curl -i http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+curl -i http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: ******' -X PUT -d '
Review comment:
I think we can use some hints if the X-API-KEY is not a validate key.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] membphis commented on a change in pull request #2092: bug: removed default access token for Admin API.
Posted by GitBox <gi...@apache.org>.
membphis commented on a change in pull request #2092:
URL: https://github.com/apache/apisix/pull/2092#discussion_r479869859
##########
File path: conf/config.yaml
##########
@@ -21,3 +21,13 @@
# host:
# - "http://127.0.0.1:2379"
#
+#
+# If you want specify the Admin API token, this is an example:
+#
+# apisix:
+# admin_key:
+# -
+# name: "admin"
+# key: ****** # <-- replace with a random key
Review comment:
will fix it soon
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] membphis commented on a change in pull request #2092: bug: removed default access token for Admin API.
Posted by GitBox <gi...@apache.org>.
membphis commented on a change in pull request #2092:
URL: https://github.com/apache/apisix/pull/2092#discussion_r486965508
##########
File path: bin/apisix
##########
@@ -637,6 +637,45 @@ local function read_yaml_conf()
merge_conf(default_conf, user_conf)
end
+ -- check the Admin API token
+ if default_conf.apisix.enable_admin then
+ local help = [[
+ERROR: missing valid apisix.admin_key
+
+Needs to set Admin API key in file `conf/config.yaml` . Here is an example:
+
+#############################
+apisix:
+ admin_key:
+ -
+ name: "admin"
+ key: # <-- replace with your Admin Key
+ role: admin
+#############################
+
+Then you can use it to access Admin API.
+eg: $ curl -i http://127.0.0.1:]] .. default_conf.apisix.node_listen .. [[/apisix/admin/routes/1 -H 'X-API-KEY: YOUR-KEY'
+]]
+ if type(default_conf.apisix.admin_key) ~= "table" or
+ #default_conf.apisix.admin_key == 0
+ then
+ io.stderr:write(help, "\n")
+ os.exit(1)
+ end
+
+ for _, admin in ipairs(default_conf.apisix.admin_key) do
+ if type(admin.key) == "table" then
+ admin.key = ""
+ else
+ admin.key = tostring(admin.key)
+ end
+
+ if admin.key == "" or admin.key:gsub("*", "") == "" then
Review comment:
```shell
$ ./bin/apisix start
ERROR: missing valid apisix.admin_key
You can call `./bin/apisix gen_admin_key` to generate a new Admin API key or
manually update the `conf/config.yaml` file.
$ ./bin/apisix gen_admin_key
generate admin key successfully
$ ./bin/apisix start
$ ps -ef | grep apisix
resty 551863 1 0 06:45 ? 00:00:00 nginx: master process openresty -p /home/resty/git/membphis/apisix -c /home/resty/git/membphis/apisix/conf/nginx.conf
resty 552021 253872 0 06:46 pts/0 00:00:00 grep --color=auto --exclude-dir=.bzr --exclude-dir=CVS --exclude-dir=.git --exclude-dir=.hg --exclude-dir=.svn apisix
##########
File path: bin/apisix
##########
@@ -637,6 +637,45 @@ local function read_yaml_conf()
merge_conf(default_conf, user_conf)
end
+ -- check the Admin API token
+ if default_conf.apisix.enable_admin then
+ local help = [[
+ERROR: missing valid apisix.admin_key
+
+Needs to set Admin API key in file `conf/config.yaml` . Here is an example:
+
+#############################
+apisix:
+ admin_key:
+ -
+ name: "admin"
+ key: # <-- replace with your Admin Key
+ role: admin
+#############################
+
+Then you can use it to access Admin API.
+eg: $ curl -i http://127.0.0.1:]] .. default_conf.apisix.node_listen .. [[/apisix/admin/routes/1 -H 'X-API-KEY: YOUR-KEY'
+]]
+ if type(default_conf.apisix.admin_key) ~= "table" or
+ #default_conf.apisix.admin_key == 0
+ then
+ io.stderr:write(help, "\n")
+ os.exit(1)
+ end
+
+ for _, admin in ipairs(default_conf.apisix.admin_key) do
+ if type(admin.key) == "table" then
+ admin.key = ""
+ else
+ admin.key = tostring(admin.key)
+ end
+
+ if admin.key == "" or admin.key:gsub("*", "") == "" then
Review comment:
the user needs to call `apisix gen_admin_key` if missing a valid Admin API key.
##########
File path: bin/apisix
##########
@@ -637,6 +637,45 @@ local function read_yaml_conf()
merge_conf(default_conf, user_conf)
end
+ -- check the Admin API token
+ if default_conf.apisix.enable_admin then
+ local help = [[
+ERROR: missing valid apisix.admin_key
+
+Needs to set Admin API key in file `conf/config.yaml` . Here is an example:
+
+#############################
+apisix:
+ admin_key:
+ -
+ name: "admin"
+ key: # <-- replace with your Admin Key
+ role: admin
+#############################
+
+Then you can use it to access Admin API.
+eg: $ curl -i http://127.0.0.1:]] .. default_conf.apisix.node_listen .. [[/apisix/admin/routes/1 -H 'X-API-KEY: YOUR-KEY'
+]]
+ if type(default_conf.apisix.admin_key) ~= "table" or
+ #default_conf.apisix.admin_key == 0
+ then
+ io.stderr:write(help, "\n")
+ os.exit(1)
+ end
+
+ for _, admin in ipairs(default_conf.apisix.admin_key) do
+ if type(admin.key) == "table" then
+ admin.key = ""
+ else
+ admin.key = tostring(admin.key)
+ end
+
+ if admin.key == "" or admin.key:gsub("*", "") == "" then
Review comment:
```shell
$ ./bin/apisix start
ERROR: missing valid apisix.admin_key
You can call `./bin/apisix gen_admin_key` to generate a new Admin API key or
manually update the `conf/config.yaml` file.
$ ./bin/apisix gen_admin_key
generate admin key successfully
$ ./bin/apisix start
$ ps -ef | grep apisix
resty 551863 1 0 06:45 ? 00:00:00 nginx: master process openresty -p /home/resty/git/membphis/apisix -c /home/resty/git/membphis/apisix/conf/nginx.conf
resty 552021 253872 0 06:46 pts/0 00:00:00 grep --color=auto --exclude-dir=.bzr --exclude-dir=CVS --exclude-dir=.git --exclude-dir=.hg --exclude-dir=.svn apisix
##########
File path: bin/apisix
##########
@@ -637,6 +637,45 @@ local function read_yaml_conf()
merge_conf(default_conf, user_conf)
end
+ -- check the Admin API token
+ if default_conf.apisix.enable_admin then
+ local help = [[
+ERROR: missing valid apisix.admin_key
+
+Needs to set Admin API key in file `conf/config.yaml` . Here is an example:
+
+#############################
+apisix:
+ admin_key:
+ -
+ name: "admin"
+ key: # <-- replace with your Admin Key
+ role: admin
+#############################
+
+Then you can use it to access Admin API.
+eg: $ curl -i http://127.0.0.1:]] .. default_conf.apisix.node_listen .. [[/apisix/admin/routes/1 -H 'X-API-KEY: YOUR-KEY'
+]]
+ if type(default_conf.apisix.admin_key) ~= "table" or
+ #default_conf.apisix.admin_key == 0
+ then
+ io.stderr:write(help, "\n")
+ os.exit(1)
+ end
+
+ for _, admin in ipairs(default_conf.apisix.admin_key) do
+ if type(admin.key) == "table" then
+ admin.key = ""
+ else
+ admin.key = tostring(admin.key)
+ end
+
+ if admin.key == "" or admin.key:gsub("*", "") == "" then
Review comment:
the user needs to call `apisix gen_admin_key` if missing a valid Admin API key.
##########
File path: bin/apisix
##########
@@ -637,6 +637,45 @@ local function read_yaml_conf()
merge_conf(default_conf, user_conf)
end
+ -- check the Admin API token
+ if default_conf.apisix.enable_admin then
+ local help = [[
+ERROR: missing valid apisix.admin_key
+
+Needs to set Admin API key in file `conf/config.yaml` . Here is an example:
+
+#############################
+apisix:
+ admin_key:
+ -
+ name: "admin"
+ key: # <-- replace with your Admin Key
+ role: admin
+#############################
+
+Then you can use it to access Admin API.
+eg: $ curl -i http://127.0.0.1:]] .. default_conf.apisix.node_listen .. [[/apisix/admin/routes/1 -H 'X-API-KEY: YOUR-KEY'
+]]
+ if type(default_conf.apisix.admin_key) ~= "table" or
+ #default_conf.apisix.admin_key == 0
+ then
+ io.stderr:write(help, "\n")
+ os.exit(1)
+ end
+
+ for _, admin in ipairs(default_conf.apisix.admin_key) do
+ if type(admin.key) == "table" then
+ admin.key = ""
+ else
+ admin.key = tostring(admin.key)
+ end
+
+ if admin.key == "" or admin.key:gsub("*", "") == "" then
Review comment:
```shell
$ ./bin/apisix start
ERROR: missing valid apisix.admin_key
You can call `./bin/apisix gen_admin_key` to generate a new Admin API key or
manually update the `conf/config.yaml` file.
$ ./bin/apisix gen_admin_key
generate admin key successfully
$ ./bin/apisix start
$ ps -ef | grep apisix
resty 551863 1 0 06:45 ? 00:00:00 nginx: master process openresty -p /home/resty/git/membphis/apisix -c /home/resty/git/membphis/apisix/conf/nginx.conf
resty 552021 253872 0 06:46 pts/0 00:00:00 grep --color=auto --exclude-dir=.bzr --exclude-dir=CVS --exclude-dir=.git --exclude-dir=.hg --exclude-dir=.svn apisix
##########
File path: bin/apisix
##########
@@ -637,6 +637,45 @@ local function read_yaml_conf()
merge_conf(default_conf, user_conf)
end
+ -- check the Admin API token
+ if default_conf.apisix.enable_admin then
+ local help = [[
+ERROR: missing valid apisix.admin_key
+
+Needs to set Admin API key in file `conf/config.yaml` . Here is an example:
+
+#############################
+apisix:
+ admin_key:
+ -
+ name: "admin"
+ key: # <-- replace with your Admin Key
+ role: admin
+#############################
+
+Then you can use it to access Admin API.
+eg: $ curl -i http://127.0.0.1:]] .. default_conf.apisix.node_listen .. [[/apisix/admin/routes/1 -H 'X-API-KEY: YOUR-KEY'
+]]
+ if type(default_conf.apisix.admin_key) ~= "table" or
+ #default_conf.apisix.admin_key == 0
+ then
+ io.stderr:write(help, "\n")
+ os.exit(1)
+ end
+
+ for _, admin in ipairs(default_conf.apisix.admin_key) do
+ if type(admin.key) == "table" then
+ admin.key = ""
+ else
+ admin.key = tostring(admin.key)
+ end
+
+ if admin.key == "" or admin.key:gsub("*", "") == "" then
Review comment:
the user needs to call `apisix gen_admin_key` if missing a valid Admin API key.
##########
File path: bin/apisix
##########
@@ -637,6 +637,45 @@ local function read_yaml_conf()
merge_conf(default_conf, user_conf)
end
+ -- check the Admin API token
+ if default_conf.apisix.enable_admin then
+ local help = [[
+ERROR: missing valid apisix.admin_key
+
+Needs to set Admin API key in file `conf/config.yaml` . Here is an example:
+
+#############################
+apisix:
+ admin_key:
+ -
+ name: "admin"
+ key: # <-- replace with your Admin Key
+ role: admin
+#############################
+
+Then you can use it to access Admin API.
+eg: $ curl -i http://127.0.0.1:]] .. default_conf.apisix.node_listen .. [[/apisix/admin/routes/1 -H 'X-API-KEY: YOUR-KEY'
+]]
+ if type(default_conf.apisix.admin_key) ~= "table" or
+ #default_conf.apisix.admin_key == 0
+ then
+ io.stderr:write(help, "\n")
+ os.exit(1)
+ end
+
+ for _, admin in ipairs(default_conf.apisix.admin_key) do
+ if type(admin.key) == "table" then
+ admin.key = ""
+ else
+ admin.key = tostring(admin.key)
+ end
+
+ if admin.key == "" or admin.key:gsub("*", "") == "" then
Review comment:
```shell
$ ./bin/apisix start
ERROR: missing valid apisix.admin_key
You can call `./bin/apisix gen_admin_key` to generate a new Admin API key or
manually update the `conf/config.yaml` file.
$ ./bin/apisix gen_admin_key
generate admin key successfully
$ ./bin/apisix start
$ ps -ef | grep apisix
resty 551863 1 0 06:45 ? 00:00:00 nginx: master process openresty -p /home/resty/git/membphis/apisix -c /home/resty/git/membphis/apisix/conf/nginx.conf
resty 552021 253872 0 06:46 pts/0 00:00:00 grep --color=auto --exclude-dir=.bzr --exclude-dir=CVS --exclude-dir=.git --exclude-dir=.hg --exclude-dir=.svn apisix
##########
File path: bin/apisix
##########
@@ -637,6 +637,45 @@ local function read_yaml_conf()
merge_conf(default_conf, user_conf)
end
+ -- check the Admin API token
+ if default_conf.apisix.enable_admin then
+ local help = [[
+ERROR: missing valid apisix.admin_key
+
+Needs to set Admin API key in file `conf/config.yaml` . Here is an example:
+
+#############################
+apisix:
+ admin_key:
+ -
+ name: "admin"
+ key: # <-- replace with your Admin Key
+ role: admin
+#############################
+
+Then you can use it to access Admin API.
+eg: $ curl -i http://127.0.0.1:]] .. default_conf.apisix.node_listen .. [[/apisix/admin/routes/1 -H 'X-API-KEY: YOUR-KEY'
+]]
+ if type(default_conf.apisix.admin_key) ~= "table" or
+ #default_conf.apisix.admin_key == 0
+ then
+ io.stderr:write(help, "\n")
+ os.exit(1)
+ end
+
+ for _, admin in ipairs(default_conf.apisix.admin_key) do
+ if type(admin.key) == "table" then
+ admin.key = ""
+ else
+ admin.key = tostring(admin.key)
+ end
+
+ if admin.key == "" or admin.key:gsub("*", "") == "" then
Review comment:
the user needs to call `apisix gen_admin_key` if missing a valid Admin API key.
##########
File path: bin/apisix
##########
@@ -637,6 +637,45 @@ local function read_yaml_conf()
merge_conf(default_conf, user_conf)
end
+ -- check the Admin API token
+ if default_conf.apisix.enable_admin then
+ local help = [[
+ERROR: missing valid apisix.admin_key
+
+Needs to set Admin API key in file `conf/config.yaml` . Here is an example:
+
+#############################
+apisix:
+ admin_key:
+ -
+ name: "admin"
+ key: # <-- replace with your Admin Key
+ role: admin
+#############################
+
+Then you can use it to access Admin API.
+eg: $ curl -i http://127.0.0.1:]] .. default_conf.apisix.node_listen .. [[/apisix/admin/routes/1 -H 'X-API-KEY: YOUR-KEY'
+]]
+ if type(default_conf.apisix.admin_key) ~= "table" or
+ #default_conf.apisix.admin_key == 0
+ then
+ io.stderr:write(help, "\n")
+ os.exit(1)
+ end
+
+ for _, admin in ipairs(default_conf.apisix.admin_key) do
+ if type(admin.key) == "table" then
+ admin.key = ""
+ else
+ admin.key = tostring(admin.key)
+ end
+
+ if admin.key == "" or admin.key:gsub("*", "") == "" then
Review comment:
```shell
$ ./bin/apisix start
ERROR: missing valid apisix.admin_key
You can call `./bin/apisix gen_admin_key` to generate a new Admin API key or
manually update the `conf/config.yaml` file.
$ ./bin/apisix gen_admin_key
generate admin key successfully
$ ./bin/apisix start
$ ps -ef | grep apisix
resty 551863 1 0 06:45 ? 00:00:00 nginx: master process openresty -p /home/resty/git/membphis/apisix -c /home/resty/git/membphis/apisix/conf/nginx.conf
resty 552021 253872 0 06:46 pts/0 00:00:00 grep --color=auto --exclude-dir=.bzr --exclude-dir=CVS --exclude-dir=.git --exclude-dir=.hg --exclude-dir=.svn apisix
##########
File path: bin/apisix
##########
@@ -637,6 +637,45 @@ local function read_yaml_conf()
merge_conf(default_conf, user_conf)
end
+ -- check the Admin API token
+ if default_conf.apisix.enable_admin then
+ local help = [[
+ERROR: missing valid apisix.admin_key
+
+Needs to set Admin API key in file `conf/config.yaml` . Here is an example:
+
+#############################
+apisix:
+ admin_key:
+ -
+ name: "admin"
+ key: # <-- replace with your Admin Key
+ role: admin
+#############################
+
+Then you can use it to access Admin API.
+eg: $ curl -i http://127.0.0.1:]] .. default_conf.apisix.node_listen .. [[/apisix/admin/routes/1 -H 'X-API-KEY: YOUR-KEY'
+]]
+ if type(default_conf.apisix.admin_key) ~= "table" or
+ #default_conf.apisix.admin_key == 0
+ then
+ io.stderr:write(help, "\n")
+ os.exit(1)
+ end
+
+ for _, admin in ipairs(default_conf.apisix.admin_key) do
+ if type(admin.key) == "table" then
+ admin.key = ""
+ else
+ admin.key = tostring(admin.key)
+ end
+
+ if admin.key == "" or admin.key:gsub("*", "") == "" then
Review comment:
the user needs to call `apisix gen_admin_key` if missing a valid Admin API key.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] membphis commented on a change in pull request #2092: bug: removed default access token for Admin API.
Posted by GitBox <gi...@apache.org>.
membphis commented on a change in pull request #2092:
URL: https://github.com/apache/apisix/pull/2092#discussion_r477014633
##########
File path: t/APISIX.pm
##########
@@ -81,7 +81,11 @@ apisix:
stream_proxy:
tcp:
- 9100
- admin_key: null
+ admin_key:
+ -
+ name: "admin"
+ key: YOUR_API_KEY
Review comment:
it only for testing. maybe `TEST_API_KEY` is a better value
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] moonming commented on pull request #2092: bug: removed default access token for Admin API.
Posted by GitBox <gi...@apache.org>.
moonming commented on pull request #2092:
URL: https://github.com/apache/apisix/pull/2092#issuecomment-679898461
@membphis ping
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] membphis commented on pull request #2092: bug: removed default access token for Admin API.
Posted by GitBox <gi...@apache.org>.
membphis commented on pull request #2092:
URL: https://github.com/apache/apisix/pull/2092#issuecomment-692503939
@moonming I created a new PR https://github.com/apache/apisix/pull/2230, with the right git commit log.
welcome to review the new PR.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org