You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/11/28 04:20:12 UTC
[GitHub] [apisix] soulbird opened a new pull request, #8412: feat: add vault common components
soulbird opened a new pull request, #8412:
URL: https://github.com/apache/apisix/pull/8412
### Description
As part of https://github.com/apache/apisix/issues/8319:
Add vault common component. Currently only supporting the get operation is enough
### Checklist
- [ ] I have explained the need for this PR and the problem it solves
- [ ] I have explained the changes or the new features added to this PR
- [ ] I have added tests corresponding to this change
- [ ] I have updated the documentation to reflect this change
- [ ] I have verified that this change is backward compatible (If not, please discuss on the [APISIX mailing list](https://github.com/apache/apisix/tree/master#community) first)
<!--
Note
1. Mark the PR as draft until it's ready to be reviewed.
2. Always add/update tests for any changes unless you have a good reason.
3. Always update the documentation to reflect the changes made in the PR.
4. Make a new commit to resolve conversations instead of `push -f`.
5. To resolve merge conflicts, merge master instead of rebasing.
6. Use "request review" to notify the reviewer after making changes.
7. Only a reviewer can mark a conversation as resolved.
-->
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander commented on a diff in pull request #8412: feat: add vault common components
Posted by GitBox <gi...@apache.org>.
spacewander commented on code in PR #8412:
URL: https://github.com/apache/apisix/pull/8412#discussion_r1033299250
##########
apisix/kms/vault.lua:
##########
@@ -0,0 +1,94 @@
+--
+-- Licensed to the Apache Software Foundation (ASF) under one or more
+-- contributor license agreements. See the NOTICE file distributed with
+-- this work for additional information regarding copyright ownership.
+-- The ASF licenses this file to You under the Apache License, Version 2.0
+-- (the "License"); you may not use this file except in compliance with
+-- the License. You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+--
+
+--- Vault Tools.
+-- Vault is an identity-based secrets and encryption management system.
+
+local core = require("apisix.core")
+local http = require("resty.http")
+local json = require("cjson")
+
+local norm_path = require("pl.path").normpath
+local string = require("apisix.core.string")
+
+local find = string.find
+local sub = string.sub
+local reverse = string.reverse
+
+local _M = {}
+
+
+local function make_request_to_vault(conf, method, key, data)
+ local httpc = http.new()
+ -- config timeout or default to 5000 ms
+ httpc:set_timeout((conf.timeout or 5)*1000)
+
+ local req_addr = conf.uri .. norm_path("/v1/"
+ .. conf.prefix .. "/" .. key)
+
+ local res, err = httpc:request_uri(req_addr, {
+ method = method,
+ headers = {
+ ["X-Vault-Token"] = conf.token
+ },
+ body = core.json.encode(data or {}, true)
+ })
+
+ if not res then
+ return nil, err
+ end
+
+ return res.body
+end
+
+-- key is the vault kv engine path
+local function get(conf, key)
+ core.log.info("fetching data from vault for key: ", key)
+
+ local idx = find(reverse(key), "/")
Review Comment:
We can use the rfind_char instead?
https://github.com/apache/apisix/blob/164a3222fa8ef159a21726fb4a6bd7ab1ccb785c/apisix/core/string.lua#L86
##########
apisix/kms/vault.lua:
##########
@@ -0,0 +1,94 @@
+--
+-- Licensed to the Apache Software Foundation (ASF) under one or more
+-- contributor license agreements. See the NOTICE file distributed with
+-- this work for additional information regarding copyright ownership.
+-- The ASF licenses this file to You under the Apache License, Version 2.0
+-- (the "License"); you may not use this file except in compliance with
+-- the License. You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+--
+
+--- Vault Tools.
+-- Vault is an identity-based secrets and encryption management system.
+
+local core = require("apisix.core")
+local http = require("resty.http")
+local json = require("cjson")
Review Comment:
Why don't we use core.json?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander merged pull request #8412: feat: add vault common components
Posted by GitBox <gi...@apache.org>.
spacewander merged PR #8412:
URL: https://github.com/apache/apisix/pull/8412
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] soulbird commented on a diff in pull request #8412: feat: add vault common components
Posted by GitBox <gi...@apache.org>.
soulbird commented on code in PR #8412:
URL: https://github.com/apache/apisix/pull/8412#discussion_r1033242355
##########
ci/init-common-test-service.sh:
##########
@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# prepare vault kv engine
+sleep 3s
Review Comment:
Make sure that the vault service has been started normally, this is just an experience value, it does work.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] moonming commented on a diff in pull request #8412: feat: add vault common components
Posted by GitBox <gi...@apache.org>.
moonming commented on code in PR #8412:
URL: https://github.com/apache/apisix/pull/8412#discussion_r1033222546
##########
ci/init-common-test-service.sh:
##########
@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# prepare vault kv engine
+sleep 3s
Review Comment:
why sleep 3s here?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander commented on a diff in pull request #8412: feat: add vault common components
Posted by GitBox <gi...@apache.org>.
spacewander commented on code in PR #8412:
URL: https://github.com/apache/apisix/pull/8412#discussion_r1033295371
##########
.github/workflows/build.yml:
##########
@@ -33,7 +33,7 @@ jobs:
- t/plugin/[a-k]*
- t/plugin/[l-z]*
- t/admin t/cli t/config-center-yaml t/control t/core t/debug t/deployment t/discovery t/error_page t/misc
- - t/node t/pubsub t/router t/script t/stream-node t/utils t/wasm t/xds-library t/xrpc
+ - t/node t/pubsub t/router t/script t/stream-node t/utils t/wasm t/xds-library t/xrpc t/kms
Review Comment:
Why add the dir `k` at the end?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org