You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2021/07/29 13:14:22 UTC
[GitHub] [apisix] zll2 opened a new pull request #4709: feat: 新增支持阿里云 MSE Nacos RAM 认证鉴权方式
zll2 opened a new pull request #4709:
URL: https://github.com/apache/apisix/pull/4709
feat: 新增支持阿里云 MSE Nacos RAM 认证鉴权方式
开源版的 Nacos 自建的话,可以使用 用户名 及 密码进行加强安全验证,也可以不使用,但 阿里云 MSE Nacos 的商业版本在安全认证的方面仅支持 AccessKey & Access Secret 进行 OpenAPI 交互;
详见:[阿里云 MSE Nacos 配置中心鉴权 官方文档](https://help.aliyun.com/document_detail/202281.html)
### What this PR does / why we need it:
<!--- Why is this change required? What problem does it solve? -->
<!--- If it fixes an open issue, please link to the issue here. -->
### Pre-submission checklist:
* [x] Did you explain what problem does this PR solve? Or what new features have been added?
* [ ] Have you added corresponding test cases?
* [ ] Have you modified the corresponding document?
* [x] Is this PR backward compatible? **If it is not backward compatible, please discuss on the [mailing list](https://github.com/apache/apisix/tree/master#community) first**
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] tokers commented on a change in pull request #4709: feat(nacos): support aliyun_ram authorization
Posted by GitBox <gi...@apache.org>.
tokers commented on a change in pull request #4709:
URL: https://github.com/apache/apisix/pull/4709#discussion_r679594552
##########
File path: apisix/discovery/nacos.lua
##########
@@ -92,14 +105,58 @@ local function discovery_nacos_callback(data, event, source, pid)
", application: ", core.json.encode(applications, true))
end
-local function request(request_uri, path, body, method, basic_auth)
+local function get_aliyun_ram_sign_headers(param_values, access_key, secret_key)
+ if not param_values then
+ return {}
+ end
+
+ local namespace_id = param_values['namespace_id']
+ local group_name = param_values['group_name']
+ local time_ngx = ngx.utctime()
+ local time_change = string.gsub(time_ngx, " ", "T")
+ local time_utc = time_change .. 'Z'
+ local headers = {}
+ headers['Spas-AccessKey'] = access_key
+ headers['Timestamp'] = time_utc
Review comment:
```suggestion
local headers = {
['Spas-AccessKey'] = access_key,
['Timestamp'] = time_utc
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander commented on pull request #4709: feat(nacos): support aliyun_ram authorization
Posted by GitBox <gi...@apache.org>.
spacewander commented on pull request #4709:
URL: https://github.com/apache/apisix/pull/4709#issuecomment-889685857
@zll2
What's the relationship between the SPAS stuff and Aliyun ram? I search for it but can't find anything useful...
BTW, how can we test this code work with Aliyun ram?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] moonming commented on pull request #4709: feat(nacos): support aliyun_ram authorization
Posted by GitBox <gi...@apache.org>.
moonming commented on pull request #4709:
URL: https://github.com/apache/apisix/pull/4709#issuecomment-893267275
@zll2 ping
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] github-actions[bot] closed pull request #4709: feat(nacos): support aliyun_ram authorization
Posted by GitBox <gi...@apache.org>.
github-actions[bot] closed pull request #4709:
URL: https://github.com/apache/apisix/pull/4709
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander commented on pull request #4709: feat(nacos): support aliyun_ram authorization
Posted by GitBox <gi...@apache.org>.
spacewander commented on pull request #4709:
URL: https://github.com/apache/apisix/pull/4709#issuecomment-889618347
@zll2
The documentation 阿里云 MSE Nacos 配置中心鉴权 官方文档 doesn't contain the rule to generate the signature?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] moonming commented on pull request #4709: feat(nacos): support aliyun_ram authorization
Posted by GitBox <gi...@apache.org>.
moonming commented on pull request #4709:
URL: https://github.com/apache/apisix/pull/4709#issuecomment-889678104
please use English
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] zll2 commented on pull request #4709: feat(nacos): support aliyun_ram authorization
Posted by GitBox <gi...@apache.org>.
zll2 commented on pull request #4709:
URL: https://github.com/apache/apisix/pull/4709#issuecomment-889620039
> @zll2
> The documentation 阿里云 MSE Nacos 配置中心鉴权 官方文档 doesn't contain the rule to generate the signature?
是的,这也是我们最早使用的时候很痛苦的地方,但我们在 Nacos Java SDK 中找到了相关生成签名的规则。
[详见 Nacos SDK 源码](https://github.com/alibaba/nacos/blob/develop/client/src/main/java/com/alibaba/nacos/client/config/impl/SpasAdapter.java)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] github-actions[bot] commented on pull request #4709: feat(nacos): support aliyun_ram authorization
Posted by GitBox <gi...@apache.org>.
github-actions[bot] commented on pull request #4709:
URL: https://github.com/apache/apisix/pull/4709#issuecomment-939446737
This pull request has been marked as stale due to 60 days of inactivity. It will be closed in 4 weeks if no further activity occurs. If you think that's incorrect or this pull request should instead be reviewed, please simply write any comment. Even if closed, you can still revive the PR at any time or discuss it on the dev@apisix.apache.org list. Thank you for your contributions.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] github-actions[bot] commented on pull request #4709: feat(nacos): support aliyun_ram authorization
Posted by GitBox <gi...@apache.org>.
github-actions[bot] commented on pull request #4709:
URL: https://github.com/apache/apisix/pull/4709#issuecomment-962582629
This pull request/issue has been closed due to lack of activity. If you think that is incorrect, or the pull request requires review, you can revive the PR at any time.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] moonming commented on pull request #4709: feat(nacos): support aliyun_ram authorization
Posted by GitBox <gi...@apache.org>.
moonming commented on pull request #4709:
URL: https://github.com/apache/apisix/pull/4709#issuecomment-893267275
@zll2 ping
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] moonming commented on pull request #4709: feat(nacos): support aliyun_ram authorization
Posted by GitBox <gi...@apache.org>.
moonming commented on pull request #4709:
URL: https://github.com/apache/apisix/pull/4709#issuecomment-890502265
@zll2
Please use English in the public channel, thx
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org