The first email in this thread: https://lists.apache.org/thread.html/r6f5036941c98ae75c4ff47361aaa2a0cf889ef90e5f7d524f34fa45c%40%3Cdev.apisix.apache.org%3E
On Wed, 26 May 2021 at 08:41, JunXu Chen <chenju...@apache.org> wrote: > > hi community > > The format of this thread is broken, and we are discussing this PR: > > https://github.com/apache/apisix-dashboard/pull/1893 > > > On Wed, 26 May 2021 at 08:22, zh fregie <fregi...@gmail.com> wrote: > >> Using checksum to avoid the config file exported being tampered >> intentionally or unintentionally.This may cause unexpected errors. >> Encryption is just avoid security problems caused by config file >> disclosure.in fact,I don't think encrytion is necessary. >> ________________________________ >> From: Ming Wen <wenm...@apache.org> >> Sent: Wednesday, May 26, 2021 8:01:26 AM >> To: dev@apisix.apache.org <dev@apisix.apache.org> >> Subject: Re: [feature]apisix-dashboard: Config export and import,for >> migrate apisix. >> >> Why do we need sum and secret? Don't reinvent the http protocol >> >> fregie zh <fregi...@gmail.com>于2021年5月25日 周二下午11:52写道: >> >> > Checksum is for integrity,not security.And I did not consider security >> when >> > designing this feature. >> > If we need consider security,I suggest adding a `secret` and give up >> > checksum,using AEAD (like AES-256-GCM) to encrypt data,this can >> guarantees >> > integrity and security at the same time. >> > >> > Peter Zhu <sta...@apache.org> 于2021年5月25日周二 下午11:29写道: >> > >> > > Hi @fregie >> > > >> > > I had reviewed your PR, the way import and export are OK. >> > > But I recommend we can add a `secret` parameter in this API. Then we >> can >> > > add the `secret` field into the checksum. >> > > This may improve security IMO. >> > > >> > > Best Regards! >> > > >> > > JunXu Chen <chenju...@apache.org> 于2021年5月25日周二 下午6:50写道: >> > > >> > > > hi @fregie >> > > > >> > > > OpenAPI is a popular api interface specification, the route >> > export/import >> > > > feature compatible with OpenAPI is to facilitate users to import >> their >> > > > business APIs to APISIX. >> > > > >> > > > I accept that they are two different features. Wait for opinions >> from >> > > > others. >> > > > >> > > > >> > > > >> > > > On Sat, 22 May 2021 at 15:03, Zhiyuan Ju <juzhiy...@apache.org> >> wrote: >> > > > >> > > > > Hi, >> > > > > >> > > > > This mail is discussing the ManagerAPI, could anyone take a look >> at >> > > this >> > > > > discuss? >> > > > > >> > > > > fregie zh <fregi...@gmail.com>于2021年5月19日 周三上午11:25写道: >> > > > > >> > > > > > > >> > > > > > > That sounds good. Can you design the field that we need in the >> > JSON >> > > > > > object? >> > > > > > > >> > > > > > I don't get it.you mean response a json body?Then how can a user >> > > import >> > > > > > this json?Copy and paste?And I think we have to make sure that >> the >> > > > > > configuration hasn't been tampered with,to avoid unexpected >> > mistakes. >> > > > > > >> > > > > > If the field in the old version but we delete it in the new >> > version. >> > > > What >> > > > > > > we should do ? >> > > > > > > >> > > > > > I have considered this question.We need to do forward >> > compatibility >> > > > and >> > > > > > backward compatibility in the later version.We can't expect >> changes >> > > in >> > > > > the >> > > > > > future,so we can't do compatibility in the current version. >> > > > > > But,we can add test cases to avoid configure not compatible. >> > > > > > >> > > > > > There are already routing-related data import and export, and >> it is >> > > > > > > compatible with OpenAPI. >> > > > > > > Could we implement this feature on this basis? >> > > > > > > >> > > > > > This feature is very different from route export/import,I don't >> > > think >> > > > > it's >> > > > > > a good idea implement this feature on it.Maybe we can consider >> > > merging >> > > > > > these two feature into one. >> > > > > > And I don't know what purpose is the route export/import >> > feature?And >> > > > why >> > > > > it >> > > > > > need to compatible with openAPI?Can you please explain this for >> me? >> > > > > > >> > > > > > >> > > > > > There are already routing-related data import and export, and >> it is >> > > > > > > compatible with OpenAPI. >> > > > > > > Could we implement this feature on this basis? >> > > > > > > >> > > > > > > On Fri, 14 May 2021 at 15:22, Peter Zhu <sta...@apache.org> >> > wrote: >> > > > > > > > Hello, >> > > > > > > > >> > > > > > > > That sounds good. Can you design the field that we need in >> the >> > > JSON >> > > > > > > object? >> > > > > > > > And there is a situation that we should take care of. If the >> > > field >> > > > in >> > > > > > the >> > > > > > > > old version but we delete it in the new version. What we >> should >> > > do >> > > > ? >> > > > > > > > >> > > > > > > > Best regards! >> > > > > > > > >> > > > > > > > fregie zh <xiaohao950...@live.com> 于2021年5月14日周五 下午2:34写道: >> > > > > > > > >> > > > > > > > > 👋 Hi,everyone. >> > > > > > > > > I proposal to add a new feature of apisix-dashbord,config >> > > export >> > > > > and >> > > > > > > > > import.This feature is to migrate the configuration in >> > > different >> > > > > > > > > environments. >> > > > > > > > > I plan to add two api to manager-api: >> > > > > > > > > >> > > > > > > > > /apisix/admin/migrate/export: >> > > > > > > > > Epxort all related config in a json object,then add a 4 >> bytes >> > > > > > checksum >> > > > > > > to >> > > > > > > > > end,as a file to download. >> > > > > > > > > >> > > > > > > > > /apisix/admin/migrate/import: >> > > > > > > > > Upload the file exported,check file integrity,check is >> there >> > > any >> > > > > > > conflict >> > > > > > > > > with current config. >> > > > > > > > > if there is any conflict: >> > > > > > > > > By default,return a error and all conflicted items. >> > > > > > > > > Mode == skip,write all items not conflicted. >> > > > > > > > > Mode == overwrite,write all items imported. >> > > > > > > > > >> > > > > > > > > What do you think of this feature? >> > > > > > >> > > > > -- >> > > > > 来自 琚致远 >> > > > > >> > > > >> > > >> > >> -- >> Thanks, >> Ming Wen, Apache APISIX PMC Chair >> Twitter: _WenMing >> >
