You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by me...@apache.org on 2020/11/20 03:35:59 UTC
[apisix] branch master updated: fix(CLI): add Authorization header
while enable etcd auth (#2690)
This is an automated email from the ASF dual-hosted git repository.
membphis pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git
The following commit(s) were added to refs/heads/master by this push:
new 009cab6 fix(CLI): add Authorization header while enable etcd auth (#2690)
009cab6 is described below
commit 009cab65b553dc301a79239b56cfb9e7f2fb6a3a
Author: jxhecong <jx...@outlook.com>
AuthorDate: Fri Nov 20 11:35:51 2020 +0800
fix(CLI): add Authorization header while enable etcd auth (#2690)
---
.travis/apisix_cli_test.sh | 65 ++++++++++++++++++++++++++++++++++++++++++++++
bin/apisix | 22 +++++++++++++++-
2 files changed, 86 insertions(+), 1 deletion(-)
diff --git a/.travis/apisix_cli_test.sh b/.travis/apisix_cli_test.sh
index 72c513c..f0ee7aa 100755
--- a/.travis/apisix_cli_test.sh
+++ b/.travis/apisix_cli_test.sh
@@ -572,3 +572,68 @@ fi
make stop
echo "passed: access log with JSON format"
+
+# check etcd while enable auth
+git checkout conf/config.yaml
+
+export ETCDCTL_API=3
+etcdctl version
+etcdctl --endpoints=127.0.0.1:2379 user add "root:apache-api6"
+etcdctl --endpoints=127.0.0.1:2379 role add root
+etcdctl --endpoints=127.0.0.1:2379 user grant-role root root
+etcdctl --endpoints=127.0.0.1:2379 user get root
+etcdctl --endpoints=127.0.0.1:2379 auth enable
+etcdctl --endpoints=127.0.0.1:2379 --user=root:apache-api6 del /apisix --prefix
+
+echo '
+etcd:
+ host:
+ - "http://127.0.0.1:2379"
+ prefix: "/apisix"
+ timeout: 30
+ user: root
+ password: apache-api6
+' > conf/config.yaml
+
+make init
+cmd_res=`etcdctl --endpoints=127.0.0.1:2379 --user=root:apache-api6 get /apisix --prefix`
+etcdctl --endpoints=127.0.0.1:2379 --user=root:apache-api6 auth disable
+etcdctl --endpoints=127.0.0.1:2379 role delete root
+etcdctl --endpoints=127.0.0.1:2379 user delete root
+
+init_kv=(
+/apisix/consumers/
+init_dir
+/apisix/global_rules/
+init_dir
+/apisix/node_status/
+init_dir
+/apisix/plugin_metadata/
+init_dir
+/apisix/plugins/
+init_dir
+/apisix/proto/
+init_dir
+/apisix/routes/
+init_dir
+/apisix/services/
+init_dir
+/apisix/ssl/
+init_dir
+/apisix/stream_routes/
+init_dir
+/apisix/upstreams/
+init_dir
+)
+i=0
+
+for kv in $cmd_res
+do
+ if [ "${init_kv[$i]}" != "$kv" ]; then
+ echo "failed: index=$i, $kv is not equal to ${init_kv[$i]}"
+ exit 1
+ fi
+ let i=$i+1
+done
+
+echo "passed: etcd auth enabled and init kv has been set up correctly"
diff --git a/bin/apisix b/bin/apisix
index e257c6a..d94ab03 100755
--- a/bin/apisix
+++ b/bin/apisix
@@ -607,6 +607,26 @@ local function init_etcd(show_output)
for index, host in ipairs(yaml_conf.etcd.host) do
local is_success = true
+ local token_head = ""
+ if etcd_conf.user and etcd_conf.password then
+ local uri_auth = host .. "/v3/auth/authenticate"
+ local json_auth = {
+ name = etcd_conf.user,
+ password = etcd_conf.password
+ }
+ local post_json_auth = dkjson.encode(json_auth)
+ local cmd_auth = "curl -s " .. uri_auth .. " -X POST -d '" .. post_json_auth
+ .. "' --connect-timeout " .. timeout
+ .. " --max-time " .. timeout * 2 .. " --retry 1 2>&1"
+
+ local res_auth = util.execute_cmd(cmd_auth)
+ local body_auth, _, err_auth = dkjson.decode(res_auth)
+ if err_auth then
+ error(cmd_auth .. "\n" .. res_auth)
+ end
+ token_head = " -H 'Authorization: " .. body_auth.token .. "'"
+ end
+
for _, dir_name in ipairs({"/routes", "/upstreams", "/services",
"/plugins", "/consumers", "/node_status",
"/ssl", "/global_rules", "/stream_routes",
@@ -616,7 +636,7 @@ local function init_etcd(show_output)
local base64_encode = require("base64").encode
local uri = host .. "/v3/kv/put"
local post_json = '{"value":"' .. base64_encode("init_dir") .. '", "key":"' .. base64_encode(key) .. '"}'
- local cmd = "curl " .. uri .. " -X POST -d '" .. post_json
+ local cmd = "curl " .. uri .. token_head .. " -X POST -d '" .. post_json
.. "' --connect-timeout " .. timeout
.. " --max-time " .. timeout * 2 .. " --retry 1 2>&1"