tao12345666333 commented on code in PR #1018: URL: https://github.com/apache/apisix-ingress-controller/pull/1018#discussion_r885392828
########## docs/en/latest/practices/enable-authentication-and-restriction.md: ########## @@ -29,34 +29,126 @@ Consumers are used for the authentication method controlled by Apache APISIX, if ### Authentication -#### [`keyAuth`](https://apisix.apache.org/docs/apisix/plugins/key-auth/) +#### Key Auth -Consumers add their key either in a header `apikey` to authenticate their requests. +Consumers add their key either in a header or query string parameter to authenticate their requests. For more information about `Key Auth`, please refer to [APISIX key-auth plugin](https://apisix.apache.org/docs/apisix/plugins/key-auth/). +Also, we can using the `secretRef` field to reference a K8s Secret object so that we can avoid the hardcoded sensitive data in the ApisixConsumer object. For reference Secret use example, please refer to the [key-auth-reference-secret-object](#key-auth-reference-secret-object). + +<details> + <summary>Key Auth yaml configure</summary> ```yaml -keyAuth: - value: - key: ${key} +apiVersion: apisix.apache.org/v2beta3 +kind: ApisixConsumer +metadata: + name: ${name} +spec: + authParameter: + keyAuth: + value: + key: ${key} #required ``` -#### [`basicAuth`](https://apisix.apache.org/docs/apisix/plugins/basic-auth/) +</details> + +#### Basic Auth -Consumers add their key either in a header `Authentication` to authenticate their requests. +Consumers add their key in a header to authenticate their requests. For more information about `Basic Auth`, please refer to [APISIX basic-auth plugin](https://apisix.apache.org/docs/apisix/plugins/basic-auth/). +Also, we can using the `secretRef` field to reference a K8s Secret object so that we can avoid the hardcoded sensitive data in the ApisixConsumer object. For reference Secret use example, please refer to the [key-auth-reference-secret-object](#key-auth-reference-secret-object). + +<details> + <summary>Basic Auth yaml configure</summary> ```yaml -basicAuth: - value: - username: ${username} - password: ${password} +apiVersion: apisix.apache.org/v2beta3 +kind: ApisixConsumer +metadata: + name: ${name} +spec: + authParameter: + basicAuth: + value: + username: ${username} #required + password: ${password} #required +``` + +</details> + +#### JWT Auth + +The consumer then adds its key to the query string parameter, request header, or cookie to verify its request. For more information about `JWT Auth`, please refer to [APISIX jwt-auth plugin](https://apisix.apache.org/docs/apisix/plugins/jwt-auth/). +Also, we can using the `secretRef` field to reference a K8s Secret object so that we can avoid the hardcoded sensitive data in the ApisixConsumer object. For reference Secret use example, please refer to the [key-auth-reference-secret-object](#key-auth-reference-secret-object). + +:::note Need to expose API +This plugin will add `/apisix/plugin/jwt/sign` to sign. You may need to use `public-api` plugin to expose it. +::: + +<details> + <summary>JWT Auth yaml configure</summary> + +```yaml +apiVersion: apisix.apache.org/v2beta3 +kind: ApisixConsumer +metadata: + name: ${name} +spec: + authParameter: + wolfRbac: + value: + key: "${key}" #required + secret: "${secret}" #optional + public_key: "${public_key}" #optional, required when algorithm attribute selects RS256 algorithm. + private_key: "{private_key}" #optional, required when algorithm attribute selects RS256 algorithm. + algorithm: "${HS256 | HS512 | RS256}" #optional + exp: ${ 86400 | token's expire time, in seconds} #optional + algorithm: ${true | false} #optional +``` + +</details> + +#### `Wolf RBAC` + +To use wolfRbac authentication, you need to start and install [wolf-server](https://github.com/iGeeky/wolf/blob/master/quick-start-with-docker/README.md). For more information about `Wolf RBAC`, please refer to [APISIX wolf-rbac plugin](https://apisix.apache.org/zh/docs/apisix/plugins/wolf-rbac/). +Also, we can using the `secretRef` field to reference a K8s Secret object so that we can avoid the hardcoded sensitive data in the ApisixConsumer object. For reference Secret use example, please refer to the [key-auth-reference-secret-object](#key-auth-reference-secret-object). + +:::note This plugin will add several API Review Comment: @AlinsRan PTAL -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
