You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/12/29 03:36:44 UTC
[GitHub] [apisix] whioue opened a new issue, #8582: feat: After using the consumer-restriction plugin on the service, the authentication type of the referenced consumer is modified. The system does not add verification
whioue opened a new issue, #8582:
URL: https://github.com/apache/apisix/issues/8582
### Description
1.当我创建了一个consumer 名称为test,并开启了key-auth。
2.创建了router、service、upstream,并在service上开启key-auth、并在consumer-restriction使用consumer_name 类型和whitelist引用了创建的consumer test,在请求头中携带key可正常访问。
3.当我修改consumer test的认证类型为basic-auth,然后请求无论携带什么都提示访问失败
4.认为应该添加校验,当被service或route上的consumer-restriction插件的黑白名单引用的consumer修改认证类型时,系统应该校验,并提示不让修改对应consumer
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander commented on issue #8582: feat: After using the consumer-restriction plugin on the service, the authentication type of the referenced consumer is modified. The system does not add verification
Posted by GitBox <gi...@apache.org>.
spacewander commented on issue #8582:
URL: https://github.com/apache/apisix/issues/8582#issuecomment-1367739357
It is complex to implement in the current situation.
Consider a consumer can have multiple auth plugins (some auth plugins may be inherited from the consumer group), and the consumer-restriction plugin can be used in multiple routes shared by services or plugin config, it is very hard to detect if a modification in the auth plugins of a consumer will affect a particular consumer-restriction.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] whioue commented on issue #8582: feat: After using the consumer-restriction plugin on the service, the authentication type of the referenced consumer is modified. The system does not add verification
Posted by GitBox <gi...@apache.org>.
whioue commented on issue #8582:
URL: https://github.com/apache/apisix/issues/8582#issuecomment-1367741199
> It is complex to implement in the current situation.
>
> Consider a consumer can have multiple auth plugins (some auth plugins may be inherited from the consumer group), and the consumer-restriction plugin can be used in multiple routes shared by services or plugin config, it is very hard to detect if a modification in the auth plugins of a consumer will affect a particular consumer-restriction.
Therefore, this problem exists, but the verification will be cumbersome and difficult
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] feat: After using the consumer-restriction plugin on the service, the authentication type of the referenced consumer is modified. The system does not add verification [apisix]
Posted by "github-actions[bot] (via GitHub)" <gi...@apache.org>.
github-actions[bot] commented on issue #8582:
URL: https://github.com/apache/apisix/issues/8582#issuecomment-1872496598
This issue has been closed due to lack of activity. If you think that is incorrect, or the issue requires additional review, you can revive the issue at any time.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] whioue commented on issue #8582: feat: After using the consumer-restriction plugin on the service, the authentication type of the referenced consumer is modified. The system does not add verification
Posted by GitBox <gi...@apache.org>.
whioue commented on issue #8582:
URL: https://github.com/apache/apisix/issues/8582#issuecomment-1367691663
> @whioue Thanks for your kind advice.
>
> Totally the auth config of `Consumer` should be the same as the `Route` you want to make it sense, so that the auth type should be changed both of the two simultaneously by hand.
>
> The current solution is not able to cascade the configuration of both sides, but it is still acceptable to use.
>
> Of course, an outright ban on modifications on the consumer side is certainly possible. But it also disallows changes to other consumer attributes, such as desc, and so on.
>
> If you have a better idea, you can write a proposal to the community to expand on that. : )
请问为什么 “完全禁止在consumer方面进行修改当然是可能的。但它也不允许更改其他消费者属性,例如 desc 等”。我认为相同认证类型的情况下,应该可以修改consumer的其他属性吧,会有别的影响吗?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] An-DJ commented on issue #8582: feat: After using the consumer-restriction plugin on the service, the authentication type of the referenced consumer is modified. The system does not add verification
Posted by GitBox <gi...@apache.org>.
An-DJ commented on issue #8582:
URL: https://github.com/apache/apisix/issues/8582#issuecomment-1367688763
@whioue Thanks for your kind advice.
Totally the auth config of `Consumer` should be the same as the `Route` you want to make it sense,
so that the auth type should be changed both of the two simultaneously by hand.
The current solution is not able to cascade the configuration of both sides, but it is still acceptable to use.
Of course, an outright ban on modifications on the consumer side is certainly possible. But it also disallows changes to other consumer attributes, such as desc, and so on.
If you have a better idea, you can write a proposal to the community to expand on that. : )
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] An-DJ commented on issue #8582: feat: After using the consumer-restriction plugin on the service, the authentication type of the referenced consumer is modified. The system does not add verification
Posted by GitBox <gi...@apache.org>.
An-DJ commented on issue #8582:
URL: https://github.com/apache/apisix/issues/8582#issuecomment-1367712210
> 请问为什么 “完全禁止在consumer方面进行修改当然是可能的。但它也不允许更改其他消费者属性,例如 desc 等”。我认为相同认证类型的情况下,应该可以修改consumer的其他属性吧,会有别的影响吗?
Yes, ur right. Actually I want to say that the `Consumer` should not be limited by its related `Route`.
That is, if we want the consumer with auth type a1 to consume the routes with auth type a2, we can change its auth type directly rather than create a new one.
IMHO, If the consumer's auth type results in the inability to consume the route the user wants, this should be **a configuration error on the consumer side**.
@spacewander What do you think about this problem?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] feat: After using the consumer-restriction plugin on the service, the authentication type of the referenced consumer is modified. The system does not add verification [apisix]
Posted by "github-actions[bot] (via GitHub)" <gi...@apache.org>.
github-actions[bot] commented on issue #8582:
URL: https://github.com/apache/apisix/issues/8582#issuecomment-1857600609
This issue has been marked as stale due to 350 days of inactivity. It will be closed in 2 weeks if no further activity occurs. If this issue is still relevant, please simply write any comment. Even if closed, you can still revive the issue at any time or discuss it on the dev@apisix.apache.org list. Thank you for your contributions.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Re: [I] feat: After using the consumer-restriction plugin on the service, the authentication type of the referenced consumer is modified. The system does not add verification [apisix]
Posted by "github-actions[bot] (via GitHub)" <gi...@apache.org>.
github-actions[bot] closed issue #8582: feat: After using the consumer-restriction plugin on the service, the authentication type of the referenced consumer is modified. The system does not add verification
URL: https://github.com/apache/apisix/issues/8582
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org