You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2020/08/25 09:02:50 UTC

[GitHub] [apisix] moonming commented on a change in pull request #2092: bug: removed default access token for Admin API.

moonming commented on a change in pull request #2092:
URL: https://github.com/apache/apisix/pull/2092#discussion_r476292239



##########
File path: conf/config.yaml
##########
@@ -21,3 +21,13 @@
 #     host:
 #       - "http://127.0.0.1:2379"
 #
+#
+# If you want specify the Admin API token, this is an example:
+#
+# apisix:
+#     admin_key:
+#         -
+#             name: "admin"
+#             key:  ******    # <-- replace with a random key

Review comment:
       please keep the same style as https://github.com/apache/apisix/pull/2092/files#diff-4c362b2e3d4cc07f3af3b469be2a913cR75

##########
File path: FAQ.md
##########
@@ -80,7 +80,7 @@ An example, `foo.com/product/index.html?id=204&page=2`, gray release based on `i
 
 here is the way:
 ```shell
-curl -i http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+curl -i http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: ******' -X PUT -d '

Review comment:
       what is `******`? users will copy-paste this cmd directly.

##########
File path: t/admin/token.t
##########
@@ -155,7 +164,7 @@ PUT /apisix/admin/plugins/reload
 
 === TEST 6: reload plugins with api key(arguments)
 --- request
-PUT /apisix/admin/plugins/reload?api_key=edd1c9f034335f136f87ad84b625c8f1
+PUT /apisix/admin/plugins/reload?api_key=******

Review comment:
       `******` as the key is unacceptable

##########
File path: t/APISIX.pm
##########
@@ -81,7 +81,11 @@ apisix:
   stream_proxy:
     tcp:
       - 9100
-  admin_key: null
+  admin_key:
+    -
+      name: "admin"
+      key: YOUR_API_KEY

Review comment:
       `YOUR_API_KEY` can not be the key




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org