[GitHub] [apisix] Firstsawyou commented on a change in pull request #2241: draft: `consumer` provides access to a collection of `service`
Firstsawyou commented on a change in pull request #2241: URL: https://github.com/apache/apisix/pull/2241#discussion_r490713892 ## File path: t/plugin/consumer-restriction.t ## @@ -540,3 +540,256 @@ GET /hello hello world --- no_error_log [error] + + + +=== TEST 25: create service (id:1) +--- config +location /t { +content_by_lua_block { +local t = require("lib.test_admin").test +local code, body = t('/apisix/admin/services/1', + ngx.HTTP_PUT, + [[{ +"upstream": { +"nodes": { +"127.0.0.1:1980": 1 +}, +"type": "roundrobin" +}, +"desc": "new service 001" +}]], +[[{ +"node": { +"value": { +"upstream": { +"nodes": { +"127.0.0.1:1980": 1 +}, +"type": "roundrobin" +}, +"desc": "new service 001" +}, +"key": "/apisix/services/1" +}, +"action": "set" +}]] +) + +ngx.status = code +ngx.say(body) +} +} +--- request +GET /t +--- response_body +passed +--- no_error_log +[error] + + + +=== TEST 26: create service (id:2) Review comment: It is used to test whether the id of `service` is normal when it is not in the whitelist or blacklist. For example, there are service IDs 1 and 2, and the whitelist `service` id is 1. We need to use the `service` with id 2 to test whether it can be accessed. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] Firstsawyou commented on a change in pull request #2241: draft: `consumer` provides access to a collection of `service`
Firstsawyou commented on a change in pull request #2241: URL: https://github.com/apache/apisix/pull/2241#discussion_r490688992 ## File path: apisix/plugins/consumer-restriction.lua ## @@ -67,26 +81,33 @@ function _M.check_schema(conf) return true end + function _M.access(conf, ctx) -if not ctx.consumer then +if not conf.type then return 401, { message = "Missing authentication or identity verification." } end +local value = fetch_val_funcs[conf.type](ctx) +if not value then +return 401, { message = "Failed to fetch value by value type: " .. conf.type } +end +core.log.info("value: ", value) + local block = false if conf.blacklist and #conf.blacklist > 0 then -if is_include(ctx.consumer.username, conf.blacklist) then +if is_include(value, conf.blacklist) then block = true end end if conf.whitelist and #conf.whitelist > 0 then -if not is_include(ctx.consumer.username, conf.whitelist) then +if not is_include(value, conf.whitelist) then block = true end end if block then -return 403, { message = "The consumer is not allowed" } +return conf.rejected_code, { message = "The " .. conf.type .. " is not allowed" } Review comment: do you mean set `conf.rejected_cod` 405 (not allowed) by default? This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] Firstsawyou commented on a change in pull request #2241: draft: `consumer` provides access to a collection of `service`
Firstsawyou commented on a change in pull request #2241: URL: https://github.com/apache/apisix/pull/2241#discussion_r490686675 ## File path: apisix/plugins/consumer-restriction.lua ## @@ -67,26 +81,33 @@ function _M.check_schema(conf) return true end + function _M.access(conf, ctx) -if not ctx.consumer then +if not conf.type then Review comment: this is a good idea. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] Firstsawyou commented on a change in pull request #2241: draft: `consumer` provides access to a collection of `service`
Firstsawyou commented on a change in pull request #2241: URL: https://github.com/apache/apisix/pull/2241#discussion_r490685981 ## File path: t/plugin/consumer-restriction.t ## @@ -540,3 +540,256 @@ GET /hello hello world --- no_error_log [error] + + + +=== TEST 25: create service (id:1) +--- config +location /t { +content_by_lua_block { +local t = require("lib.test_admin").test +local code, body = t('/apisix/admin/services/1', + ngx.HTTP_PUT, + [[{ +"upstream": { +"nodes": { +"127.0.0.1:1980": 1 +}, +"type": "roundrobin" +}, +"desc": "new service 001" +}]], +[[{ +"node": { +"value": { +"upstream": { +"nodes": { +"127.0.0.1:1980": 1 +}, +"type": "roundrobin" +}, +"desc": "new service 001" +}, +"key": "/apisix/services/1" +}, +"action": "set" +}]] +) + +ngx.status = code +ngx.say(body) +} +} +--- request +GET /t +--- response_body +passed +--- no_error_log +[error] + + + +=== TEST 26: create service (id:2) +--- config +location /t { +content_by_lua_block { +local t = require("lib.test_admin").test +local code, body = t('/apisix/admin/services/2', + ngx.HTTP_PUT, + [[{ +"upstream": { +"nodes": { +"127.0.0.1:1980": 1 +}, +"type": "roundrobin" +}, +"desc": "new service 002" +}]], +[[{ +"node": { +"value": { +"upstream": { +"nodes": { +"127.0.0.1:1980": 1 +}, +"type": "roundrobin" +}, +"desc": "new service 002" +}, +"key": "/apisix/services/2" +}, +"action": "set" +}]] +) + +ngx.status = code +ngx.say(body) +} +} +--- request +GET /t +--- response_body +passed +--- no_error_log +[error] + + + +=== TEST 27: add consumer with plugin hmac-auth and consumer-restriction, and set whitelist +--- config +location /t { +content_by_lua_block { +local t = require("lib.test_admin").test +local code, body = t('/apisix/admin/consumers', +ngx.HTTP_PUT, +[[{ +"username": "jack", +"plugins": { +"hmac-auth": { +"access_key": "my-access-key", +"secret_key": "my-secret-key" +}, +"consumer-restriction": { +"type": "service_id", +"whitelist": [ "1" ], +"rejected_code": 401 +} +} +}]], +[[{ +"node": { +"value": { +"username": "jack", +"plugins": { +"hmac-auth": { +"access_key": "my-access-key", +"secret_key": "my-secret-key", +"algorithm": "hmac-sha256", +"clock_skew": 300 +}, +"consumer-restriction": { +"type": "service_id", +"whitelist": [ "1" ], +"rejected_code": 401 +} +} +} +}, +"action": "set" +}]] +) + +ngx.status = code +ngx.say(body) +} +} +--- request +GET /t +--- response_body +passed +--- no_error_log +[error] + + + +=== TEST 28: Route binding `hmac-auth` plug-in and `service_id` +--- config +location /t { +content_by_lua_block { +
[GitHub] [apisix] Firstsawyou commented on a change in pull request #2241: draft: `consumer` provides access to a collection of `service`
Firstsawyou commented on a change in pull request #2241: URL: https://github.com/apache/apisix/pull/2241#discussion_r489903558 ## File path: apisix/plugins/consumer-restriction.lua ## @@ -20,6 +20,10 @@ local core = require("apisix.core") local schema = { type = "object", properties = { +types_of = { Review comment: ok. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org