feat: Autogenerate admin api key if not passed #11080
Conversation
Signed-off-by: Ashish Tiwari <ashishjaitiwari15112000@gmail.com>
Signed-off-by: Ashish Tiwari <ashishjaitiwari15112000@gmail.com>
Signed-off-by: Ashish Tiwari <ashishjaitiwari15112000@gmail.com>
apisix/core/id.lua
Outdated
| -- Check if deployment.admin.admin_key is not nil and it's an empty string | ||
| local admin_keys = default_conf.deployment | ||
| and default_conf.deployment.admin | ||
| and default_conf.deployment.admin.admin_key |
There was a problem hiding this comment.
I think you can try core.table.try_read_attr to improve your code.
apisix/core/id.lua
Outdated
| local local_conf_path = profile:yaml_path("config") | ||
| local ok, err = write_file(local_conf_path, yaml_conf) | ||
| if not ok then | ||
| log.error(err) |
There was a problem hiding this comment.
I think you should panic if we can't write file.
| @@ -170,7 +170,8 @@ nginx_config: # Config for render the template to generate n | |||
| stream: | |||
| enable_access_log: false # Enable stream proxy access logging. | |||
| access_log: logs/access_stream.log # Location of the stream access log. | |||
| access_log_format: "$remote_addr [$time_local] $protocol $status $bytes_sent $bytes_received $session_time" # Customize log format: http://nginx.org/en/docs/varindex.html | |||
| access_log_format: | | |||
| "$remote_addr [$time_local] $protocol $status $bytes_sent $bytes_received $session_time" # Customize log format: http://nginx.org/en/docs/varindex.html | |||
There was a problem hiding this comment.
This change has nothing to do with this modification. If you think it is necessary, it is recommended to open a new PR to deal with it.
| access_log_format: | | ||
| "$remote_addr - $remote_user [$time_local] $http_host \"$request\" $status $body_bytes_sent $request_time \"$http_referer\" \"$http_user_agent\" $upstream_addr $upstream_status $upstream_response_time \"$upstream_scheme://$upstream_host$upstream_uri\"" |
There was a problem hiding this comment.
The lyaml.dump function which is being used here to convert lua table into yaml, messes up the formatting and adds a new line automatically. Using | operator avoids this issue by allowing for multiline string
apisix/core/id.lua
Outdated
| local open = io.open | ||
|
|
||
|
|
||
| local try_read_attr = require("apisix.core.table").try_read_attr |
There was a problem hiding this comment.
please maintain code beautification (equals on top of each other)
apisix/core/id.lua
Outdated
|
|
||
| local _M = {version = 0.1} | ||
| local _M = { version = 0.1 } |
There was a problem hiding this comment.
please revert this change.
t/fuzzing/simple_http.py
Outdated
| print("Key not found in the YAML file.") | ||
| return | ||
| key = key.replace('"', '') | ||
| print("the key is",key) |
There was a problem hiding this comment.
| print("the key is",key) | |
| print("the key is", key) |
.github/workflows/source-install.yml
Outdated
| @@ -88,8 +88,15 @@ jobs: | |||
|
|
|||
| - name: Test apisix | |||
| run: | | |||
| curl http://127.0.0.1:9180/apisix/admin/routes/1 \ | |||
| -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d ' | |||
| wget https://github.com/mikefarah/yq/releases/download/3.4.1/yq_linux_amd64 -O /usr/bin/yq && sudo chmod +x /usr/bin/yq | |||
There was a problem hiding this comment.
this block has 4 indents, where as everywhere in this file there are 2 indents.
.github/workflows/source-install.yml
Outdated
| cat logs/error.log | ||
| exit 125 | ||
| fi | ||
| result_code=`curl -I -m 10 -o /dev/null -s -w %{http_code} http://127.0.0.1:9080/get` |
There was a problem hiding this comment.
this change is not needed.
| @@ -170,7 +170,8 @@ nginx_config: # Config for render the template to generate n | |||
| stream: | |||
| enable_access_log: false # Enable stream proxy access logging. | |||
| access_log: logs/access_stream.log # Location of the stream access log. | |||
| access_log_format: "$remote_addr [$time_local] $protocol $status $bytes_sent $bytes_received $session_time" # Customize log format: http://nginx.org/en/docs/varindex.html | |||
| access_log_format: | | |||
| "$remote_addr [$time_local] $protocol $status $bytes_sent $bytes_received $session_time" # Customize log format: http://nginx.org/en/docs/varindex.html | |||
There was a problem hiding this comment.
@Revolyssup please address this comment.
|
@shreemaan-abhishek Comment addressed here #11080 (comment) |
| You can fetch the `admin_key` from `config.yaml` and save to an environment variable with the following command: | ||
|
|
||
| ```bash | ||
| admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g') |
There was a problem hiding this comment.
| admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g') | |
| admin_key=$(yq '.deployment.admin.admin_key[0].key' conf/config.yaml | sed 's/"//g') |
Remove extra space. Please replace all.
Signed-off-by: Ashish Tiwari <ashishjaitiwari15112000@gmail.com>
Description
Fixes # (issue)
This PR is part of the proposal which removes hardcoding of sensitive API keys by autogenerating them at either application level(APISIX) or deployment level.
Notes
Related PRs:
apache/apisix-helm-chart#740
apache/apisix-docker#548
Checklist