I think `https` can resolve both of them. Thanks, Ming Wen, Apache APISIX PMC Chair Twitter: _WenMing
zh fregie <fregi...@gmail.com> 于2021年5月26日周三 上午8:22写道: > Using checksum to avoid the config file exported being tampered > intentionally or unintentionally.This may cause unexpected errors. > Encryption is just avoid security problems caused by config file > disclosure.in fact,I don't think encrytion is necessary. > ________________________________ > From: Ming Wen <wenm...@apache.org> > Sent: Wednesday, May 26, 2021 8:01:26 AM > To: dev@apisix.apache.org <dev@apisix.apache.org> > Subject: Re: [feature]apisix-dashboard: Config export and import,for > migrate apisix. > > Why do we need sum and secret? Don't reinvent the http protocol > > fregie zh <fregi...@gmail.com>于2021年5月25日 周二下午11:52写道: > > > Checksum is for integrity,not security.And I did not consider security > when > > designing this feature. > > If we need consider security,I suggest adding a `secret` and give up > > checksum,using AEAD (like AES-256-GCM) to encrypt data,this can > guarantees > > integrity and security at the same time. > > > > Peter Zhu <sta...@apache.org> 于2021年5月25日周二 下午11:29写道: > > > > > Hi @fregie > > > > > > I had reviewed your PR, the way import and export are OK. > > > But I recommend we can add a `secret` parameter in this API. Then we > can > > > add the `secret` field into the checksum. > > > This may improve security IMO. > > > > > > Best Regards! > > > > > > JunXu Chen <chenju...@apache.org> 于2021年5月25日周二 下午6:50写道: > > > > > > > hi @fregie > > > > > > > > OpenAPI is a popular api interface specification, the route > > export/import > > > > feature compatible with OpenAPI is to facilitate users to import > their > > > > business APIs to APISIX. > > > > > > > > I accept that they are two different features. Wait for opinions from > > > > others. > > > > > > > > > > > > > > > > On Sat, 22 May 2021 at 15:03, Zhiyuan Ju <juzhiy...@apache.org> > wrote: > > > > > > > > > Hi, > > > > > > > > > > This mail is discussing the ManagerAPI, could anyone take a look at > > > this > > > > > discuss? > > > > > > > > > > fregie zh <fregi...@gmail.com>于2021年5月19日 周三上午11:25写道: > > > > > > > > > > > > > > > > > > > That sounds good. Can you design the field that we need in the > > JSON > > > > > > object? > > > > > > > > > > > > > I don't get it.you mean response a json body?Then how can a user > > > import > > > > > > this json?Copy and paste?And I think we have to make sure that > the > > > > > > configuration hasn't been tampered with,to avoid unexpected > > mistakes. > > > > > > > > > > > > If the field in the old version but we delete it in the new > > version. > > > > What > > > > > > > we should do ? > > > > > > > > > > > > > I have considered this question.We need to do forward > > compatibility > > > > and > > > > > > backward compatibility in the later version.We can't expect > changes > > > in > > > > > the > > > > > > future,so we can't do compatibility in the current version. > > > > > > But,we can add test cases to avoid configure not compatible. > > > > > > > > > > > > There are already routing-related data import and export, and it > is > > > > > > > compatible with OpenAPI. > > > > > > > Could we implement this feature on this basis? > > > > > > > > > > > > > This feature is very different from route export/import,I don't > > > think > > > > > it's > > > > > > a good idea implement this feature on it.Maybe we can consider > > > merging > > > > > > these two feature into one. > > > > > > And I don't know what purpose is the route export/import > > feature?And > > > > why > > > > > it > > > > > > need to compatible with openAPI?Can you please explain this for > me? > > > > > > > > > > > > > > > > > > There are already routing-related data import and export, and it > is > > > > > > > compatible with OpenAPI. > > > > > > > Could we implement this feature on this basis? > > > > > > > > > > > > > > On Fri, 14 May 2021 at 15:22, Peter Zhu <sta...@apache.org> > > wrote: > > > > > > > > Hello, > > > > > > > > > > > > > > > > That sounds good. Can you design the field that we need in > the > > > JSON > > > > > > > object? > > > > > > > > And there is a situation that we should take care of. If the > > > field > > > > in > > > > > > the > > > > > > > > old version but we delete it in the new version. What we > should > > > do > > > > ? > > > > > > > > > > > > > > > > Best regards! > > > > > > > > > > > > > > > > fregie zh <xiaohao950...@live.com> 于2021年5月14日周五 下午2:34写道: > > > > > > > > > > > > > > > > > 👋 Hi,everyone. > > > > > > > > > I proposal to add a new feature of apisix-dashbord,config > > > export > > > > > and > > > > > > > > > import.This feature is to migrate the configuration in > > > different > > > > > > > > > environments. > > > > > > > > > I plan to add two api to manager-api: > > > > > > > > > > > > > > > > > > /apisix/admin/migrate/export: > > > > > > > > > Epxort all related config in a json object,then add a 4 > bytes > > > > > > checksum > > > > > > > to > > > > > > > > > end,as a file to download. > > > > > > > > > > > > > > > > > > /apisix/admin/migrate/import: > > > > > > > > > Upload the file exported,check file integrity,check is > there > > > any > > > > > > > conflict > > > > > > > > > with current config. > > > > > > > > > if there is any conflict: > > > > > > > > > By default,return a error and all conflicted items. > > > > > > > > > Mode == skip,write all items not conflicted. > > > > > > > > > Mode == overwrite,write all items imported. > > > > > > > > > > > > > > > > > > What do you think of this feature? > > > > > > > > > > > -- > > > > > 来自 琚致远 > > > > > > > > > > > > > > > -- > Thanks, > Ming Wen, Apache APISIX PMC Chair > Twitter: _WenMing >
