You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2020/09/21 03:37:21 UTC
[GitHub] [apisix] Firstsawyou opened a new pull request #2265: doc: `consumer-restriction` plug-in document changes
Firstsawyou opened a new pull request #2265:
URL: https://github.com/apache/apisix/pull/2265
### What this PR does / why we need it:
<!--- Why is this change required? What problem does it solve? -->
<!--- If it fixes an open issue, please link to the issue here. -->
add document. #2261
### Pre-submission checklist:
* [x] Did you explain what problem does this PR solve? Or what new features have been added?
* [ ] Have you added corresponding test cases?
* [x] Have you modified the corresponding document?
* [x] Is this PR backward compatible?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] membphis commented on a change in pull request #2265: doc: `consumer-restriction` plug-in document changes
Posted by GitBox <gi...@apache.org>.
membphis commented on a change in pull request #2265:
URL: https://github.com/apache/apisix/pull/2265#discussion_r491798612
##########
File path: doc/plugins/consumer-restriction.md
##########
@@ -20,31 +20,40 @@
- [中文](../zh-cn/plugins/consumer-restriction.md)
# Summary
-- [**Name**](#name)
-- [**Attributes**](#attributes)
-- [**How To Enable**](#how-to-enable)
-- [**Test Plugin**](#test-plugin)
-- [**Disable Plugin**](#disable-plugin)
+- [Summary](#summary)
+ - [Name](#name)
+ - [Attributes](#attributes)
+ - [How To Enable `consumer_name`](#how-to-enable-consumer_name)
+ - [Test Plugin](#test-plugin)
+ - [How To Enable `service_id`](#how-to-enable-service_id)
+ - [Route Test](#route-test)
+ - [Route Test](#route-test-1)
+ - [Disable Plugin](#disable-plugin)
## Name
-The `consumer-restriction` can restrict access to a Service or a Route by either
-whitelisting or blacklisting consumers. Support single or multiple consumers.
+The `consumer-restriction` makes corresponding access restrictions based on different objects selected, and supports two restriction types: consumer and service.
+* consumer: Add the `username` of `consumer` to a whitelist or blacklist (supporting single or multiple consumers) to restrict access to services or routes.
Review comment:
move `consumer` and `service` into `Attributes`
##########
File path: doc/zh-cn/plugins/consumer-restriction.md
##########
@@ -85,31 +94,131 @@ curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f13
}'
```
-## 测试插件
+### 测试插件
jack1 访问:
```shell
-$ curl -u jack2019:123456 http://127.0.0.1:9080/index.html
+curl -u jack2019:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 200 OK
...
```
jack2 访问:
```shell
-$ curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
+curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 403 Forbidden
...
-{"message":"You are not allowed"}
+{"message":"The consumer_name is forbidden."}
+```
+
+## 如何启用 service_id
+`service_id`方式需要与授权插件一起配合使用,这里以key-auth授权插件为例。
+
+1、创建两个service
+```shell
Review comment:
markdown style: need one blank line before this line
##########
File path: doc/plugins/consumer-restriction.md
##########
@@ -20,31 +20,40 @@
- [中文](../zh-cn/plugins/consumer-restriction.md)
# Summary
-- [**Name**](#name)
-- [**Attributes**](#attributes)
-- [**How To Enable**](#how-to-enable)
-- [**Test Plugin**](#test-plugin)
-- [**Disable Plugin**](#disable-plugin)
+- [Summary](#summary)
+ - [Name](#name)
+ - [Attributes](#attributes)
+ - [How To Enable `consumer_name`](#how-to-enable-consumer_name)
+ - [Test Plugin](#test-plugin)
+ - [How To Enable `service_id`](#how-to-enable-service_id)
+ - [Route Test](#route-test)
+ - [Route Test](#route-test-1)
+ - [Disable Plugin](#disable-plugin)
## Name
-The `consumer-restriction` can restrict access to a Service or a Route by either
-whitelisting or blacklisting consumers. Support single or multiple consumers.
+The `consumer-restriction` makes corresponding access restrictions based on different objects selected, and supports two restriction types: consumer and service.
+* consumer: Add the `username` of `consumer` to a whitelist or blacklist (supporting single or multiple consumers) to restrict access to services or routes.
Review comment:
In the "Name" section, only a brief description of the information is required.
##########
File path: doc/zh-cn/plugins/consumer-restriction.md
##########
@@ -85,31 +94,131 @@ curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f13
}'
```
-## 测试插件
+### 测试插件
jack1 访问:
```shell
-$ curl -u jack2019:123456 http://127.0.0.1:9080/index.html
+curl -u jack2019:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 200 OK
...
```
jack2 访问:
```shell
-$ curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
+curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 403 Forbidden
...
-{"message":"You are not allowed"}
+{"message":"The consumer_name is forbidden."}
+```
+
+## 如何启用 service_id
+`service_id`方式需要与授权插件一起配合使用,这里以key-auth授权插件为例。
+
+1、创建两个service
+```shell
+curl http://127.0.0.1:9080/apisix/admin/services/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "desc": "new service 001"
+}'
+
+curl http://127.0.0.1:9080/apisix/admin/services/2 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "desc": "new service 002"
+}'
+```
+
+2、在`consumer`上绑定`consumer-restriction`插件(需要与一个授权插件配合才能绑定),并添加`service_id`白名单列表
+```shell
Review comment:
ditto, and please fix same points
##########
File path: doc/zh-cn/plugins/consumer-restriction.md
##########
@@ -20,24 +20,33 @@
- [English](../../plugins/consumer-restriction.md)
# 目录
-- [**名字**](#名字)
-- [**属性**](#属性)
-- [**如何启用**](#如何启用)
-- [**测试插件**](#测试插件)
-- [**禁用插件**](#禁用插件)
+- [目录](#目录)
+ - [名字](#名字)
+ - [属性](#属性)
+ - [如何启用 `consumer_name`](#如何启用-consumer_name)
+ - [测试插件](#测试插件)
+ - [如何启用 service_id](#如何启用-service_id)
+ - [路由测试](#路由测试)
+ - [路由测试](#路由测试-1)
+ - [禁用插件](#禁用插件)
## 名字
-`consumer-restriction` 可以通过以下方式限制对服务或路线的访问,将 consumer 列入白名单或黑名单。 支持单个或多个 consumer。
+`consumer-restriction` 根据选择的不同对象做相应的访问限制,支持consumer和service两种限制类型。
+* consumer:把`consumer`的`username`列入白名单或黑名单(支持单个或多个 consumer)来限制对服务或路线的访问。
Review comment:
please update the Chinese version too.
##########
File path: doc/zh-cn/plugins/consumer-restriction.md
##########
@@ -85,31 +94,131 @@ curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f13
}'
```
-## 测试插件
+### 测试插件
jack1 访问:
```shell
-$ curl -u jack2019:123456 http://127.0.0.1:9080/index.html
+curl -u jack2019:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 200 OK
...
```
jack2 访问:
```shell
-$ curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
+curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 403 Forbidden
...
-{"message":"You are not allowed"}
+{"message":"The consumer_name is forbidden."}
+```
+
+## 如何启用 service_id
Review comment:
need a better title, eg: "How to restrict service ID?"
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] moonming commented on pull request #2265: doc: `consumer-restriction` plug-in document changes
Posted by GitBox <gi...@apache.org>.
moonming commented on pull request #2265:
URL: https://github.com/apache/apisix/pull/2265#issuecomment-696786945
According to the commit msg, I don't know what the problem this pr solves.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] membphis commented on a change in pull request #2265: doc: `consumer-restriction` plug-in document changes
Posted by GitBox <gi...@apache.org>.
membphis commented on a change in pull request #2265:
URL: https://github.com/apache/apisix/pull/2265#discussion_r491798612
##########
File path: doc/plugins/consumer-restriction.md
##########
@@ -20,31 +20,40 @@
- [中文](../zh-cn/plugins/consumer-restriction.md)
# Summary
-- [**Name**](#name)
-- [**Attributes**](#attributes)
-- [**How To Enable**](#how-to-enable)
-- [**Test Plugin**](#test-plugin)
-- [**Disable Plugin**](#disable-plugin)
+- [Summary](#summary)
+ - [Name](#name)
+ - [Attributes](#attributes)
+ - [How To Enable `consumer_name`](#how-to-enable-consumer_name)
+ - [Test Plugin](#test-plugin)
+ - [How To Enable `service_id`](#how-to-enable-service_id)
+ - [Route Test](#route-test)
+ - [Route Test](#route-test-1)
+ - [Disable Plugin](#disable-plugin)
## Name
-The `consumer-restriction` can restrict access to a Service or a Route by either
-whitelisting or blacklisting consumers. Support single or multiple consumers.
+The `consumer-restriction` makes corresponding access restrictions based on different objects selected, and supports two restriction types: consumer and service.
+* consumer: Add the `username` of `consumer` to a whitelist or blacklist (supporting single or multiple consumers) to restrict access to services or routes.
Review comment:
move `consumer` and `service` into `Attributes`
##########
File path: doc/zh-cn/plugins/consumer-restriction.md
##########
@@ -85,31 +94,131 @@ curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f13
}'
```
-## 测试插件
+### 测试插件
jack1 访问:
```shell
-$ curl -u jack2019:123456 http://127.0.0.1:9080/index.html
+curl -u jack2019:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 200 OK
...
```
jack2 访问:
```shell
-$ curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
+curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 403 Forbidden
...
-{"message":"You are not allowed"}
+{"message":"The consumer_name is forbidden."}
+```
+
+## 如何启用 service_id
+`service_id`方式需要与授权插件一起配合使用,这里以key-auth授权插件为例。
+
+1、创建两个service
+```shell
Review comment:
markdown style: need one blank line before this line
##########
File path: doc/plugins/consumer-restriction.md
##########
@@ -20,31 +20,40 @@
- [中文](../zh-cn/plugins/consumer-restriction.md)
# Summary
-- [**Name**](#name)
-- [**Attributes**](#attributes)
-- [**How To Enable**](#how-to-enable)
-- [**Test Plugin**](#test-plugin)
-- [**Disable Plugin**](#disable-plugin)
+- [Summary](#summary)
+ - [Name](#name)
+ - [Attributes](#attributes)
+ - [How To Enable `consumer_name`](#how-to-enable-consumer_name)
+ - [Test Plugin](#test-plugin)
+ - [How To Enable `service_id`](#how-to-enable-service_id)
+ - [Route Test](#route-test)
+ - [Route Test](#route-test-1)
+ - [Disable Plugin](#disable-plugin)
## Name
-The `consumer-restriction` can restrict access to a Service or a Route by either
-whitelisting or blacklisting consumers. Support single or multiple consumers.
+The `consumer-restriction` makes corresponding access restrictions based on different objects selected, and supports two restriction types: consumer and service.
+* consumer: Add the `username` of `consumer` to a whitelist or blacklist (supporting single or multiple consumers) to restrict access to services or routes.
Review comment:
In the "Name" section, only a brief description of the information is required.
##########
File path: doc/zh-cn/plugins/consumer-restriction.md
##########
@@ -85,31 +94,131 @@ curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f13
}'
```
-## 测试插件
+### 测试插件
jack1 访问:
```shell
-$ curl -u jack2019:123456 http://127.0.0.1:9080/index.html
+curl -u jack2019:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 200 OK
...
```
jack2 访问:
```shell
-$ curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
+curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 403 Forbidden
...
-{"message":"You are not allowed"}
+{"message":"The consumer_name is forbidden."}
+```
+
+## 如何启用 service_id
+`service_id`方式需要与授权插件一起配合使用,这里以key-auth授权插件为例。
+
+1、创建两个service
+```shell
+curl http://127.0.0.1:9080/apisix/admin/services/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "desc": "new service 001"
+}'
+
+curl http://127.0.0.1:9080/apisix/admin/services/2 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "desc": "new service 002"
+}'
+```
+
+2、在`consumer`上绑定`consumer-restriction`插件(需要与一个授权插件配合才能绑定),并添加`service_id`白名单列表
+```shell
Review comment:
ditto, and please fix same points
##########
File path: doc/zh-cn/plugins/consumer-restriction.md
##########
@@ -20,24 +20,33 @@
- [English](../../plugins/consumer-restriction.md)
# 目录
-- [**名字**](#名字)
-- [**属性**](#属性)
-- [**如何启用**](#如何启用)
-- [**测试插件**](#测试插件)
-- [**禁用插件**](#禁用插件)
+- [目录](#目录)
+ - [名字](#名字)
+ - [属性](#属性)
+ - [如何启用 `consumer_name`](#如何启用-consumer_name)
+ - [测试插件](#测试插件)
+ - [如何启用 service_id](#如何启用-service_id)
+ - [路由测试](#路由测试)
+ - [路由测试](#路由测试-1)
+ - [禁用插件](#禁用插件)
## 名字
-`consumer-restriction` 可以通过以下方式限制对服务或路线的访问,将 consumer 列入白名单或黑名单。 支持单个或多个 consumer。
+`consumer-restriction` 根据选择的不同对象做相应的访问限制,支持consumer和service两种限制类型。
+* consumer:把`consumer`的`username`列入白名单或黑名单(支持单个或多个 consumer)来限制对服务或路线的访问。
Review comment:
please update the Chinese version too.
##########
File path: doc/zh-cn/plugins/consumer-restriction.md
##########
@@ -85,31 +94,131 @@ curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f13
}'
```
-## 测试插件
+### 测试插件
jack1 访问:
```shell
-$ curl -u jack2019:123456 http://127.0.0.1:9080/index.html
+curl -u jack2019:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 200 OK
...
```
jack2 访问:
```shell
-$ curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
+curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 403 Forbidden
...
-{"message":"You are not allowed"}
+{"message":"The consumer_name is forbidden."}
+```
+
+## 如何启用 service_id
Review comment:
need a better title, eg: "How to restrict service ID?"
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Firstsawyou commented on a change in pull request #2265: doc: `consumer-restriction` plug-in document changes
Posted by GitBox <gi...@apache.org>.
Firstsawyou commented on a change in pull request #2265:
URL: https://github.com/apache/apisix/pull/2265#discussion_r491800660
##########
File path: doc/plugins/consumer-restriction.md
##########
@@ -20,31 +20,40 @@
- [中文](../zh-cn/plugins/consumer-restriction.md)
# Summary
-- [**Name**](#name)
-- [**Attributes**](#attributes)
-- [**How To Enable**](#how-to-enable)
-- [**Test Plugin**](#test-plugin)
-- [**Disable Plugin**](#disable-plugin)
+- [Summary](#summary)
+ - [Name](#name)
+ - [Attributes](#attributes)
+ - [How To Enable `consumer_name`](#how-to-enable-consumer_name)
+ - [Test Plugin](#test-plugin)
+ - [How To Enable `service_id`](#how-to-enable-service_id)
+ - [Route Test](#route-test)
+ - [Route Test](#route-test-1)
+ - [Disable Plugin](#disable-plugin)
## Name
-The `consumer-restriction` can restrict access to a Service or a Route by either
-whitelisting or blacklisting consumers. Support single or multiple consumers.
+The `consumer-restriction` makes corresponding access restrictions based on different objects selected, and supports two restriction types: consumer and service.
+* consumer: Add the `username` of `consumer` to a whitelist or blacklist (supporting single or multiple consumers) to restrict access to services or routes.
Review comment:
ok.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] juzhiyuan merged pull request #2265: docs: add the `consumer-restriction` plugin to support `consumer` to subscribe to the documents of `service`
Posted by GitBox <gi...@apache.org>.
juzhiyuan merged pull request #2265:
URL: https://github.com/apache/apisix/pull/2265
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Firstsawyou commented on a change in pull request #2265: doc: `consumer-restriction` plug-in document changes
Posted by GitBox <gi...@apache.org>.
Firstsawyou commented on a change in pull request #2265:
URL: https://github.com/apache/apisix/pull/2265#discussion_r491800660
##########
File path: doc/plugins/consumer-restriction.md
##########
@@ -20,31 +20,40 @@
- [中文](../zh-cn/plugins/consumer-restriction.md)
# Summary
-- [**Name**](#name)
-- [**Attributes**](#attributes)
-- [**How To Enable**](#how-to-enable)
-- [**Test Plugin**](#test-plugin)
-- [**Disable Plugin**](#disable-plugin)
+- [Summary](#summary)
+ - [Name](#name)
+ - [Attributes](#attributes)
+ - [How To Enable `consumer_name`](#how-to-enable-consumer_name)
+ - [Test Plugin](#test-plugin)
+ - [How To Enable `service_id`](#how-to-enable-service_id)
+ - [Route Test](#route-test)
+ - [Route Test](#route-test-1)
+ - [Disable Plugin](#disable-plugin)
## Name
-The `consumer-restriction` can restrict access to a Service or a Route by either
-whitelisting or blacklisting consumers. Support single or multiple consumers.
+The `consumer-restriction` makes corresponding access restrictions based on different objects selected, and supports two restriction types: consumer and service.
+* consumer: Add the `username` of `consumer` to a whitelist or blacklist (supporting single or multiple consumers) to restrict access to services or routes.
Review comment:
ok.
##########
File path: doc/zh-cn/plugins/consumer-restriction.md
##########
@@ -85,31 +94,131 @@ curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f13
}'
```
-## 测试插件
+### 测试插件
jack1 访问:
```shell
-$ curl -u jack2019:123456 http://127.0.0.1:9080/index.html
+curl -u jack2019:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 200 OK
...
```
jack2 访问:
```shell
-$ curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
+curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 403 Forbidden
...
-{"message":"You are not allowed"}
+{"message":"The consumer_name is forbidden."}
+```
+
+## 如何启用 service_id
Review comment:
ok.
##########
File path: doc/plugins/consumer-restriction.md
##########
@@ -20,31 +20,40 @@
- [中文](../zh-cn/plugins/consumer-restriction.md)
# Summary
-- [**Name**](#name)
-- [**Attributes**](#attributes)
-- [**How To Enable**](#how-to-enable)
-- [**Test Plugin**](#test-plugin)
-- [**Disable Plugin**](#disable-plugin)
+- [Summary](#summary)
+ - [Name](#name)
+ - [Attributes](#attributes)
+ - [How To Enable `consumer_name`](#how-to-enable-consumer_name)
+ - [Test Plugin](#test-plugin)
+ - [How To Enable `service_id`](#how-to-enable-service_id)
+ - [Route Test](#route-test)
+ - [Route Test](#route-test-1)
+ - [Disable Plugin](#disable-plugin)
## Name
-The `consumer-restriction` can restrict access to a Service or a Route by either
-whitelisting or blacklisting consumers. Support single or multiple consumers.
+The `consumer-restriction` makes corresponding access restrictions based on different objects selected, and supports two restriction types: consumer and service.
+* consumer: Add the `username` of `consumer` to a whitelist or blacklist (supporting single or multiple consumers) to restrict access to services or routes.
Review comment:
fixed
##########
File path: doc/zh-cn/plugins/consumer-restriction.md
##########
@@ -20,24 +20,33 @@
- [English](../../plugins/consumer-restriction.md)
# 目录
-- [**名字**](#名字)
-- [**属性**](#属性)
-- [**如何启用**](#如何启用)
-- [**测试插件**](#测试插件)
-- [**禁用插件**](#禁用插件)
+- [目录](#目录)
+ - [名字](#名字)
+ - [属性](#属性)
+ - [如何启用 `consumer_name`](#如何启用-consumer_name)
+ - [测试插件](#测试插件)
+ - [如何启用 service_id](#如何启用-service_id)
+ - [路由测试](#路由测试)
+ - [路由测试](#路由测试-1)
+ - [禁用插件](#禁用插件)
## 名字
-`consumer-restriction` 可以通过以下方式限制对服务或路线的访问,将 consumer 列入白名单或黑名单。 支持单个或多个 consumer。
+`consumer-restriction` 根据选择的不同对象做相应的访问限制,支持consumer和service两种限制类型。
+* consumer:把`consumer`的`username`列入白名单或黑名单(支持单个或多个 consumer)来限制对服务或路线的访问。
Review comment:
finished
##########
File path: doc/zh-cn/plugins/consumer-restriction.md
##########
@@ -85,31 +94,131 @@ curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f13
}'
```
-## 测试插件
+### 测试插件
jack1 访问:
```shell
-$ curl -u jack2019:123456 http://127.0.0.1:9080/index.html
+curl -u jack2019:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 200 OK
...
```
jack2 访问:
```shell
-$ curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
+curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 403 Forbidden
...
-{"message":"You are not allowed"}
+{"message":"The consumer_name is forbidden."}
+```
+
+## 如何启用 service_id
Review comment:
fixed
##########
File path: doc/zh-cn/plugins/consumer-restriction.md
##########
@@ -85,31 +94,131 @@ curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f13
}'
```
-## 测试插件
+### 测试插件
jack1 访问:
```shell
-$ curl -u jack2019:123456 http://127.0.0.1:9080/index.html
+curl -u jack2019:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 200 OK
...
```
jack2 访问:
```shell
-$ curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
+curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 403 Forbidden
...
-{"message":"You are not allowed"}
+{"message":"The consumer_name is forbidden."}
+```
+
+## 如何启用 service_id
+`service_id`方式需要与授权插件一起配合使用,这里以key-auth授权插件为例。
+
+1、创建两个service
+```shell
Review comment:
fixed
##########
File path: doc/zh-cn/plugins/consumer-restriction.md
##########
@@ -85,31 +94,131 @@ curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f13
}'
```
-## 测试插件
+### 测试插件
jack1 访问:
```shell
-$ curl -u jack2019:123456 http://127.0.0.1:9080/index.html
+curl -u jack2019:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 200 OK
...
```
jack2 访问:
```shell
-$ curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
+curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 403 Forbidden
...
-{"message":"You are not allowed"}
+{"message":"The consumer_name is forbidden."}
+```
+
+## 如何启用 service_id
+`service_id`方式需要与授权插件一起配合使用,这里以key-auth授权插件为例。
+
+1、创建两个service
+```shell
+curl http://127.0.0.1:9080/apisix/admin/services/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "desc": "new service 001"
+}'
+
+curl http://127.0.0.1:9080/apisix/admin/services/2 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "desc": "new service 002"
+}'
+```
+
+2、在`consumer`上绑定`consumer-restriction`插件(需要与一个授权插件配合才能绑定),并添加`service_id`白名单列表
+```shell
Review comment:
fixed
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] membphis commented on a change in pull request #2265: doc: `consumer-restriction` plug-in document changes
Posted by GitBox <gi...@apache.org>.
membphis commented on a change in pull request #2265:
URL: https://github.com/apache/apisix/pull/2265#discussion_r494297020
##########
File path: doc/zh-cn/plugins/consumer-restriction.md
##########
@@ -87,31 +93,138 @@ curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f13
}'
```
-## 测试插件
+**测试插件**
jack1 访问:
```shell
-$ curl -u jack2019:123456 http://127.0.0.1:9080/index.html
+curl -u jack2019:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 200 OK
...
```
jack2 访问:
```shell
-$ curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
+curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 403 Forbidden
...
-{"message":"You are not allowed"}
+{"message":"The consumer_name is forbidden."}
+```
+
+### 如何限制 `service_id`
+`service_id`方式需要与授权插件一起配合使用,这里以key-auth授权插件为例。
+
+1、创建两个 service
+
+```shell
+curl http://127.0.0.1:9080/apisix/admin/services/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "desc": "new service 001"
+}'
+
+curl http://127.0.0.1:9080/apisix/admin/services/2 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "desc": "new service 002"
+}'
+```
+
+2、在 `consumer` 上绑定 `consumer-restriction` 插件(需要与一个授权插件配合才能绑定),并添加 `service_id` 白名单列表
+
+```shell
+curl http://127.0.0.1:9080/apisix/admin/consumers -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+ "username": "new_consumer",
+ "plugins": {
+ "key-auth": {
+ "key": "auth-jack"
+ },
+ "consumer-restriction": {
+ "type": "service_id",
+ "whitelist": [
+ "1"
+ ],
+ "rejected_code": 403
+ }
+ }
+}'
+```
+
+3、在 route 上开启 `key-auth` 插件并绑定 `service_id` 为`1`
+
+```shell
+curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+ "uri": "/index.html",
+ "upstream": {
+ "type": "roundrobin",
+ "nodes": {
+ "127.0.0.1:1980": 1
+ }
+ },
+ "service_id": 1,
+ "plugins": {
+ "key-auth": {
+ }
+ }
+}'
+```
+
+**测试插件**
Review comment:
Add a brief description of what is expected.
##########
File path: doc/zh-cn/plugins/consumer-restriction.md
##########
@@ -87,31 +93,138 @@ curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f13
}'
```
-## 测试插件
+**测试插件**
jack1 访问:
```shell
-$ curl -u jack2019:123456 http://127.0.0.1:9080/index.html
+curl -u jack2019:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 200 OK
...
```
jack2 访问:
```shell
-$ curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
+curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 403 Forbidden
...
-{"message":"You are not allowed"}
+{"message":"The consumer_name is forbidden."}
+```
+
+### 如何限制 `service_id`
+`service_id`方式需要与授权插件一起配合使用,这里以key-auth授权插件为例。
+
+1、创建两个 service
+
+```shell
+curl http://127.0.0.1:9080/apisix/admin/services/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "desc": "new service 001"
+}'
+
+curl http://127.0.0.1:9080/apisix/admin/services/2 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "desc": "new service 002"
+}'
+```
+
+2、在 `consumer` 上绑定 `consumer-restriction` 插件(需要与一个授权插件配合才能绑定),并添加 `service_id` 白名单列表
+
+```shell
+curl http://127.0.0.1:9080/apisix/admin/consumers -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+ "username": "new_consumer",
+ "plugins": {
+ "key-auth": {
+ "key": "auth-jack"
+ },
+ "consumer-restriction": {
+ "type": "service_id",
+ "whitelist": [
+ "1"
+ ],
+ "rejected_code": 403
+ }
+ }
+}'
+```
+
+3、在 route 上开启 `key-auth` 插件并绑定 `service_id` 为`1`
+
+```shell
+curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+ "uri": "/index.html",
+ "upstream": {
+ "type": "roundrobin",
+ "nodes": {
+ "127.0.0.1:1980": 1
+ }
+ },
+ "service_id": 1,
+ "plugins": {
+ "key-auth": {
+ }
+ }
+}'
+```
+
+**测试插件**
+
+```shell
+curl http://127.0.0.1:9080/index.html -H 'apikey: auth-jack' -i
+HTTP/1.1 200 OK
+...
+```
+
+4、在 route 上开启 `key-auth` 插件并绑定 `service_id` 为`2`
+
+```shell
+curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+ "uri": "/index.html",
+ "upstream": {
+ "type": "roundrobin",
+ "nodes": {
+ "127.0.0.1:1980": 1
+ }
+ },
+ "service_id": 2,
+ "plugins": {
+ "key-auth": {
+ }
+ }
+}'
+```
+
+**测试插件**
Review comment:
Add a brief description of what is expected.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Firstsawyou commented on a change in pull request #2265: doc: `consumer-restriction` plug-in document changes
Posted by GitBox <gi...@apache.org>.
Firstsawyou commented on a change in pull request #2265:
URL: https://github.com/apache/apisix/pull/2265#discussion_r491804798
##########
File path: doc/zh-cn/plugins/consumer-restriction.md
##########
@@ -20,24 +20,33 @@
- [English](../../plugins/consumer-restriction.md)
# 目录
-- [**名字**](#名字)
-- [**属性**](#属性)
-- [**如何启用**](#如何启用)
-- [**测试插件**](#测试插件)
-- [**禁用插件**](#禁用插件)
+- [目录](#目录)
+ - [名字](#名字)
+ - [属性](#属性)
+ - [如何启用 `consumer_name`](#如何启用-consumer_name)
+ - [测试插件](#测试插件)
+ - [如何启用 service_id](#如何启用-service_id)
+ - [路由测试](#路由测试)
+ - [路由测试](#路由测试-1)
+ - [禁用插件](#禁用插件)
## 名字
-`consumer-restriction` 可以通过以下方式限制对服务或路线的访问,将 consumer 列入白名单或黑名单。 支持单个或多个 consumer。
+`consumer-restriction` 根据选择的不同对象做相应的访问限制,支持consumer和service两种限制类型。
+* consumer:把`consumer`的`username`列入白名单或黑名单(支持单个或多个 consumer)来限制对服务或路线的访问。
Review comment:
finished
##########
File path: doc/zh-cn/plugins/consumer-restriction.md
##########
@@ -85,31 +94,131 @@ curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f13
}'
```
-## 测试插件
+### 测试插件
jack1 访问:
```shell
-$ curl -u jack2019:123456 http://127.0.0.1:9080/index.html
+curl -u jack2019:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 200 OK
...
```
jack2 访问:
```shell
-$ curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
+curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 403 Forbidden
...
-{"message":"You are not allowed"}
+{"message":"The consumer_name is forbidden."}
+```
+
+## 如何启用 service_id
Review comment:
fixed
##########
File path: doc/zh-cn/plugins/consumer-restriction.md
##########
@@ -85,31 +94,131 @@ curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f13
}'
```
-## 测试插件
+### 测试插件
jack1 访问:
```shell
-$ curl -u jack2019:123456 http://127.0.0.1:9080/index.html
+curl -u jack2019:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 200 OK
...
```
jack2 访问:
```shell
-$ curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
+curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 403 Forbidden
...
-{"message":"You are not allowed"}
+{"message":"The consumer_name is forbidden."}
+```
+
+## 如何启用 service_id
+`service_id`方式需要与授权插件一起配合使用,这里以key-auth授权插件为例。
+
+1、创建两个service
+```shell
Review comment:
fixed
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Firstsawyou commented on a change in pull request #2265: doc: `consumer-restriction` plug-in document changes
Posted by GitBox <gi...@apache.org>.
Firstsawyou commented on a change in pull request #2265:
URL: https://github.com/apache/apisix/pull/2265#discussion_r492538914
##########
File path: doc/zh-cn/plugins/consumer-restriction.md
##########
@@ -20,27 +20,36 @@
- [English](../../plugins/consumer-restriction.md)
# 目录
-- [**名字**](#名字)
-- [**属性**](#属性)
-- [**如何启用**](#如何启用)
-- [**测试插件**](#测试插件)
-- [**禁用插件**](#禁用插件)
+- [目录](#目录)
+ - [名字](#名字)
+ - [属性](#属性)
+ - [如何启用 `consumer_name`](#如何启用-consumer_name)
+ - [测试插件](#测试插件)
+ - [如何限制 service ID](#如何限制-service-id)
+ - [路由测试](#路由测试)
+ - [路由测试](#路由测试-1)
+ - [禁用插件](#禁用插件)
## 名字
-`consumer-restriction` 可以通过以下方式限制对服务或路线的访问,将 consumer 列入白名单或黑名单。 支持单个或多个 consumer。
+`consumer-restriction` 根据选择的不同对象做相应的访问限制,支持consumer和service两种限制类型。
Review comment:
fixed
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Firstsawyou commented on pull request #2265: doc: `consumer-restriction` plug-in document changes
Posted by GitBox <gi...@apache.org>.
Firstsawyou commented on pull request #2265:
URL: https://github.com/apache/apisix/pull/2265#issuecomment-696633828
@gxthrj
@membphis Review required.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] juzhiyuan commented on pull request #2265: docs: add the `consumer-restriction` plugin to support `consumer` to subscribe to the documents of `service`
Posted by GitBox <gi...@apache.org>.
juzhiyuan commented on pull request #2265:
URL: https://github.com/apache/apisix/pull/2265#issuecomment-720257666
Let's merge this then.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] membphis commented on pull request #2265: doc: `consumer-restriction` plug-in document changes
Posted by GitBox <gi...@apache.org>.
membphis commented on pull request #2265:
URL: https://github.com/apache/apisix/pull/2265#issuecomment-695905251
@Firstsawyou please take a look at the output of CI:
```
Scan detected 2 error(s) in 2 file(s):
Reading configuration file [.travis/ASF-Release.cfg]...
Scanning files starting at [./]...
Scan detected 2 error(s) in 2 file(s):
[./doc/plugins/consumer-restriction.md]:
193: line has trailing whitespace.
[./doc/zh-cn/plugins/consumer-restriction.md]:
190: line has trailing whitespace.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] moonming commented on a change in pull request #2265: doc: `consumer-restriction` plug-in document changes
Posted by GitBox <gi...@apache.org>.
moonming commented on a change in pull request #2265:
URL: https://github.com/apache/apisix/pull/2265#discussion_r492816513
##########
File path: doc/zh-cn/plugins/consumer-restriction.md
##########
@@ -20,27 +20,36 @@
- [English](../../plugins/consumer-restriction.md)
# 目录
-- [**名字**](#名字)
-- [**属性**](#属性)
-- [**如何启用**](#如何启用)
-- [**测试插件**](#测试插件)
-- [**禁用插件**](#禁用插件)
+- [目录](#目录)
+ - [名字](#名字)
+ - [属性](#属性)
+ - [如何启用 `consumer_name`](#如何启用-consumer_name)
+ - [测试插件](#测试插件)
+ - [如何限制 service ID](#如何限制-service-id)
+ - [路由测试](#路由测试)
+ - [路由测试](#路由测试-1)
+ - [禁用插件](#禁用插件)
## 名字
-`consumer-restriction` 可以通过以下方式限制对服务或路线的访问,将 consumer 列入白名单或黑名单。 支持单个或多个 consumer。
+`consumer-restriction` 根据选择的不同对象做相应的访问限制,支持 consumer name 和 service id 两种限制类型。
## 属性
-* `whitelist`: 可选,加入白名单的consumer
-* `blacklist`: 可选,加入黑名单的consumer
+* consumer name:把 `consumer` 的 `username` 列入白名单或黑名单(支持单个或多个 consumer)来限制对服务或路线的访问。
+* service id:把 `service` 的 `id` 列入白名单或黑名单(支持一个或多个 service)来限制service的访问,需要结合授权插件一起使用。
Review comment:
Why are these two separately listed outside?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Firstsawyou commented on a change in pull request #2265: doc: `consumer-restriction` plug-in document changes
Posted by GitBox <gi...@apache.org>.
Firstsawyou commented on a change in pull request #2265:
URL: https://github.com/apache/apisix/pull/2265#discussion_r492539084
##########
File path: doc/zh-cn/plugins/consumer-restriction.md
##########
@@ -85,31 +94,137 @@ curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f13
}'
```
-## 测试插件
+### 测试插件
jack1 访问:
```shell
-$ curl -u jack2019:123456 http://127.0.0.1:9080/index.html
+curl -u jack2019:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 200 OK
...
```
jack2 访问:
```shell
-$ curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
+curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 403 Forbidden
...
-{"message":"You are not allowed"}
+{"message":"The consumer_name is forbidden."}
+```
+
+## 如何限制 service ID
+`service_id`方式需要与授权插件一起配合使用,这里以key-auth授权插件为例。
+
+1、创建两个service
Review comment:
ditto
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Firstsawyou commented on pull request #2265: doc: `consumer-restriction` plug-in document changes
Posted by GitBox <gi...@apache.org>.
Firstsawyou commented on pull request #2265:
URL: https://github.com/apache/apisix/pull/2265#issuecomment-696469427
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Firstsawyou commented on a change in pull request #2265: doc: add `consumer-restriction` plugin to support `consumer` to subscribe to `service` documents
Posted by GitBox <gi...@apache.org>.
Firstsawyou commented on a change in pull request #2265:
URL: https://github.com/apache/apisix/pull/2265#discussion_r495463276
##########
File path: doc/zh-cn/plugins/consumer-restriction.md
##########
@@ -87,31 +93,138 @@ curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f13
}'
```
-## 测试插件
+**测试插件**
jack1 访问:
```shell
-$ curl -u jack2019:123456 http://127.0.0.1:9080/index.html
+curl -u jack2019:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 200 OK
...
```
jack2 访问:
```shell
-$ curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
+curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 403 Forbidden
...
-{"message":"You are not allowed"}
+{"message":"The consumer_name is forbidden."}
+```
+
+### 如何限制 `service_id`
+`service_id`方式需要与授权插件一起配合使用,这里以key-auth授权插件为例。
+
+1、创建两个 service
+
+```shell
+curl http://127.0.0.1:9080/apisix/admin/services/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "desc": "new service 001"
+}'
+
+curl http://127.0.0.1:9080/apisix/admin/services/2 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "desc": "new service 002"
+}'
+```
+
+2、在 `consumer` 上绑定 `consumer-restriction` 插件(需要与一个授权插件配合才能绑定),并添加 `service_id` 白名单列表
+
+```shell
+curl http://127.0.0.1:9080/apisix/admin/consumers -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+ "username": "new_consumer",
+ "plugins": {
+ "key-auth": {
+ "key": "auth-jack"
+ },
+ "consumer-restriction": {
+ "type": "service_id",
+ "whitelist": [
+ "1"
+ ],
+ "rejected_code": 403
+ }
+ }
+}'
+```
+
+3、在 route 上开启 `key-auth` 插件并绑定 `service_id` 为`1`
+
+```shell
+curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+ "uri": "/index.html",
+ "upstream": {
+ "type": "roundrobin",
+ "nodes": {
+ "127.0.0.1:1980": 1
+ }
+ },
+ "service_id": 1,
+ "plugins": {
+ "key-auth": {
+ }
+ }
+}'
+```
+
+**测试插件**
Review comment:
fixed.
##########
File path: doc/zh-cn/plugins/consumer-restriction.md
##########
@@ -87,31 +93,138 @@ curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f13
}'
```
-## 测试插件
+**测试插件**
jack1 访问:
```shell
-$ curl -u jack2019:123456 http://127.0.0.1:9080/index.html
+curl -u jack2019:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 200 OK
...
```
jack2 访问:
```shell
-$ curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
+curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 403 Forbidden
...
-{"message":"You are not allowed"}
+{"message":"The consumer_name is forbidden."}
+```
+
+### 如何限制 `service_id`
+`service_id`方式需要与授权插件一起配合使用,这里以key-auth授权插件为例。
+
+1、创建两个 service
+
+```shell
+curl http://127.0.0.1:9080/apisix/admin/services/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "desc": "new service 001"
+}'
+
+curl http://127.0.0.1:9080/apisix/admin/services/2 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "desc": "new service 002"
+}'
+```
+
+2、在 `consumer` 上绑定 `consumer-restriction` 插件(需要与一个授权插件配合才能绑定),并添加 `service_id` 白名单列表
+
+```shell
+curl http://127.0.0.1:9080/apisix/admin/consumers -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+ "username": "new_consumer",
+ "plugins": {
+ "key-auth": {
+ "key": "auth-jack"
+ },
+ "consumer-restriction": {
+ "type": "service_id",
+ "whitelist": [
+ "1"
+ ],
+ "rejected_code": 403
+ }
+ }
+}'
+```
+
+3、在 route 上开启 `key-auth` 插件并绑定 `service_id` 为`1`
+
+```shell
+curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+ "uri": "/index.html",
+ "upstream": {
+ "type": "roundrobin",
+ "nodes": {
+ "127.0.0.1:1980": 1
+ }
+ },
+ "service_id": 1,
+ "plugins": {
+ "key-auth": {
+ }
+ }
+}'
+```
+
+**测试插件**
+
+```shell
+curl http://127.0.0.1:9080/index.html -H 'apikey: auth-jack' -i
+HTTP/1.1 200 OK
+...
+```
+
+4、在 route 上开启 `key-auth` 插件并绑定 `service_id` 为`2`
+
+```shell
+curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+ "uri": "/index.html",
+ "upstream": {
+ "type": "roundrobin",
+ "nodes": {
+ "127.0.0.1:1980": 1
+ }
+ },
+ "service_id": 2,
+ "plugins": {
+ "key-auth": {
+ }
+ }
+}'
+```
+
+**测试插件**
Review comment:
fixed.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] moonming commented on a change in pull request #2265: doc: `consumer-restriction` plug-in document changes
Posted by GitBox <gi...@apache.org>.
moonming commented on a change in pull request #2265:
URL: https://github.com/apache/apisix/pull/2265#discussion_r492816513
##########
File path: doc/zh-cn/plugins/consumer-restriction.md
##########
@@ -20,27 +20,36 @@
- [English](../../plugins/consumer-restriction.md)
# 目录
-- [**名字**](#名字)
-- [**属性**](#属性)
-- [**如何启用**](#如何启用)
-- [**测试插件**](#测试插件)
-- [**禁用插件**](#禁用插件)
+- [目录](#目录)
+ - [名字](#名字)
+ - [属性](#属性)
+ - [如何启用 `consumer_name`](#如何启用-consumer_name)
+ - [测试插件](#测试插件)
+ - [如何限制 service ID](#如何限制-service-id)
+ - [路由测试](#路由测试)
+ - [路由测试](#路由测试-1)
+ - [禁用插件](#禁用插件)
## 名字
-`consumer-restriction` 可以通过以下方式限制对服务或路线的访问,将 consumer 列入白名单或黑名单。 支持单个或多个 consumer。
+`consumer-restriction` 根据选择的不同对象做相应的访问限制,支持 consumer name 和 service id 两种限制类型。
## 属性
-* `whitelist`: 可选,加入白名单的consumer
-* `blacklist`: 可选,加入黑名单的consumer
+* consumer name:把 `consumer` 的 `username` 列入白名单或黑名单(支持单个或多个 consumer)来限制对服务或路线的访问。
+* service id:把 `service` 的 `id` 列入白名单或黑名单(支持一个或多个 service)来限制service的访问,需要结合授权插件一起使用。
Review comment:
Why are these two separately listed outside?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Firstsawyou commented on a change in pull request #2265: doc: `consumer-restriction` plug-in document changes
Posted by GitBox <gi...@apache.org>.
Firstsawyou commented on a change in pull request #2265:
URL: https://github.com/apache/apisix/pull/2265#discussion_r492538624
##########
File path: doc/plugins/consumer-restriction.md
##########
@@ -20,31 +20,38 @@
- [中文](../zh-cn/plugins/consumer-restriction.md)
# Summary
-- [**Name**](#name)
-- [**Attributes**](#attributes)
-- [**How To Enable**](#how-to-enable)
-- [**Test Plugin**](#test-plugin)
-- [**Disable Plugin**](#disable-plugin)
+- [Summary](#summary)
+ - [Name](#name)
+ - [Attributes](#attributes)
+ - [How to enable `consumer_name`](#how-to-enable-consumer_name)
+ - [Test Plugin](#test-plugin)
+ - [How to restrict service ID](#how-to-restrict-service-id)
+ - [Route Test](#route-test)
+ - [Route Test](#route-test-1)
+ - [Disable Plugin](#disable-plugin)
## Name
-The `consumer-restriction` can restrict access to a Service or a Route by either
-whitelisting or blacklisting consumers. Support single or multiple consumers.
+The `consumer-restriction` makes corresponding access restrictions based on different objects selected, and supports two restriction types: consumer and service.
Review comment:
fixed
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] membphis commented on a change in pull request #2265: doc: `consumer-restriction` plug-in document changes
Posted by GitBox <gi...@apache.org>.
membphis commented on a change in pull request #2265:
URL: https://github.com/apache/apisix/pull/2265#discussion_r494297020
##########
File path: doc/zh-cn/plugins/consumer-restriction.md
##########
@@ -87,31 +93,138 @@ curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f13
}'
```
-## 测试插件
+**测试插件**
jack1 访问:
```shell
-$ curl -u jack2019:123456 http://127.0.0.1:9080/index.html
+curl -u jack2019:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 200 OK
...
```
jack2 访问:
```shell
-$ curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
+curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 403 Forbidden
...
-{"message":"You are not allowed"}
+{"message":"The consumer_name is forbidden."}
+```
+
+### 如何限制 `service_id`
+`service_id`方式需要与授权插件一起配合使用,这里以key-auth授权插件为例。
+
+1、创建两个 service
+
+```shell
+curl http://127.0.0.1:9080/apisix/admin/services/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "desc": "new service 001"
+}'
+
+curl http://127.0.0.1:9080/apisix/admin/services/2 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "desc": "new service 002"
+}'
+```
+
+2、在 `consumer` 上绑定 `consumer-restriction` 插件(需要与一个授权插件配合才能绑定),并添加 `service_id` 白名单列表
+
+```shell
+curl http://127.0.0.1:9080/apisix/admin/consumers -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+ "username": "new_consumer",
+ "plugins": {
+ "key-auth": {
+ "key": "auth-jack"
+ },
+ "consumer-restriction": {
+ "type": "service_id",
+ "whitelist": [
+ "1"
+ ],
+ "rejected_code": 403
+ }
+ }
+}'
+```
+
+3、在 route 上开启 `key-auth` 插件并绑定 `service_id` 为`1`
+
+```shell
+curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+ "uri": "/index.html",
+ "upstream": {
+ "type": "roundrobin",
+ "nodes": {
+ "127.0.0.1:1980": 1
+ }
+ },
+ "service_id": 1,
+ "plugins": {
+ "key-auth": {
+ }
+ }
+}'
+```
+
+**测试插件**
Review comment:
Add a brief description of what is expected.
##########
File path: doc/zh-cn/plugins/consumer-restriction.md
##########
@@ -87,31 +93,138 @@ curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f13
}'
```
-## 测试插件
+**测试插件**
jack1 访问:
```shell
-$ curl -u jack2019:123456 http://127.0.0.1:9080/index.html
+curl -u jack2019:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 200 OK
...
```
jack2 访问:
```shell
-$ curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
+curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 403 Forbidden
...
-{"message":"You are not allowed"}
+{"message":"The consumer_name is forbidden."}
+```
+
+### 如何限制 `service_id`
+`service_id`方式需要与授权插件一起配合使用,这里以key-auth授权插件为例。
+
+1、创建两个 service
+
+```shell
+curl http://127.0.0.1:9080/apisix/admin/services/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "desc": "new service 001"
+}'
+
+curl http://127.0.0.1:9080/apisix/admin/services/2 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "desc": "new service 002"
+}'
+```
+
+2、在 `consumer` 上绑定 `consumer-restriction` 插件(需要与一个授权插件配合才能绑定),并添加 `service_id` 白名单列表
+
+```shell
+curl http://127.0.0.1:9080/apisix/admin/consumers -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+ "username": "new_consumer",
+ "plugins": {
+ "key-auth": {
+ "key": "auth-jack"
+ },
+ "consumer-restriction": {
+ "type": "service_id",
+ "whitelist": [
+ "1"
+ ],
+ "rejected_code": 403
+ }
+ }
+}'
+```
+
+3、在 route 上开启 `key-auth` 插件并绑定 `service_id` 为`1`
+
+```shell
+curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+ "uri": "/index.html",
+ "upstream": {
+ "type": "roundrobin",
+ "nodes": {
+ "127.0.0.1:1980": 1
+ }
+ },
+ "service_id": 1,
+ "plugins": {
+ "key-auth": {
+ }
+ }
+}'
+```
+
+**测试插件**
+
+```shell
+curl http://127.0.0.1:9080/index.html -H 'apikey: auth-jack' -i
+HTTP/1.1 200 OK
+...
+```
+
+4、在 route 上开启 `key-auth` 插件并绑定 `service_id` 为`2`
+
+```shell
+curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+ "uri": "/index.html",
+ "upstream": {
+ "type": "roundrobin",
+ "nodes": {
+ "127.0.0.1:1980": 1
+ }
+ },
+ "service_id": 2,
+ "plugins": {
+ "key-auth": {
+ }
+ }
+}'
+```
+
+**测试插件**
Review comment:
Add a brief description of what is expected.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Firstsawyou commented on pull request #2265: doc: add `consumer-restriction` plugin to support `consumer` to subscribe to `service` documents
Posted by GitBox <gi...@apache.org>.
Firstsawyou commented on pull request #2265:
URL: https://github.com/apache/apisix/pull/2265#issuecomment-699505686
> According to the commit msg, I don't know what the problem this pr solves.
"msg" has been modified.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Firstsawyou commented on pull request #2265: doc: `consumer-restriction` plug-in document changes
Posted by GitBox <gi...@apache.org>.
Firstsawyou commented on pull request #2265:
URL: https://github.com/apache/apisix/pull/2265#issuecomment-695905640
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Firstsawyou commented on a change in pull request #2265: doc: `consumer-restriction` plug-in document changes
Posted by GitBox <gi...@apache.org>.
Firstsawyou commented on a change in pull request #2265:
URL: https://github.com/apache/apisix/pull/2265#discussion_r491804553
##########
File path: doc/plugins/consumer-restriction.md
##########
@@ -20,31 +20,40 @@
- [中文](../zh-cn/plugins/consumer-restriction.md)
# Summary
-- [**Name**](#name)
-- [**Attributes**](#attributes)
-- [**How To Enable**](#how-to-enable)
-- [**Test Plugin**](#test-plugin)
-- [**Disable Plugin**](#disable-plugin)
+- [Summary](#summary)
+ - [Name](#name)
+ - [Attributes](#attributes)
+ - [How To Enable `consumer_name`](#how-to-enable-consumer_name)
+ - [Test Plugin](#test-plugin)
+ - [How To Enable `service_id`](#how-to-enable-service_id)
+ - [Route Test](#route-test)
+ - [Route Test](#route-test-1)
+ - [Disable Plugin](#disable-plugin)
## Name
-The `consumer-restriction` can restrict access to a Service or a Route by either
-whitelisting or blacklisting consumers. Support single or multiple consumers.
+The `consumer-restriction` makes corresponding access restrictions based on different objects selected, and supports two restriction types: consumer and service.
+* consumer: Add the `username` of `consumer` to a whitelist or blacklist (supporting single or multiple consumers) to restrict access to services or routes.
Review comment:
fixed
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Firstsawyou commented on pull request #2265: doc: `consumer-restriction` plug-in document changes
Posted by GitBox <gi...@apache.org>.
Firstsawyou commented on pull request #2265:
URL: https://github.com/apache/apisix/pull/2265#issuecomment-695912936
> > @Firstsawyou please take a look at the output of CI:
> > ```
> > Scan detected 2 error(s) in 2 file(s):
> > Reading configuration file [.travis/ASF-Release.cfg]...
> > Scanning files starting at [./]...
> > Scan detected 2 error(s) in 2 file(s):
> > [./doc/plugins/consumer-restriction.md]:
> > 193: line has trailing whitespace.
> > [./doc/zh-cn/plugins/consumer-restriction.md]:
> > 190: line has trailing whitespace.
> > ```
>
> ok.
fixed.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Firstsawyou commented on pull request #2265: doc: `consumer-restriction` plug-in document changes
Posted by GitBox <gi...@apache.org>.
Firstsawyou commented on pull request #2265:
URL: https://github.com/apache/apisix/pull/2265#issuecomment-695905640
> @Firstsawyou please take a look at the output of CI:
>
> ```
> Scan detected 2 error(s) in 2 file(s):
> Reading configuration file [.travis/ASF-Release.cfg]...
> Scanning files starting at [./]...
> Scan detected 2 error(s) in 2 file(s):
> [./doc/plugins/consumer-restriction.md]:
> 193: line has trailing whitespace.
> [./doc/zh-cn/plugins/consumer-restriction.md]:
> 190: line has trailing whitespace.
> ```
ok.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] membphis commented on a change in pull request #2265: doc: `consumer-restriction` plug-in document changes
Posted by GitBox <gi...@apache.org>.
membphis commented on a change in pull request #2265:
URL: https://github.com/apache/apisix/pull/2265#discussion_r492527705
##########
File path: doc/plugins/consumer-restriction.md
##########
@@ -20,31 +20,38 @@
- [中文](../zh-cn/plugins/consumer-restriction.md)
# Summary
-- [**Name**](#name)
-- [**Attributes**](#attributes)
-- [**How To Enable**](#how-to-enable)
-- [**Test Plugin**](#test-plugin)
-- [**Disable Plugin**](#disable-plugin)
+- [Summary](#summary)
+ - [Name](#name)
+ - [Attributes](#attributes)
+ - [How to enable `consumer_name`](#how-to-enable-consumer_name)
+ - [Test Plugin](#test-plugin)
+ - [How to restrict service ID](#how-to-restrict-service-id)
+ - [Route Test](#route-test)
+ - [Route Test](#route-test-1)
+ - [Disable Plugin](#disable-plugin)
## Name
-The `consumer-restriction` can restrict access to a Service or a Route by either
-whitelisting or blacklisting consumers. Support single or multiple consumers.
+The `consumer-restriction` makes corresponding access restrictions based on different objects selected, and supports two restriction types: consumer and service.
Review comment:
`consumer` -> `consumer name`
`service` -> `service id`
##########
File path: doc/zh-cn/plugins/consumer-restriction.md
##########
@@ -20,27 +20,36 @@
- [English](../../plugins/consumer-restriction.md)
# 目录
-- [**名字**](#名字)
-- [**属性**](#属性)
-- [**如何启用**](#如何启用)
-- [**测试插件**](#测试插件)
-- [**禁用插件**](#禁用插件)
+- [目录](#目录)
+ - [名字](#名字)
+ - [属性](#属性)
+ - [如何启用 `consumer_name`](#如何启用-consumer_name)
+ - [测试插件](#测试插件)
+ - [如何限制 service ID](#如何限制-service-id)
+ - [路由测试](#路由测试)
+ - [路由测试](#路由测试-1)
+ - [禁用插件](#禁用插件)
## 名字
-`consumer-restriction` 可以通过以下方式限制对服务或路线的访问,将 consumer 列入白名单或黑名单。 支持单个或多个 consumer。
+`consumer-restriction` 根据选择的不同对象做相应的访问限制,支持consumer和service两种限制类型。
Review comment:
ditto
##########
File path: doc/zh-cn/plugins/consumer-restriction.md
##########
@@ -85,31 +94,137 @@ curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f13
}'
```
-## 测试插件
+### 测试插件
jack1 访问:
```shell
-$ curl -u jack2019:123456 http://127.0.0.1:9080/index.html
+curl -u jack2019:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 200 OK
...
```
jack2 访问:
```shell
-$ curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
+curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 403 Forbidden
...
-{"message":"You are not allowed"}
+{"message":"The consumer_name is forbidden."}
+```
+
+## 如何限制 service ID
+`service_id`方式需要与授权插件一起配合使用,这里以key-auth授权插件为例。
+
+1、创建两个service
Review comment:
need one space between Chinese and English
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Firstsawyou commented on a change in pull request #2265: doc: `consumer-restriction` plug-in document changes
Posted by GitBox <gi...@apache.org>.
Firstsawyou commented on a change in pull request #2265:
URL: https://github.com/apache/apisix/pull/2265#discussion_r491805004
##########
File path: doc/zh-cn/plugins/consumer-restriction.md
##########
@@ -85,31 +94,131 @@ curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f13
}'
```
-## 测试插件
+### 测试插件
jack1 访问:
```shell
-$ curl -u jack2019:123456 http://127.0.0.1:9080/index.html
+curl -u jack2019:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 200 OK
...
```
jack2 访问:
```shell
-$ curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
+curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 403 Forbidden
...
-{"message":"You are not allowed"}
+{"message":"The consumer_name is forbidden."}
+```
+
+## 如何启用 service_id
+`service_id`方式需要与授权插件一起配合使用,这里以key-auth授权插件为例。
+
+1、创建两个service
+```shell
+curl http://127.0.0.1:9080/apisix/admin/services/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "desc": "new service 001"
+}'
+
+curl http://127.0.0.1:9080/apisix/admin/services/2 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "desc": "new service 002"
+}'
+```
+
+2、在`consumer`上绑定`consumer-restriction`插件(需要与一个授权插件配合才能绑定),并添加`service_id`白名单列表
+```shell
Review comment:
fixed
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] membphis commented on a change in pull request #2265: doc: `consumer-restriction` plug-in document changes
Posted by GitBox <gi...@apache.org>.
membphis commented on a change in pull request #2265:
URL: https://github.com/apache/apisix/pull/2265#discussion_r492527705
##########
File path: doc/plugins/consumer-restriction.md
##########
@@ -20,31 +20,38 @@
- [中文](../zh-cn/plugins/consumer-restriction.md)
# Summary
-- [**Name**](#name)
-- [**Attributes**](#attributes)
-- [**How To Enable**](#how-to-enable)
-- [**Test Plugin**](#test-plugin)
-- [**Disable Plugin**](#disable-plugin)
+- [Summary](#summary)
+ - [Name](#name)
+ - [Attributes](#attributes)
+ - [How to enable `consumer_name`](#how-to-enable-consumer_name)
+ - [Test Plugin](#test-plugin)
+ - [How to restrict service ID](#how-to-restrict-service-id)
+ - [Route Test](#route-test)
+ - [Route Test](#route-test-1)
+ - [Disable Plugin](#disable-plugin)
## Name
-The `consumer-restriction` can restrict access to a Service or a Route by either
-whitelisting or blacklisting consumers. Support single or multiple consumers.
+The `consumer-restriction` makes corresponding access restrictions based on different objects selected, and supports two restriction types: consumer and service.
Review comment:
`consumer` -> `consumer name`
`service` -> `service id`
##########
File path: doc/zh-cn/plugins/consumer-restriction.md
##########
@@ -20,27 +20,36 @@
- [English](../../plugins/consumer-restriction.md)
# 目录
-- [**名字**](#名字)
-- [**属性**](#属性)
-- [**如何启用**](#如何启用)
-- [**测试插件**](#测试插件)
-- [**禁用插件**](#禁用插件)
+- [目录](#目录)
+ - [名字](#名字)
+ - [属性](#属性)
+ - [如何启用 `consumer_name`](#如何启用-consumer_name)
+ - [测试插件](#测试插件)
+ - [如何限制 service ID](#如何限制-service-id)
+ - [路由测试](#路由测试)
+ - [路由测试](#路由测试-1)
+ - [禁用插件](#禁用插件)
## 名字
-`consumer-restriction` 可以通过以下方式限制对服务或路线的访问,将 consumer 列入白名单或黑名单。 支持单个或多个 consumer。
+`consumer-restriction` 根据选择的不同对象做相应的访问限制,支持consumer和service两种限制类型。
Review comment:
ditto
##########
File path: doc/zh-cn/plugins/consumer-restriction.md
##########
@@ -85,31 +94,137 @@ curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f13
}'
```
-## 测试插件
+### 测试插件
jack1 访问:
```shell
-$ curl -u jack2019:123456 http://127.0.0.1:9080/index.html
+curl -u jack2019:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 200 OK
...
```
jack2 访问:
```shell
-$ curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
+curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 403 Forbidden
...
-{"message":"You are not allowed"}
+{"message":"The consumer_name is forbidden."}
+```
+
+## 如何限制 service ID
+`service_id`方式需要与授权插件一起配合使用,这里以key-auth授权插件为例。
+
+1、创建两个service
Review comment:
need one space between Chinese and English
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Firstsawyou commented on pull request #2265: doc: `consumer-restriction` plug-in document changes
Posted by GitBox <gi...@apache.org>.
Firstsawyou commented on pull request #2265:
URL: https://github.com/apache/apisix/pull/2265#issuecomment-696469427
@gxthrj Review required.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] moonming commented on pull request #2265: doc: `consumer-restriction` plug-in document changes
Posted by GitBox <gi...@apache.org>.
moonming commented on pull request #2265:
URL: https://github.com/apache/apisix/pull/2265#issuecomment-696786945
According to the commit msg, I don't know what the problem this pr solves.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Firstsawyou commented on a change in pull request #2265: doc: `consumer-restriction` plug-in document changes
Posted by GitBox <gi...@apache.org>.
Firstsawyou commented on a change in pull request #2265:
URL: https://github.com/apache/apisix/pull/2265#discussion_r491801684
##########
File path: doc/zh-cn/plugins/consumer-restriction.md
##########
@@ -85,31 +94,131 @@ curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f13
}'
```
-## 测试插件
+### 测试插件
jack1 访问:
```shell
-$ curl -u jack2019:123456 http://127.0.0.1:9080/index.html
+curl -u jack2019:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 200 OK
...
```
jack2 访问:
```shell
-$ curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
+curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 403 Forbidden
...
-{"message":"You are not allowed"}
+{"message":"The consumer_name is forbidden."}
+```
+
+## 如何启用 service_id
Review comment:
ok.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] membphis commented on pull request #2265: doc: `consumer-restriction` plug-in document changes
Posted by GitBox <gi...@apache.org>.
membphis commented on pull request #2265:
URL: https://github.com/apache/apisix/pull/2265#issuecomment-695905251
@Firstsawyou please take a look at the output of CI:
```
Scan detected 2 error(s) in 2 file(s):
Reading configuration file [.travis/ASF-Release.cfg]...
Scanning files starting at [./]...
Scan detected 2 error(s) in 2 file(s):
[./doc/plugins/consumer-restriction.md]:
193: line has trailing whitespace.
[./doc/zh-cn/plugins/consumer-restriction.md]:
190: line has trailing whitespace.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Firstsawyou commented on a change in pull request #2265: doc: `consumer-restriction` plug-in document changes
Posted by GitBox <gi...@apache.org>.
Firstsawyou commented on a change in pull request #2265:
URL: https://github.com/apache/apisix/pull/2265#discussion_r492538624
##########
File path: doc/plugins/consumer-restriction.md
##########
@@ -20,31 +20,38 @@
- [中文](../zh-cn/plugins/consumer-restriction.md)
# Summary
-- [**Name**](#name)
-- [**Attributes**](#attributes)
-- [**How To Enable**](#how-to-enable)
-- [**Test Plugin**](#test-plugin)
-- [**Disable Plugin**](#disable-plugin)
+- [Summary](#summary)
+ - [Name](#name)
+ - [Attributes](#attributes)
+ - [How to enable `consumer_name`](#how-to-enable-consumer_name)
+ - [Test Plugin](#test-plugin)
+ - [How to restrict service ID](#how-to-restrict-service-id)
+ - [Route Test](#route-test)
+ - [Route Test](#route-test-1)
+ - [Disable Plugin](#disable-plugin)
## Name
-The `consumer-restriction` can restrict access to a Service or a Route by either
-whitelisting or blacklisting consumers. Support single or multiple consumers.
+The `consumer-restriction` makes corresponding access restrictions based on different objects selected, and supports two restriction types: consumer and service.
Review comment:
fixed
##########
File path: doc/zh-cn/plugins/consumer-restriction.md
##########
@@ -20,27 +20,36 @@
- [English](../../plugins/consumer-restriction.md)
# 目录
-- [**名字**](#名字)
-- [**属性**](#属性)
-- [**如何启用**](#如何启用)
-- [**测试插件**](#测试插件)
-- [**禁用插件**](#禁用插件)
+- [目录](#目录)
+ - [名字](#名字)
+ - [属性](#属性)
+ - [如何启用 `consumer_name`](#如何启用-consumer_name)
+ - [测试插件](#测试插件)
+ - [如何限制 service ID](#如何限制-service-id)
+ - [路由测试](#路由测试)
+ - [路由测试](#路由测试-1)
+ - [禁用插件](#禁用插件)
## 名字
-`consumer-restriction` 可以通过以下方式限制对服务或路线的访问,将 consumer 列入白名单或黑名单。 支持单个或多个 consumer。
+`consumer-restriction` 根据选择的不同对象做相应的访问限制,支持consumer和service两种限制类型。
Review comment:
fixed
##########
File path: doc/zh-cn/plugins/consumer-restriction.md
##########
@@ -85,31 +94,137 @@ curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f13
}'
```
-## 测试插件
+### 测试插件
jack1 访问:
```shell
-$ curl -u jack2019:123456 http://127.0.0.1:9080/index.html
+curl -u jack2019:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 200 OK
...
```
jack2 访问:
```shell
-$ curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
+curl -u jack2020:123456 http://127.0.0.1:9080/index.html -i
HTTP/1.1 403 Forbidden
...
-{"message":"You are not allowed"}
+{"message":"The consumer_name is forbidden."}
+```
+
+## 如何限制 service ID
+`service_id`方式需要与授权插件一起配合使用,这里以key-auth授权插件为例。
+
+1、创建两个service
Review comment:
ditto
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Firstsawyou commented on a change in pull request #2265: doc: `consumer-restriction` plug-in document changes
Posted by GitBox <gi...@apache.org>.
Firstsawyou commented on a change in pull request #2265:
URL: https://github.com/apache/apisix/pull/2265#discussion_r493245920
##########
File path: doc/zh-cn/plugins/consumer-restriction.md
##########
@@ -20,27 +20,36 @@
- [English](../../plugins/consumer-restriction.md)
# 目录
-- [**名字**](#名字)
-- [**属性**](#属性)
-- [**如何启用**](#如何启用)
-- [**测试插件**](#测试插件)
-- [**禁用插件**](#禁用插件)
+- [目录](#目录)
+ - [名字](#名字)
+ - [属性](#属性)
+ - [如何启用 `consumer_name`](#如何启用-consumer_name)
+ - [测试插件](#测试插件)
+ - [如何限制 service ID](#如何限制-service-id)
+ - [路由测试](#路由测试)
+ - [路由测试](#路由测试-1)
+ - [禁用插件](#禁用插件)
## 名字
-`consumer-restriction` 可以通过以下方式限制对服务或路线的访问,将 consumer 列入白名单或黑名单。 支持单个或多个 consumer。
+`consumer-restriction` 根据选择的不同对象做相应的访问限制,支持 consumer name 和 service id 两种限制类型。
## 属性
-* `whitelist`: 可选,加入白名单的consumer
-* `blacklist`: 可选,加入黑名单的consumer
+* consumer name:把 `consumer` 的 `username` 列入白名单或黑名单(支持单个或多个 consumer)来限制对服务或路线的访问。
+* service id:把 `service` 的 `id` 列入白名单或黑名单(支持一个或多个 service)来限制service的访问,需要结合授权插件一起使用。
Review comment:
The "service id" method needs to be used in conjunction with authorized plugins. It is not easy to confuse the use scene after separating them, I think it will be better.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org