[GitHub] [apisix] moonming commented on a change in pull request #2092: bug: removed default access token for Admin API.

Thu, 10 Sep 2020 00:56:09 -0700 


moonming commented on a change in pull request #2092:
URL: https://github.com/apache/apisix/pull/2092#discussion_r486136441



##########
File path: conf/config.yaml
##########
@@ -14,10 +14,23 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+#
+# If you want specify the Admin API token. It is highly recommended to set a
+# high-complexity key to protect APISIX. This is an example:
+#
+# apisix:
+#     admin_key:
+#         -
+#             name: "admin"
+#             key:            # <-- replace with your Admin Key
+#             role: admin

Review comment:
       Why comment these codes?

##########
File path: bin/apisix
##########
@@ -637,6 +637,45 @@ local function read_yaml_conf()
         merge_conf(default_conf, user_conf)
     end
 
+    -- check the Admin API token
+    if default_conf.apisix.enable_admin then
+        local help = [[
+ERROR: missing valid apisix.admin_key
+
+Needs to set Admin API key in file `conf/config.yaml` . Here is an example:
+
+#############################
+apisix:
+    admin_key:
+        -
+            name: "admin"
+            key:          # <-- replace with your Admin Key
+            role: admin
+#############################
+
+Then you can use it to access Admin API.
+eg: $ curl -i http://127.0.0.1:]] .. default_conf.apisix.node_listen .. 
[[/apisix/admin/routes/1 -H 'X-API-KEY: YOUR-KEY'
+]]
+        if type(default_conf.apisix.admin_key) ~= "table" or
+           #default_conf.apisix.admin_key == 0
+        then
+            io.stderr:write(help, "\n")
+            os.exit(1)
+        end
+
+        for _, admin in ipairs(default_conf.apisix.admin_key) do
+            if type(admin.key) == "table" then
+                admin.key = ""
+            else
+                admin.key = tostring(admin.key)
+            end
+
+            if admin.key == "" or admin.key:gsub("*", "") == "" then

Review comment:
       After the user installs Apache APISIX, it will definitely fail at start, 
which is a very bad experience. 
   As discussed in the mailing list, we need to automatically generate a random 
key when apisix starts




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to