You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by me...@apache.org on 2020/11/20 03:35:59 UTC

[apisix] branch master updated: fix(CLI): add Authorization header while enable etcd auth (#2690)

This is an automated email from the ASF dual-hosted git repository.

membphis pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git


The following commit(s) were added to refs/heads/master by this push:
     new 009cab6  fix(CLI): add Authorization header while enable etcd auth (#2690)
009cab6 is described below

commit 009cab65b553dc301a79239b56cfb9e7f2fb6a3a
Author: jxhecong <jx...@outlook.com>
AuthorDate: Fri Nov 20 11:35:51 2020 +0800

    fix(CLI): add Authorization header while enable etcd auth (#2690)
---
 .travis/apisix_cli_test.sh | 65 ++++++++++++++++++++++++++++++++++++++++++++++
 bin/apisix                 | 22 +++++++++++++++-
 2 files changed, 86 insertions(+), 1 deletion(-)

diff --git a/.travis/apisix_cli_test.sh b/.travis/apisix_cli_test.sh
index 72c513c..f0ee7aa 100755
--- a/.travis/apisix_cli_test.sh
+++ b/.travis/apisix_cli_test.sh
@@ -572,3 +572,68 @@ fi
 make stop
 
 echo "passed: access log with JSON format"
+
+# check etcd while enable auth
+git checkout conf/config.yaml
+
+export ETCDCTL_API=3
+etcdctl version
+etcdctl --endpoints=127.0.0.1:2379 user add "root:apache-api6"
+etcdctl --endpoints=127.0.0.1:2379 role add root
+etcdctl --endpoints=127.0.0.1:2379 user grant-role root root
+etcdctl --endpoints=127.0.0.1:2379 user get root
+etcdctl --endpoints=127.0.0.1:2379 auth enable
+etcdctl --endpoints=127.0.0.1:2379 --user=root:apache-api6 del /apisix --prefix
+
+echo '
+etcd:
+  host:
+    - "http://127.0.0.1:2379"
+  prefix: "/apisix"
+  timeout: 30
+  user: root
+  password: apache-api6
+' > conf/config.yaml
+
+make init
+cmd_res=`etcdctl --endpoints=127.0.0.1:2379 --user=root:apache-api6 get /apisix --prefix`
+etcdctl --endpoints=127.0.0.1:2379 --user=root:apache-api6 auth disable
+etcdctl --endpoints=127.0.0.1:2379 role delete root
+etcdctl --endpoints=127.0.0.1:2379 user delete root
+
+init_kv=(
+/apisix/consumers/
+init_dir
+/apisix/global_rules/
+init_dir
+/apisix/node_status/
+init_dir
+/apisix/plugin_metadata/
+init_dir
+/apisix/plugins/
+init_dir
+/apisix/proto/
+init_dir
+/apisix/routes/
+init_dir
+/apisix/services/
+init_dir
+/apisix/ssl/
+init_dir
+/apisix/stream_routes/
+init_dir
+/apisix/upstreams/
+init_dir
+)
+i=0
+
+for kv in $cmd_res
+do
+    if [ "${init_kv[$i]}" != "$kv" ]; then
+        echo "failed: index=$i, $kv is not equal to ${init_kv[$i]}"
+        exit 1
+    fi
+    let i=$i+1
+done
+
+echo "passed: etcd auth enabled and init kv has been set up correctly"
diff --git a/bin/apisix b/bin/apisix
index e257c6a..d94ab03 100755
--- a/bin/apisix
+++ b/bin/apisix
@@ -607,6 +607,26 @@ local function init_etcd(show_output)
     for index, host in ipairs(yaml_conf.etcd.host) do
         local is_success = true
 
+        local token_head = ""
+        if etcd_conf.user and etcd_conf.password then
+            local uri_auth = host .. "/v3/auth/authenticate"
+            local json_auth = {
+                name =  etcd_conf.user,
+                password = etcd_conf.password
+            }
+            local post_json_auth = dkjson.encode(json_auth)
+            local cmd_auth = "curl -s " .. uri_auth .. " -X POST -d '" .. post_json_auth
+                             .. "' --connect-timeout " .. timeout
+                             .. " --max-time " .. timeout * 2 .. " --retry 1 2>&1"
+
+            local res_auth = util.execute_cmd(cmd_auth)
+            local body_auth, _, err_auth = dkjson.decode(res_auth)
+            if err_auth then
+                error(cmd_auth .. "\n" .. res_auth)
+            end
+            token_head = " -H 'Authorization: " .. body_auth.token .. "'"
+        end
+
         for _, dir_name in ipairs({"/routes", "/upstreams", "/services",
                                    "/plugins", "/consumers", "/node_status",
                                    "/ssl", "/global_rules", "/stream_routes",
@@ -616,7 +636,7 @@ local function init_etcd(show_output)
             local base64_encode = require("base64").encode
             local uri = host .. "/v3/kv/put"
             local post_json = '{"value":"' .. base64_encode("init_dir") ..  '", "key":"' .. base64_encode(key) .. '"}'
-            local cmd = "curl " .. uri .. " -X POST -d '" .. post_json
+            local cmd = "curl " .. uri .. token_head .. " -X POST -d '" .. post_json
                         .. "' --connect-timeout " .. timeout
                         .. " --max-time " .. timeout * 2 .. " --retry 1 2>&1"