tao12345666333 commented on code in PR #1035:
URL:
https://github.com/apache/apisix-ingress-controller/pull/1035#discussion_r878987682
##########
pkg/kube/apisix/apis/config/v2beta3/types.go:
##########
@@ -342,6 +342,7 @@ type ApisixConsumerAuthParameter struct {
KeyAuth *ApisixConsumerKeyAuth `json:"keyAuth,omitempty"
yaml:"keyAuth"`
WolfRBAC *ApisixConsumerWolfRBAC `json:"wolfRBAC,omitempty"
yaml:"wolfRBAC"`
JwtAuth *ApisixConsumerJwtAuth `json:"jwtAuth,omitempty"
yaml:"jwtAuth"`
+ HMacAuth *ApisixConsumerHMacAuth `json:"hmacAuth,omitempty"
yaml:"hmacAuth"`
Review Comment:
according to [RFC 2104](https://datatracker.ietf.org/doc/html/rfc2104) I
suggest to name this field HMACAuth
```suggestion
HMACAuth *ApisixConsumerHMACAuth `json:"hmacAuth,omitempty"
yaml:"hmacAuth"`
```
##########
samples/deploy/crd/v1/ApisixRoute.yaml:
##########
@@ -452,7 +476,14 @@ spec:
type: boolean
type:
type: string
- enum: [ "basicAuth", "keyAuth", "jwtAuth",
"wolfRBAC" ]
+ enum:
+ [
+ "basicAuth",
+ "keyAuth",
+ "jwtAuth",
+ "wolfRBAC",
+ "hmacAuth",
+ ]
Review Comment:
ditto
##########
test/e2e/suite-features/consumer.go:
##########
@@ -636,6 +636,212 @@ spec:
assert.Contains(ginkgo.GinkgoT(), msg401, "Missing rbac token
in request")
})
+ ginkgo.It("ApisixRoute with hmacAuth consumer", func() {
+ ac := `
+apiVersion: apisix.apache.org/v2beta3
+kind: ApisixConsumer
+metadata:
+ name: hmacvalue
+spec:
+ authParameter:
+ hmacAuth:
+ value:
+ access_key: papa
+ secret_key: fatpa
+ algorithm: "hmac-sha256"
+ clock_skew: 0
+`
+ assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(ac),
"creating hmacAuth ApisixConsumer")
+
+ // Wait until the ApisixConsumer create event was delivered.
+ time.Sleep(6 * time.Second)
+
+ grs, err := s.ListApisixConsumers()
+ assert.Nil(ginkgo.GinkgoT(), err, "listing consumer")
+ assert.Len(ginkgo.GinkgoT(), grs, 1)
+ assert.Len(ginkgo.GinkgoT(), grs[0].Plugins, 1)
+ hmacAuth, _ := grs[0].Plugins["hmac-auth"]
+ assert.Equal(ginkgo.GinkgoT(), hmacAuth, map[string]interface{}{
+ "access_key": "papa",
+ "secret_key": "fatpa",
+ "algorithm": "hmac-sha256",
+ "clock_skew": 0,
+ })
+
+ backendSvc, backendPorts := s.DefaultHTTPBackend()
+ ar := fmt.Sprintf(`
+apiVersion: apisix.apache.org/v2beta3
+kind: ApisixRoute
+metadata:
+ name: httpbin-route
+spec:
+ http:
+ - name: rule1
+ match:
+ hosts:
+ - httpbin.org
+ paths:
+ - /ip
+ exprs:
+ - subject:
+ scope: Header
+ name: X-Foo
+ op: Equal
+ value: bar
+ backends:
+ - serviceName: %s
+ servicePort: %d
+ authentication:
+ enable: true
+ type: hmacAuth
+`, backendSvc, backendPorts[0])
+ assert.Nil(ginkgo.GinkgoT(), s.CreateResourceFromString(ar),
"creating ApisixRoute with hmacAuth")
+ assert.Nil(ginkgo.GinkgoT(), s.EnsureNumApisixRoutesCreated(1),
"Checking number of routes")
+ assert.Nil(ginkgo.GinkgoT(),
s.EnsureNumApisixUpstreamsCreated(1), "Checking number of upstreams")
+
+ _ = s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ WithHeader("X-Foo", "bar").
+ WithHeader("X-HMAC-SIGNATURE",
"0K5jRBTxMVHHJAVoxMtWbKu9toFtTsUdHvQ3Xq/8zfY=").
+ WithHeader("X-HMAC-ACCESS-KEY", "papa").
+ WithHeader("X-HMAC-ALGORITHM", "hmac-sha256").
+ WithHeader("X-HMAC-SIGNED-HEADERS", "User-Agent").
+ WithHeader("User-Agent", "curl/7.29.0").
+ Expect().
+ Status(http.StatusOK)
+
+ msg := s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ WithHeader("X-Foo", "bar").
+ Expect().
+ Status(http.StatusUnauthorized).
+ Body().
+ Raw()
+ assert.Contains(ginkgo.GinkgoT(), msg, "Missing authorization
in request")
+
+ msg = s.NewAPISIXClient().GET("/ip").
+ WithHeader("Host", "httpbin.org").
+ WithHeader("X-Foo", "baz").
+ WithHeader("X-HMAC-SIGNATURE",
"0K5jRBTxMVHHJAVoxMtWbKu9toFtTsUdHvQ3Xq/8zfY=").
+ WithHeader("X-HMAC-ACCESS-KEY", "papa").
+ WithHeader("X-HMAC-ALGORITHM", "hmac-sha256").
+ WithHeader("X-HMAC-SIGNED-HEADERS", "User-Agent").
+ WithHeader("User-Agent", "curl/7.29.0").
+ Expect().
+ Status(http.StatusNotFound).
+ Body().
+ Raw()
+ assert.Contains(ginkgo.GinkgoT(), msg, "404 Route Not Found")
+ })
+
+ ginkgo.It("ApisixRoute with hmacAuth consumer using secret", func() {
+ secret := `
+apiVersion: v1
+kind: Secret
+metadata:
+ name: hmac
+data:
+ access_key: papa
+ secret_key: fatpa
+ algorithm: "hmac-sha256"
+ clock_skew: 0
Review Comment:
secret is base64 encoded
##########
samples/deploy/crd/v1/ApisixRoute.yaml:
##########
@@ -610,7 +641,18 @@ spec:
minItems: 1
items:
type: string
- enum: [ "CONNECT", "DELETE", "GET", "HEAD",
"OPTIONS", "PATCH", "POST", "PUT", "TRACE" ]
+ enum:
+ [
+ "CONNECT",
+ "DELETE",
+ "GET",
+ "HEAD",
+ "OPTIONS",
+ "PATCH",
+ "POST",
+ "PUT",
+ "TRACE",
+ ]
Review Comment:
ditto
##########
samples/deploy/crd/v1/ApisixRoute.yaml:
##########
@@ -355,7 +367,18 @@ spec:
minItems: 1
items:
type: string
- enum: [ "CONNECT", "DELETE", "GET", "HEAD",
"OPTIONS", "PATCH", "POST", "PUT", "TRACE" ]
+ enum:
+ [
+ "CONNECT",
+ "DELETE",
+ "GET",
+ "HEAD",
+ "OPTIONS",
+ "PATCH",
+ "POST",
+ "PUT",
+ "TRACE",
+ ]
Review Comment:
ditto
##########
samples/deploy/crd/v1/ApisixRoute.yaml:
##########
@@ -372,7 +395,8 @@ spec:
properties:
scope:
type: string
- enum: [ "Cookie", "Header", "Path",
"Query" ]
+ enum:
+ ["Cookie", "Header", "Path", "Query"]
Review Comment:
ditto
##########
samples/deploy/crd/v1/ApisixRoute.yaml:
##########
@@ -129,12 +140,13 @@ spec:
properties:
scope:
type: string
- enum: ["Cookie", "Header", "Path",
"Query"]
+ enum:
+ ["Cookie", "Header", "Path", "Query"]
Review Comment:
ditto
##########
samples/deploy/crd/v1/ApisixRoute.yaml:
##########
@@ -627,7 +669,8 @@ spec:
properties:
scope:
type: string
- enum: [ "Cookie", "Header", "Path",
"Query" ]
+ enum:
+ ["Cookie", "Header", "Path", "Query"]
Review Comment:
ditto
##########
samples/deploy/crd/v1/ApisixRoute.yaml:
##########
@@ -112,7 +112,18 @@ spec:
minItems: 1
items:
type: string
- enum: ["CONNECT", "DELETE", "GET", "HEAD",
"OPTIONS", "PATCH", "POST", "PUT", "TRACE"]
+ enum:
+ [
+ "CONNECT",
+ "DELETE",
+ "GET",
+ "HEAD",
+ "OPTIONS",
+ "PATCH",
+ "POST",
+ "PUT",
+ "TRACE",
+ ]
Review Comment:
If you want to write a sequence over multiple lines, you can remove the `[`
`]` symbol and use `-`
like:
```
enum:
- "CONNECT"
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
