An-DJ commented on code in PR #9147:
URL: https://github.com/apache/apisix/pull/9147#discussion_r1156948916
##########
apisix/admin/init.lua:
##########
@@ -395,6 +401,13 @@ function _M.init_worker()
events.register(reload_plugins, reload_event, "PUT")
if ngx_worker_id() == 0 then
+ -- check if admin_key is required
+ if local_conf.deployment.admin.admin_key_required == false then
+ core.log.warn("Admin key is bypassed! ",
+ "If you are deploying APISIX in a production environment, ",
+ "please disable it and set a secure password for the admin
Key!")
Review Comment:
Done.
##########
t/admin/api.t:
##########
@@ -156,3 +156,40 @@ X-API-VERSION: v2
GET /t
--- response_body
passed
+
+
+
+=== TEST 10: Access with api key, and admin_key_required=true
+--- yaml_config
+deployment:
+ admin:
+ admin_key_required: true
+--- more_headers
+X-API-KEY: edd1c9f034335f136f87ad84b625c8f1
+--- request
+GET /apisix/admin/routes
+--- error_code: 200
+
+
+
+=== TEST 11: Access without api key, but admin_key_required=true
+--- yaml_config
+deployment:
+ admin:
+ admin_key_required: true
+--- request
+GET /apisix/admin/routes
+--- error_code: 401
+
+
+
+=== TEST 12: Access without api key, but admin_key_required=false
Review Comment:
Done.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
