You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2020/09/18 03:29:23 UTC
[GitHub] [apisix] moonming commented on a change in pull request #2241: draft: `consumer` provides access to a collection of `service`
moonming commented on a change in pull request #2241:
URL: https://github.com/apache/apisix/pull/2241#discussion_r490671665
##########
File path: apisix/plugins/consumer-restriction.lua
##########
@@ -67,26 +81,33 @@ function _M.check_schema(conf)
return true
end
+
function _M.access(conf, ctx)
- if not ctx.consumer then
+ if not conf.type then
Review comment:
why not add this check in schema?
##########
File path: apisix/plugins/consumer-restriction.lua
##########
@@ -67,26 +81,33 @@ function _M.check_schema(conf)
return true
end
+
function _M.access(conf, ctx)
- if not ctx.consumer then
+ if not conf.type then
return 401, { message = "Missing authentication or identity verification." }
end
+ local value = fetch_val_funcs[conf.type](ctx)
+ if not value then
+ return 401, { message = "Failed to fetch value by value type: " .. conf.type }
+ end
+ core.log.info("value: ", value)
+
local block = false
if conf.blacklist and #conf.blacklist > 0 then
- if is_include(ctx.consumer.username, conf.blacklist) then
+ if is_include(value, conf.blacklist) then
block = true
end
end
if conf.whitelist and #conf.whitelist > 0 then
- if not is_include(ctx.consumer.username, conf.whitelist) then
+ if not is_include(value, conf.whitelist) then
block = true
end
end
if block then
- return 403, { message = "The consumer is not allowed" }
+ return conf.rejected_code, { message = "The " .. conf.type .. " is not allowed" }
Review comment:
`not allowed` -> `forbidden`
##########
File path: t/plugin/consumer-restriction.t
##########
@@ -540,3 +540,256 @@ GET /hello
hello world
--- no_error_log
[error]
+
+
+
+=== TEST 25: create service (id:1)
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local code, body = t('/apisix/admin/services/1',
+ ngx.HTTP_PUT,
+ [[{
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "desc": "new service 001"
+ }]],
+ [[{
+ "node": {
+ "value": {
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "desc": "new service 001"
+ },
+ "key": "/apisix/services/1"
+ },
+ "action": "set"
+ }]]
+ )
+
+ ngx.status = code
+ ngx.say(body)
+ }
+ }
+--- request
+GET /t
+--- response_body
+passed
+--- no_error_log
+[error]
+
+
+
+=== TEST 26: create service (id:2)
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local code, body = t('/apisix/admin/services/2',
+ ngx.HTTP_PUT,
+ [[{
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "desc": "new service 002"
+ }]],
+ [[{
+ "node": {
+ "value": {
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "desc": "new service 002"
+ },
+ "key": "/apisix/services/2"
+ },
+ "action": "set"
+ }]]
+ )
+
+ ngx.status = code
+ ngx.say(body)
+ }
+ }
+--- request
+GET /t
+--- response_body
+passed
+--- no_error_log
+[error]
+
+
+
+=== TEST 27: add consumer with plugin hmac-auth and consumer-restriction, and set whitelist
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local code, body = t('/apisix/admin/consumers',
+ ngx.HTTP_PUT,
+ [[{
+ "username": "jack",
+ "plugins": {
+ "hmac-auth": {
+ "access_key": "my-access-key",
+ "secret_key": "my-secret-key"
+ },
+ "consumer-restriction": {
+ "type": "service_id",
+ "whitelist": [ "1" ],
Review comment:
which test case to check this whitelist? and we need test cases for blacklist.
##########
File path: t/plugin/consumer-restriction.t
##########
@@ -540,3 +540,256 @@ GET /hello
hello world
--- no_error_log
[error]
+
+
+
+=== TEST 25: create service (id:1)
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local code, body = t('/apisix/admin/services/1',
+ ngx.HTTP_PUT,
+ [[{
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "desc": "new service 001"
+ }]],
+ [[{
+ "node": {
+ "value": {
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "desc": "new service 001"
+ },
+ "key": "/apisix/services/1"
+ },
+ "action": "set"
+ }]]
+ )
+
+ ngx.status = code
+ ngx.say(body)
+ }
+ }
+--- request
+GET /t
+--- response_body
+passed
+--- no_error_log
+[error]
+
+
+
+=== TEST 26: create service (id:2)
Review comment:
when we need this service?
##########
File path: t/plugin/consumer-restriction.t
##########
@@ -540,3 +540,256 @@ GET /hello
hello world
--- no_error_log
[error]
+
+
+
+=== TEST 25: create service (id:1)
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local code, body = t('/apisix/admin/services/1',
+ ngx.HTTP_PUT,
+ [[{
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "desc": "new service 001"
+ }]],
+ [[{
+ "node": {
+ "value": {
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "desc": "new service 001"
+ },
+ "key": "/apisix/services/1"
+ },
+ "action": "set"
+ }]]
+ )
+
+ ngx.status = code
+ ngx.say(body)
+ }
+ }
+--- request
+GET /t
+--- response_body
+passed
+--- no_error_log
+[error]
+
+
+
+=== TEST 26: create service (id:2)
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local code, body = t('/apisix/admin/services/2',
+ ngx.HTTP_PUT,
+ [[{
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "desc": "new service 002"
+ }]],
+ [[{
+ "node": {
+ "value": {
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "desc": "new service 002"
+ },
+ "key": "/apisix/services/2"
+ },
+ "action": "set"
+ }]]
+ )
+
+ ngx.status = code
+ ngx.say(body)
+ }
+ }
+--- request
+GET /t
+--- response_body
+passed
+--- no_error_log
+[error]
+
+
+
+=== TEST 27: add consumer with plugin hmac-auth and consumer-restriction, and set whitelist
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local code, body = t('/apisix/admin/consumers',
+ ngx.HTTP_PUT,
+ [[{
+ "username": "jack",
+ "plugins": {
+ "hmac-auth": {
+ "access_key": "my-access-key",
+ "secret_key": "my-secret-key"
+ },
+ "consumer-restriction": {
+ "type": "service_id",
+ "whitelist": [ "1" ],
+ "rejected_code": 401
+ }
+ }
+ }]],
+ [[{
+ "node": {
+ "value": {
+ "username": "jack",
+ "plugins": {
+ "hmac-auth": {
+ "access_key": "my-access-key",
+ "secret_key": "my-secret-key",
+ "algorithm": "hmac-sha256",
+ "clock_skew": 300
+ },
+ "consumer-restriction": {
+ "type": "service_id",
+ "whitelist": [ "1" ],
+ "rejected_code": 401
+ }
+ }
+ }
+ },
+ "action": "set"
+ }]]
+ )
+
+ ngx.status = code
+ ngx.say(body)
+ }
+ }
+--- request
+GET /t
+--- response_body
+passed
+--- no_error_log
+[error]
+
+
+
+=== TEST 28: Route binding `hmac-auth` plug-in and `service_id`
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local code, body = t('/apisix/admin/routes/1',
+ ngx.HTTP_PUT,
+ [[{
+ "methods": ["GET"],
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "service_id": 2,
+ "uri": "/hello",
+ "plugins": {
+ "hmac-auth": {}
Review comment:
is this a bug of `hmac-auth`? @nic-chen
##########
File path: t/plugin/consumer-restriction.t
##########
@@ -540,3 +540,256 @@ GET /hello
hello world
--- no_error_log
[error]
+
+
+
+=== TEST 25: create service (id:1)
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local code, body = t('/apisix/admin/services/1',
+ ngx.HTTP_PUT,
+ [[{
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "desc": "new service 001"
+ }]],
+ [[{
+ "node": {
+ "value": {
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "desc": "new service 001"
+ },
+ "key": "/apisix/services/1"
+ },
+ "action": "set"
+ }]]
+ )
+
+ ngx.status = code
+ ngx.say(body)
+ }
+ }
+--- request
+GET /t
+--- response_body
+passed
+--- no_error_log
+[error]
+
+
+
+=== TEST 26: create service (id:2)
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local code, body = t('/apisix/admin/services/2',
+ ngx.HTTP_PUT,
+ [[{
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "desc": "new service 002"
+ }]],
+ [[{
+ "node": {
+ "value": {
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "desc": "new service 002"
+ },
+ "key": "/apisix/services/2"
+ },
+ "action": "set"
+ }]]
+ )
+
+ ngx.status = code
+ ngx.say(body)
+ }
+ }
+--- request
+GET /t
+--- response_body
+passed
+--- no_error_log
+[error]
+
+
+
+=== TEST 27: add consumer with plugin hmac-auth and consumer-restriction, and set whitelist
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local code, body = t('/apisix/admin/consumers',
+ ngx.HTTP_PUT,
+ [[{
+ "username": "jack",
+ "plugins": {
+ "hmac-auth": {
+ "access_key": "my-access-key",
+ "secret_key": "my-secret-key"
+ },
+ "consumer-restriction": {
+ "type": "service_id",
+ "whitelist": [ "1" ],
+ "rejected_code": 401
+ }
+ }
+ }]],
+ [[{
+ "node": {
+ "value": {
+ "username": "jack",
+ "plugins": {
+ "hmac-auth": {
+ "access_key": "my-access-key",
+ "secret_key": "my-secret-key",
+ "algorithm": "hmac-sha256",
+ "clock_skew": 300
+ },
+ "consumer-restriction": {
+ "type": "service_id",
+ "whitelist": [ "1" ],
+ "rejected_code": 401
+ }
+ }
+ }
+ },
+ "action": "set"
+ }]]
+ )
+
+ ngx.status = code
+ ngx.say(body)
+ }
+ }
+--- request
+GET /t
+--- response_body
+passed
+--- no_error_log
+[error]
+
+
+
+=== TEST 28: Route binding `hmac-auth` plug-in and `service_id`
+--- config
+ location /t {
+ content_by_lua_block {
+ local t = require("lib.test_admin").test
+ local code, body = t('/apisix/admin/routes/1',
+ ngx.HTTP_PUT,
+ [[{
+ "methods": ["GET"],
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:1980": 1
+ },
+ "type": "roundrobin"
+ },
+ "service_id": 2,
+ "uri": "/hello",
+ "plugins": {
+ "hmac-auth": {}
Review comment:
why binding a empty `hmac-auth` plugin? which need sk and ak, right?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org