[GitHub] [apisix] Firstsawyou commented on a change in pull request #2241: draft: `consumer` provides access to a collection of `service`
Firstsawyou commented on a change in pull request #2241:
URL: https://github.com/apache/apisix/pull/2241#discussion_r490713892
##
File path: t/plugin/consumer-restriction.t
##
@@ -540,3 +540,256 @@ GET /hello
hello world
--- no_error_log
[error]
+
+
+
+=== TEST 25: create service (id:1)
+--- config
+location /t {
+content_by_lua_block {
+local t = require("lib.test_admin").test
+local code, body = t('/apisix/admin/services/1',
+ ngx.HTTP_PUT,
+ [[{
+"upstream": {
+"nodes": {
+"127.0.0.1:1980": 1
+},
+"type": "roundrobin"
+},
+"desc": "new service 001"
+}]],
+[[{
+"node": {
+"value": {
+"upstream": {
+"nodes": {
+"127.0.0.1:1980": 1
+},
+"type": "roundrobin"
+},
+"desc": "new service 001"
+},
+"key": "/apisix/services/1"
+},
+"action": "set"
+}]]
+)
+
+ngx.status = code
+ngx.say(body)
+}
+}
+--- request
+GET /t
+--- response_body
+passed
+--- no_error_log
+[error]
+
+
+
+=== TEST 26: create service (id:2)
Review comment:
It is used to test whether the id of `service` is normal when it is not
in the whitelist or blacklist. For example, there are service IDs 1 and 2, and
the whitelist `service` id is 1. We need to use the `service` with id 2 to test
whether it can be accessed.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [apisix] Firstsawyou commented on a change in pull request #2241: draft: `consumer` provides access to a collection of `service`
Firstsawyou commented on a change in pull request #2241:
URL: https://github.com/apache/apisix/pull/2241#discussion_r490688992
##
File path: apisix/plugins/consumer-restriction.lua
##
@@ -67,26 +81,33 @@ function _M.check_schema(conf)
return true
end
+
function _M.access(conf, ctx)
-if not ctx.consumer then
+if not conf.type then
return 401, { message = "Missing authentication or identity
verification." }
end
+local value = fetch_val_funcs[conf.type](ctx)
+if not value then
+return 401, { message = "Failed to fetch value by value type: " ..
conf.type }
+end
+core.log.info("value: ", value)
+
local block = false
if conf.blacklist and #conf.blacklist > 0 then
-if is_include(ctx.consumer.username, conf.blacklist) then
+if is_include(value, conf.blacklist) then
block = true
end
end
if conf.whitelist and #conf.whitelist > 0 then
-if not is_include(ctx.consumer.username, conf.whitelist) then
+if not is_include(value, conf.whitelist) then
block = true
end
end
if block then
-return 403, { message = "The consumer is not allowed" }
+return conf.rejected_code, { message = "The " .. conf.type .. " is not
allowed" }
Review comment:
do you mean set `conf.rejected_cod` 405 (not allowed) by default?
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [apisix] Firstsawyou commented on a change in pull request #2241: draft: `consumer` provides access to a collection of `service`
Firstsawyou commented on a change in pull request #2241: URL: https://github.com/apache/apisix/pull/2241#discussion_r490686675 ## File path: apisix/plugins/consumer-restriction.lua ## @@ -67,26 +81,33 @@ function _M.check_schema(conf) return true end + function _M.access(conf, ctx) -if not ctx.consumer then +if not conf.type then Review comment: this is a good idea. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] Firstsawyou commented on a change in pull request #2241: draft: `consumer` provides access to a collection of `service`
Firstsawyou commented on a change in pull request #2241:
URL: https://github.com/apache/apisix/pull/2241#discussion_r490685981
##
File path: t/plugin/consumer-restriction.t
##
@@ -540,3 +540,256 @@ GET /hello
hello world
--- no_error_log
[error]
+
+
+
+=== TEST 25: create service (id:1)
+--- config
+location /t {
+content_by_lua_block {
+local t = require("lib.test_admin").test
+local code, body = t('/apisix/admin/services/1',
+ ngx.HTTP_PUT,
+ [[{
+"upstream": {
+"nodes": {
+"127.0.0.1:1980": 1
+},
+"type": "roundrobin"
+},
+"desc": "new service 001"
+}]],
+[[{
+"node": {
+"value": {
+"upstream": {
+"nodes": {
+"127.0.0.1:1980": 1
+},
+"type": "roundrobin"
+},
+"desc": "new service 001"
+},
+"key": "/apisix/services/1"
+},
+"action": "set"
+}]]
+)
+
+ngx.status = code
+ngx.say(body)
+}
+}
+--- request
+GET /t
+--- response_body
+passed
+--- no_error_log
+[error]
+
+
+
+=== TEST 26: create service (id:2)
+--- config
+location /t {
+content_by_lua_block {
+local t = require("lib.test_admin").test
+local code, body = t('/apisix/admin/services/2',
+ ngx.HTTP_PUT,
+ [[{
+"upstream": {
+"nodes": {
+"127.0.0.1:1980": 1
+},
+"type": "roundrobin"
+},
+"desc": "new service 002"
+}]],
+[[{
+"node": {
+"value": {
+"upstream": {
+"nodes": {
+"127.0.0.1:1980": 1
+},
+"type": "roundrobin"
+},
+"desc": "new service 002"
+},
+"key": "/apisix/services/2"
+},
+"action": "set"
+}]]
+)
+
+ngx.status = code
+ngx.say(body)
+}
+}
+--- request
+GET /t
+--- response_body
+passed
+--- no_error_log
+[error]
+
+
+
+=== TEST 27: add consumer with plugin hmac-auth and consumer-restriction, and
set whitelist
+--- config
+location /t {
+content_by_lua_block {
+local t = require("lib.test_admin").test
+local code, body = t('/apisix/admin/consumers',
+ngx.HTTP_PUT,
+[[{
+"username": "jack",
+"plugins": {
+"hmac-auth": {
+"access_key": "my-access-key",
+"secret_key": "my-secret-key"
+},
+"consumer-restriction": {
+"type": "service_id",
+"whitelist": [ "1" ],
+"rejected_code": 401
+}
+}
+}]],
+[[{
+"node": {
+"value": {
+"username": "jack",
+"plugins": {
+"hmac-auth": {
+"access_key": "my-access-key",
+"secret_key": "my-secret-key",
+"algorithm": "hmac-sha256",
+"clock_skew": 300
+},
+"consumer-restriction": {
+"type": "service_id",
+"whitelist": [ "1" ],
+"rejected_code": 401
+}
+}
+}
+},
+"action": "set"
+}]]
+)
+
+ngx.status = code
+ngx.say(body)
+}
+}
+--- request
+GET /t
+--- response_body
+passed
+--- no_error_log
+[error]
+
+
+
+=== TEST 28: Route binding `hmac-auth` plug-in and `service_id`
+--- config
+location /t {
+content_by_lua_block {
+
[GitHub] [apisix] Firstsawyou commented on a change in pull request #2241: draft: `consumer` provides access to a collection of `service`
Firstsawyou commented on a change in pull request #2241:
URL: https://github.com/apache/apisix/pull/2241#discussion_r489903558
##
File path: apisix/plugins/consumer-restriction.lua
##
@@ -20,6 +20,10 @@ local core = require("apisix.core")
local schema = {
type = "object",
properties = {
+types_of = {
Review comment:
ok.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
