nic-6443 commented on code in PR #13519: URL: https://github.com/apache/apisix/pull/13519#discussion_r3397102293
########## docs/en/latest/terminology/secret.md: ########## @@ -224,6 +224,8 @@ $secret://$manager/$id/$secret_name/$key - secret_name: the secret name in the secrets management service - key: get the value of a property when the value of the secret is a JSON string +Note that the secret name in AWS Secrets Manager may itself contain slashes (e.g. `john/secret`), which makes the boundary between `secret_name` and `key` ambiguous. APISIX resolves the reference by trying the longest possible secret name first: it treats the whole remaining path as the secret name, and on `ResourceNotFound` it moves path segments from the right into the `key` position until the lookup succeeds. For example, `$secret://aws/1/john/secret/john-key-auth` tries the secret named `john/secret/john-key-auth` first, then the secret `john/secret` with key `john-key-auth`, and finally the secret `john` with key `secret/john-key-auth`. When multiple interpretations exist, the longest matching secret name takes precedence. Review Comment: Fixed in 300c4efe8. ########## docs/zh/latest/terminology/secret.md: ########## @@ -227,6 +227,8 @@ $secret://$manager/$id/$secret_name/$key - secret_name: 密钥管理服务中的密钥名称 - key:当密钥的值是 JSON 字符串时,获取某个属性的值 +注意:AWS Secrets Manager 中的密钥名称本身可以包含斜杠(例如 `john/secret`),因此 `secret_name` 与 `key` 之间的边界存在歧义。APISIX 会优先尝试最长的密钥名称:先将剩余路径整体作为密钥名称查询,如果返回 `ResourceNotFound`,则从右侧逐段将路径移入 `key` 位置,直到查询成功。例如 `$secret://aws/1/john/secret/john-key-auth` 会先尝试名为 `john/secret/john-key-auth` 的密钥,再尝试名为 `john/secret` 的密钥并取其中的 `john-key-auth` 字段,最后尝试名为 `john` 的密钥并取其中的 `secret/john-key-auth` 字段。当存在多种可能的解释时,最长匹配的密钥名称优先。 Review Comment: Fixed in 300c4efe8. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
