[GitHub] [apisix] spacewander commented on issue #7373: docs: add description for Development environment
spacewander commented on issue #7373: URL: https://github.com/apache/apisix/issues/7373#issuecomment-1174645572 From my point of view, I would suggest using `./bin/apisix start` directly. The makefile is just a thin wrapper of `apisix` (not a good wrapper as its targets are not 100% equal to the action in `./bin/apisix`.) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-java-plugin-runner] ericluoliu commented on a diff in pull request #158: feat: support hot reload of Java plugins
ericluoliu commented on code in PR #158:
URL:
https://github.com/apache/apisix-java-plugin-runner/pull/158#discussion_r913408617
##
runner-starter/src/main/java/org/apache/apisix/plugin/runner/PluginRunnerApplication.java:
##
@@ -17,17 +17,138 @@
package org.apache.apisix.plugin.runner;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.support.BeanDefinitionBuilder;
+import org.springframework.beans.factory.support.BeanDefinitionRegistry;
+import org.springframework.scheduling.annotation.Scheduled;
import org.springframework.boot.WebApplicationType;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.builder.SpringApplicationBuilder;
+import org.springframework.context.ApplicationContext;
+import org.springframework.scheduling.annotation.EnableScheduling;
+
+import javax.tools.JavaCompiler;
+import javax.tools.ToolProvider;
+import java.io.File;
+import java.io.IOException;
+import java.nio.file.FileSystems;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.nio.file.WatchEvent;
+import java.nio.file.WatchKey;
+import java.nio.file.WatchService;
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.List;
+
+import static java.nio.file.StandardWatchEventKinds.ENTRY_CREATE;
+import static java.nio.file.StandardWatchEventKinds.ENTRY_DELETE;
+import static java.nio.file.StandardWatchEventKinds.ENTRY_MODIFY;
@SpringBootApplication
+@EnableScheduling
public class PluginRunnerApplication {
-
+
+@Autowired
+private YAMLConfig myConfig;
+@Autowired
+private ApplicationContext ctx;
+private static ClassLoader PARENT_CLASS_LOADER;
+private static DynamicClassLoader CLASS_LOADER;
+
public static void main(String[] args) {
+PARENT_CLASS_LOADER = DynamicClassLoader.class.getClassLoader();
+CLASS_LOADER = new DynamicClassLoader(PARENT_CLASS_LOADER);
+Thread.currentThread().setContextClassLoader(CLASS_LOADER);
new SpringApplicationBuilder(PluginRunnerApplication.class)
.web(WebApplicationType.NONE)
.run(args);
}
-
+
+@Scheduled(fixedDelay = Long.MAX_VALUE, initialDelay = 1000)
+public void reload() throws ClassNotFoundException, IOException,
InterruptedException {
+BeanDefinitionRegistry registry = (BeanDefinitionRegistry)
ctx.getAutowireCapableBeanFactory();
+WatchService watchService = FileSystems.getDefault().newWatchService();
+
+String pathToProject = System.getProperty("user.dir");
+
+//get packagename and path to user's filters from YAML file
+String packageName = myConfig.getPackageName();
+String absolutePath = myConfig.getPath();
+if (packageName.equals("")) {
+packageName = "org.apache.apisix.plugin.runner.filter";
+}
+if (absolutePath.equals("")) {
+absolutePath = pathToProject +
"/runner-plugin/src/main/java/org/apache/apisix/plugin/runner/filter/";
+}
+Path path = Paths.get(absolutePath);
+
+//make /target/classes directory if not already exists, compiled java
files are output here
+new File(pathToProject + "/target").mkdirs();
+new File(pathToProject + "/target/classes").mkdirs();
+
+//detect changes when files in the path are created, modified, or
deleted
+path.register(watchService, ENTRY_CREATE, ENTRY_MODIFY, ENTRY_DELETE);
+boolean poll = true;
+while (poll) {
+WatchKey key = watchService.take();
+for (WatchEvent event : key.pollEvents()) {
+String[] allFilters = new File(absolutePath).list();
+HashSet set = new HashSet<>();
+
+for (int i = 0; i < allFilters.length; i++) {
+//strangely, watchservice creates a file that ends with
".java~", we ignore this file
+if (!allFilters[i].equals("package-info.java") &&
allFilters[i].charAt(allFilters[i].length() - 1) != '~') {
+allFilters[i] = allFilters[i].substring(0,
allFilters[i].length() - 5);
+set.add(allFilters[i]);
+}
+}
+
+for (String filterName : allFilters) {
+if ((!filterName.equals("package-info.java")) &&
filterName.charAt(filterName.length() - 1) != '~') {
+//Bean Filter Name necessary because beans always
start with lower case letters
+String beanFilterName =
Character.toLowerCase(filterName.charAt(0)) + filterName.substring(1);
+if (registry.containsBeanDefinition(beanFilterName)) {
+registry.removeBeanDefinition(beanFilterName);
+}
+JavaCompiler compiler =
ToolProvider.getSystemJavaCompiler();
+
[GitHub] [apisix] spacewander commented on a diff in pull request #7385: docs: fix command format
spacewander commented on code in PR #7385: URL: https://github.com/apache/apisix/pull/7385#discussion_r913406733 ## docs/en/latest/plugins/basic-auth.md: ## @@ -97,7 +97,7 @@ curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f13 After you have configured the Plugin as mentioned above, you can make a request to the Route as shown below: ```shell -curl -i -ufoo:bar http://127.0.0.1:9080/hello +curl -i -u foo:bar http://127.0.0.1:9080/hello Review Comment: Both `-ufoo:bar` and `-u foo:bar` are equal? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] oil-oil opened a new pull request, #7385: docs: fix command format
oil-oil opened a new pull request, #7385: URL: https://github.com/apache/apisix/pull/7385 ### Description Fixes # (issue) ### Checklist - [ ] I have explained the need for this PR and the problem it solves - [ ] I have explained the changes or the new features added to this PR - [ ] I have added tests corresponding to this change - [x] I have updated the documentation to reflect this change - [ ] I have verified that this change is backward compatible (If not, please discuss on the [APISIX mailing list](https://github.com/apache/apisix/tree/master#community) first) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-docker] wennuanwk commented on issue #325: apache/apisix:2.14.1 pod status: Restarting
wennuanwk commented on issue #325: URL: https://github.com/apache/apisix-docker/issues/325#issuecomment-1174625331 > is this useful for you: #304 不行,日志还是这样: `/usr/local/openresty/luajit/bin/luajit ./apisix/cli/apisix.lua init /usr/local/openresty/luajit/bin/luajit ./apisix/cli/apisix.lua init_etcd nginx: [alert] could not open error log file: open() "/usr/local/apisix/logs/error.log" failed (13: Permission denied) 2022/07/05 11:41:45 [emerg] 1#1: open() "/usr/local/apisix/logs/error.log" failed (13: Permission denied) ` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-docker] tzssangglass commented on issue #325: apache/apisix:2.14.1 pod status: Restarting
tzssangglass commented on issue #325: URL: https://github.com/apache/apisix-docker/issues/325#issuecomment-1174622729 is this useful for you: https://github.com/apache/apisix-docker/issues/304 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[apisix-website] branch asf-site updated (28bba32b29e -> 5873d02acad)
This is an automated email from the ASF dual-hosted git repository. github-bot pushed a change to branch asf-site in repository https://gitbox.apache.org/repos/asf/apisix-website.git discard 28bba32b29e deploy: 5c9f55190e330c0e23a169b188d4e5a855fad0f0 new 5873d02acad deploy: 8a143690da51614acb807cd727c56ca554ee6756 This update added new revisions after undoing existing revisions. That is to say, some revisions that were in the old version of the branch are not in the new version. This situation occurs when a user --force pushes a change and generates a repository containing something like this: * -- * -- B -- O -- O -- O (28bba32b29e) \ N -- N -- N refs/heads/asf-site (5873d02acad) You should already have received notification emails for all of the O revisions, and so the following emails describe only the N revisions from the common base, B. Any revisions marked "omit" are not gone; other references still refer to them. Any revisions marked "discard" are gone forever. The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: 404.html | 8 +++--- .../index.html | 8 +++--- .../index.html | 10 +++ .../Apache-APISIX-Incubator-Journey/index.html | 8 +++--- .../Apache-APISIX-Kubernetes-Ingress/index.html| 8 +++--- .../Apache-APISIX-in-China-Mobile-Cloud/index.html | 10 +++ .../index.html | 8 +++--- .../index.html | 8 +++--- .../index.html | 8 +++--- .../Speed-Limiting-With-Apache-APISIX/index.html | 8 +++--- .../index.html | 8 +++--- articles/The-Appeal-of-OpenSource/index.html | 8 +++--- articles/The-Evolution-of-Apache-APISIX/index.html | 8 +++--- .../index.html | 8 +++--- articles/archive/index.html| 8 +++--- articles/atom.xml | 6 ++-- articles/index.html| 10 +++ articles/page/2/index.html | 8 +++--- articles/rss.xml | 6 ++-- assets/js/03b491a1.2ba9958c.js | 1 + assets/js/03b491a1.adb454aa.js | 1 - assets/js/098c8b15.00f26b65.js | 1 - assets/js/098c8b15.2744317a.js | 1 + assets/js/09b17eb5.f9e42585.js | 1 - assets/js/09b17eb5.fe00d85b.js | 1 + assets/js/0d0b38bc.72422285.js | 1 + assets/js/0d0b38bc.bbce91c0.js | 1 - assets/js/115d6619.8baf4ee1.js | 1 - assets/js/115d6619.b89e6e63.js | 1 + assets/js/11ce4159.4b278aa5.js | 1 + assets/js/11ce4159.737a2b74.js | 1 - assets/js/44ac4dbb.69b0923f.js | 1 - assets/js/44ac4dbb.dd5b875e.js | 1 + assets/js/507e1a4c.35bcd893.js | 1 - assets/js/507e1a4c.8446a2dd.js | 1 + assets/js/52099127.0a036a99.js | 1 - assets/js/52099127.4284aff3.js | 1 + assets/js/66fbb9c2.34352a1b.js | 1 - assets/js/66fbb9c2.fea0d500.js | 1 + assets/js/72095f03.31487cdc.js | 1 - assets/js/72095f03.87842177.js | 1 + assets/js/7349d1e2.4f1bc569.js | 1 + assets/js/7af3052c.802db9f6.js | 1 - assets/js/7af3052c.c7194fc3.js | 1 + assets/js/7d9726a8.660c4171.js | 1 - assets/js/7d9726a8.6bcc8c3d.js | 1 + assets/js/814f3328.2d648ceb.js | 1 + assets/js/814f3328.fb7bde40.js | 1 - assets/js/8d351656.e6689dbc.js | 1 + assets/js/8d351656.fa751d2c.js | 1 - assets/js/8e784bf3.59c6cf34.js | 1 - assets/js/8e784bf3.63d07c8b.js | 1 + assets/js/8eb4e46b.bcaca357.js | 1 - assets/js/8eb4e46b.f198b92c.js | 1 + assets/js/8f700fa6.53330b2d.js | 1 + assets/js/8f700fa6.9d30155f.js | 1 - assets/js/9006ed44.2300a3ac.js | 1 + assets/js/9006ed44.7caa74fa.js | 1 - assets/js/90fc8a94.96436669.js | 1 + assets/js/90fc8a94.cdb54390.js | 1 - assets/js/92999a1c.425fab04.js | 1 +
[GitHub] [apisix] tzssangglass commented on pull request #7370: feat: add PKCE support to the openid-connect plugin
tzssangglass commented on PR #7370: URL: https://github.com/apache/apisix/pull/7370#issuecomment-1174620514 hi @qihaiyan ,pls merge master branch to your develop branch and fix resolve conflics. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] tzssangglass commented on issue #7298: help request: grpc request proxy http code must be 599 when request not success
tzssangglass commented on issue #7298: URL: https://github.com/apache/apisix/issues/7298#issuecomment-1174616132 It looks like APISIX does not support using `core.response` directly in the plugin to process and return gRPC related requests. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] soulbird opened a new pull request, #7384: fix(limit-count): conf with group and disable can't be configured
soulbird opened a new pull request, #7384: URL: https://github.com/apache/apisix/pull/7384 ### Description Fixes #7375 ### Checklist - [ ] I have explained the need for this PR and the problem it solves - [ ] I have explained the changes or the new features added to this PR - [ ] I have added tests corresponding to this change - [ ] I have updated the documentation to reflect this change - [ ] I have verified that this change is backward compatible (If not, please discuss on the [APISIX mailing list](https://github.com/apache/apisix/tree/master#community) first) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] juzhiyuan commented on a diff in pull request #3021: feat: rewrite handwriting validation with jsonschema
juzhiyuan commented on code in PR #3021: URL: https://github.com/apache/apisix/pull/3021#discussion_r913358013 ## apisix/plugins/openid-connect.lua: ## @@ -148,6 +150,13 @@ end function _M.rewrite(plugin_conf, ctx) local conf = core.table.clone(plugin_conf) + +-- Previously, we multiply conf.timeout before storing it in etcd. +-- If the timeout is too large, we should not multiply it again. +if not (conf.timeout >= 1000 and conf.timeout % 1000 == 0) then Review Comment: Hi @spacewander May I know why we need to use `multiply` here? 樂 because both our document[1] and code comments (`schema.description`) says it's in `second`. [1] https://apisix.apache.org/docs/apisix/next/plugins/openid-connect -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[apisix-website] branch master updated: docs: add apisix integrates with hydra blog (#1187)
This is an automated email from the ASF dual-hosted git repository. yilinzeng pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix-website.git The following commit(s) were added to refs/heads/master by this push: new 8a143690da5 docs: add apisix integrates with hydra blog (#1187) 8a143690da5 is described below commit 8a143690da51614acb807cd727c56ca554ee6756 Author: HanFei <97138894+hf400...@users.noreply.github.com> AuthorDate: Tue Jul 5 11:18:27 2022 +0800 docs: add apisix integrates with hydra blog (#1187) --- .../2022/07/04/apisix-integrates-with-hydra.md | 290 + .../2022/07/04/apisix-integrates-with-hydra.md | 290 + 2 files changed, 580 insertions(+) diff --git a/website/blog/2022/07/04/apisix-integrates-with-hydra.md b/website/blog/2022/07/04/apisix-integrates-with-hydra.md new file mode 100644 index 000..5cee893eac2 --- /dev/null +++ b/website/blog/2022/07/04/apisix-integrates-with-hydra.md @@ -0,0 +1,290 @@ +--- +title: "APISIX integrates with Ory Hydra" +authors: + - name: "Fei Han" +title: "Technical Writer" +url: "https://github.com/hf400159; +image_url: "https://github.com/hf400159.png; + - name: "Sylvia" +title: "Technical Writer" +url: "https://github.com/SylviaBABY; +image_url: "https://avatars.githubusercontent.com/u/39793568?v=4; +keywords: +- Apache APISIX +- API Gateway +- Authentication +- Hydra +- OpenID Connect +- OIDC +description: This article describes the API gateway Apache APISIX for centralized authentication via the OpenID Connect plugin Hydra integration. +tags: [Authentication] +--- + +> This article describes how Apache APISIX integrates with Ory Hydra to implement centralized authentication. + + + +## Background Information + +### Apache APISIX + +[Apache APISIX](https://github.com/apache/apisix) is an open source cloud native API gateway. As an API gateway, it has the characteristics of dynamic, real-time, and high performance. It provides rich traffic management functions such as load balancing, dynamic upstream, gray-scale publishing, service fusing, identity authentication and observability. You can use APISIX to handle the traditional north-south traffic and the east-west traffic between services. It can also be used as a K8s [...] + +The `openid-connect` plugin of APISIX supports the OpenID Connect protocol. Users can use this plugin to allow Apache APISIX to connect with many authentication service providers and deploy it in enterprises as a centralized authentication gateway. + +### ORY Hydra + +[Ory Hydra](https://github.com/ory/hydra) is one of the identity providers that supports the OAuth 2.0 and OpenID Connect protocols, based on the OAuth 2.0 authorization framework and the Open ID Connect Core 1.0 framework, with both open source and cloud native features. It can be integrated with any login system, and through OAuth 2.0 Access, Refresh, and ID Tokens, third parties can easily access your API, enabling users to interact with any application anytime, anywhere. + +Ory Hydra is written in Go language and provides SDKs for almost all languages, including Dart, .NET, Go, Java, PHP, Python, Ruby, Rust, and Typescript. It works with any login system, and the login experience can be easily customized. + +## Introduction + +OpenID is a centralized authentication mode, and it is a decentralized identity authentication system. The advantage of using OpenID is that users only need to register and log in on one OpenID identity provider's website and use one account and password information to access different applications. + +With the `openid-connect` plugin supported by APISIX, we can integrate with authenticators supporting the OpenID Connect protocol. For example: Ory Hydra. For more information, please refer to: [Centralized Identity Authentication](https://apisix.apache.org/blog/2021/08/25/using-the-apache-apisix-openid-connect-plugin-for-centralized-authentication/#what-is-authentication). + +One of the biggest advantages of Ory Hydra is that it implements the OAuth and OpenID Connect standards instead of forcing you to use "Hydra user management" (login, logout, profile management, registration), a specific template engine, or a predefined front end. + +It allows to use the authentication mechanisms required by your program (token-based 2FA, SMS 2FA, etc.) and implement user management and login in your technology stack. Of course, you can also use existing solutions, such as [authboss](https://github.com/go-authboss/authboss). It gives you all the great features of OAuth 2.0 and OpenID Connect while being minimally intrusive to your business logic and technology stack. + +OAuth 2.0 can be used in many environments for various purposes. The following information may help you decide whether OAuth 2.0 and Hydra are suitable for a certain scenario: + +1. enable third-party solutions to access
[GitHub] [apisix-website] yzeng25 merged pull request #1187: docs: add apisix integrates with hydra blog
yzeng25 merged PR #1187: URL: https://github.com/apache/apisix-website/pull/1187 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[apisix] branch master updated: docs: update openid-connect attributes description and sync CN doc attributes. (#7371)
This is an automated email from the ASF dual-hosted git repository. juzhiyuan pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new 2f7833e07 docs: update openid-connect attributes description and sync CN doc attributes. (#7371) 2f7833e07 is described below commit 2f7833e07479610ed5c8148399c347df85c20b96 Author: HanFei <97138894+hf400...@users.noreply.github.com> AuthorDate: Tue Jul 5 11:09:46 2022 +0800 docs: update openid-connect attributes description and sync CN doc attributes. (#7371) --- docs/en/latest/plugins/openid-connect.md | 47 docs/zh/latest/plugins/openid-connect.md | 45 -- 2 files changed, 48 insertions(+), 44 deletions(-) diff --git a/docs/en/latest/plugins/openid-connect.md b/docs/en/latest/plugins/openid-connect.md index 5b33e5d53..5e3ac02b1 100644 --- a/docs/en/latest/plugins/openid-connect.md +++ b/docs/en/latest/plugins/openid-connect.md @@ -33,29 +33,30 @@ The `openid-connect` Plugin provides authentication and introspection capability ## Attributes -| Name | Type| Required | Default | Valid values | Description | -|--|-|--|---|--|| -| client_id| string | True | | | OAuth client ID. | -| client_secret| string | True | | | OAuth client secret. | -| discovery| string | True | | | Discovery endpoint URL of the identity server. | -| scope| string | False| "openid" | | Scope used for authentication. | -| realm| string | False| "apisix" | | Realm used for authentication. | -| bearer_only | boolean | False| false | | When set to true, the Plugin will check for if the authorization header in the request matches a bearer token. | -| logout_path | string | False| "/logout" | | Path for logging out. | -| post_logout_redirect_uri | string | False| | | URL to redirect to after logging out. | -| redirect_uri | string | False| "ngx.var.request_uri" | | URI to which the identity provider redirects back to. | -| timeout | integer | False| 3 | [1,...] | Request timeout time in seconds. | -| ssl_verify | boolean | False| false | | When set to true, verifies the identity provider's SSL certificates. | -| introspection_endpoint | string | False| | | URL of the token verification endpoint of the identity server. | -| introspection_endpoint_auth_method | string | False| "client_secret_basic" | | Authentication method name for token introspection.| -| public_key | string | False| | | Public key to verify the token. | -| use_jwks | boolean | False| | | When set to true, uses the JWKS endpoint of the identity server to verify the token. | -| token_signing_alg_values_expected| string |
[GitHub] [apisix] juzhiyuan merged pull request #7371: docs: update openid-connect attributes description and sync CN doc attributes.
juzhiyuan merged PR #7371: URL: https://github.com/apache/apisix/pull/7371 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[apisix-website] branch master updated: fix: view docs btn (#1188)
This is an automated email from the ASF dual-hosted git repository.
sylviasu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix-website.git
The following commit(s) were added to refs/heads/master by this push:
new 5c9f55190e3 fix: view docs btn (#1188)
5c9f55190e3 is described below
commit 5c9f55190e330c0e23a169b188d4e5a855fad0f0
Author: Young
AuthorDate: Tue Jul 5 11:08:47 2022 +0800
fix: view docs btn (#1188)
---
website/src/components/ArrowAnim.tsx| 2 +-
website/src/css/home-events.module.scss | 10 ++
2 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/website/src/components/ArrowAnim.tsx
b/website/src/components/ArrowAnim.tsx
index 5469ac479ce..c3e08002641 100644
--- a/website/src/components/ArrowAnim.tsx
+++ b/website/src/components/ArrowAnim.tsx
@@ -11,7 +11,7 @@ const ArrowAnim: FC = () => (
className="btn-docs"
>
- Go to docs...
+ View the docs
diff --git a/website/src/css/home-events.module.scss
b/website/src/css/home-events.module.scss
index 400c7bcd158..c502ccb1990 100644
--- a/website/src/css/home-events.module.scss
+++ b/website/src/css/home-events.module.scss
@@ -1,24 +1,26 @@
@import "./util";
+$transition-duration: 200ms;
+
.arrow {
$size: 25px;
width: $size;
height: $size;
position: relative;
- margin-bottom: 1px;
+ margin-bottom: 0.5px;
svg {
position: absolute;
top: 50%;
left: 50%;
-transform: translate(-50%, -50%);
+transform: translate3d(-50%, -50%, 0);
overflow: visible;
}
polygon,
rect {
-transition: all 250ms;
+transition: all $transition-duration ease-in-out;
}
rect {
@@ -54,7 +56,7 @@
font-size: 0.9rem;
height: 200px;
width: 282px;
- transition: all 0.2s ease-in-out;
+ transition: all $transition-duration ease-in-out;
margin: 0 1rem;
border-radius: 1rem;
border: 1px solid hsl(210deg 26% 28% / 14%);
[GitHub] [apisix] juzhiyuan commented on a diff in pull request #7380: docs: add more architecture description
juzhiyuan commented on code in PR #7380: URL: https://github.com/apache/apisix/pull/7380#discussion_r913344543 ## docs/zh/latest/architecture-design/apisix.md: ## @@ -25,6 +25,14 @@ title: APISIX  +Apache APISIX 是一个动态、实时、高性能的云原生 API 网关。它构建于 NGINX + ngx_lua 的技术基础之上,充分利用了 LuaJIT 所提供的强大性能。 Review Comment: How about linking to https://apisix.apache.org/blog/2021/08/25/why-apache-apisix-chose-nginx-and-lua? ## docs/zh/latest/architecture-design/apisix.md: ## @@ -25,6 +25,14 @@ title: APISIX  +Apache APISIX 是一个动态、实时、高性能的云原生 API 网关。它构建于 NGINX + ngx_lua 的技术基础之上,充分利用了 LuaJIT 所提供的强大性能。 + +APISIX 主要分为两个部分,其一是 APISIX 核心,包括 Lua 插件、多语言插件运行时、Wasm 插件运行时等;其二是功能丰富的各种内置插件,包括可观测性、安全、流量控制等。 Review Comment: ```suggestion APISIX 主要分为两个部分: 1. APISIX 核心:包括 Lua 插件、多语言插件运行时(Plugin Runner)、Wasm 插件运行时等; 2. 功能丰富的各种内置插件:包括可观测性、安全、流量控制等插件。 ``` ## docs/zh/latest/architecture-design/apisix.md: ## @@ -25,6 +25,14 @@ title: APISIX  +Apache APISIX 是一个动态、实时、高性能的云原生 API 网关。它构建于 NGINX + ngx_lua 的技术基础之上,充分利用了 LuaJIT 所提供的强大性能。 + +APISIX 主要分为两个部分,其一是 APISIX 核心,包括 Lua 插件、多语言插件运行时、Wasm 插件运行时等;其二是功能丰富的各种内置插件,包括可观测性、安全、流量控制等。 + +APISIX 在其核心中,提供了路由匹配、负载均衡、服务发现、管理 API 等重要功能,以及配置管理等基础性模块。除此之外,APISIX 插件运行时也包含其中,提供原生 Lua 插件的运行框架和多语言插件的运行框架,以及实验性的 Wasm 插件运行时等。APISIX 多语言插件运行时提供多种开发语言的支持,比如 Golang、Java、Python、JS 等。 + +APISIX 目前也内置了各类插件,覆盖了 API 网关的各种领域,如认证鉴权、安全、可观测性、流量管理、多协议接入等。当前 APISIX 内置的插件使用原生 Lua 实现,关于各个插件的介绍与使用方式,可以查看相关插件的文档。 Review Comment: ```suggestion APISIX 目前也内置了各类插件,覆盖了 API 网关的各种领域,如认证鉴权、安全、可观测性、流量管理、多协议接入等。当前 APISIX 内置的插件使用原生 Lua 实现,关于各个插件的介绍与使用方式,可以查看相关[插件文档](https://apisix.apache.org/docs/apisix/plugins/batch-requests)。 ``` ## docs/zh/latest/architecture-design/apisix.md: ## @@ -25,6 +25,14 @@ title: APISIX  +Apache APISIX 是一个动态、实时、高性能的云原生 API 网关。它构建于 NGINX + ngx_lua 的技术基础之上,充分利用了 LuaJIT 所提供的强大性能。 + +APISIX 主要分为两个部分,其一是 APISIX 核心,包括 Lua 插件、多语言插件运行时、Wasm 插件运行时等;其二是功能丰富的各种内置插件,包括可观测性、安全、流量控制等。 + +APISIX 在其核心中,提供了路由匹配、负载均衡、服务发现、管理 API 等重要功能,以及配置管理等基础性模块。除此之外,APISIX 插件运行时也包含其中,提供原生 Lua 插件的运行框架和多语言插件的运行框架,以及实验性的 Wasm 插件运行时等。APISIX 多语言插件运行时提供多种开发语言的支持,比如 Golang、Java、Python、JS 等。 Review Comment: ```suggestion APISIX 在其核心中,提供了路由匹配、负载均衡、服务发现、API 管理等重要功能,以及配置管理等基础性模块。除此之外,APISIX 插件运行时也包含其中,提供原生 Lua 插件的运行框架和多语言插件的运行框架,以及实验性的 Wasm 插件运行时等。APISIX 多语言插件运行时提供多种开发语言的支持,比如 Golang、Java、Python、JS 等。 ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-website] SylviaBABY merged pull request #1188: fix: view docs btn
SylviaBABY merged PR #1188: URL: https://github.com/apache/apisix-website/pull/1188 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[apisix] branch master updated: fix(make): make reload doesn't call apisix reload (#7383)
This is an automated email from the ASF dual-hosted git repository. spacewander pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/apisix.git The following commit(s) were added to refs/heads/master by this push: new b8faf0b4b fix(make): make reload doesn't call apisix reload (#7383) b8faf0b4b is described below commit b8faf0b4b97ceab608243233b371d1044702d687 Author: 罗泽轩 AuthorDate: Tue Jul 5 11:06:55 2022 +0800 fix(make): make reload doesn't call apisix reload (#7383) Signed-off-by: spacewander --- Makefile | 2 +- t/cli/test_makefile.sh | 40 2 files changed, 41 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 6c82a6a94..5a575d340 100644 --- a/Makefile +++ b/Makefile @@ -243,7 +243,7 @@ clean: .PHONY: reload reload: runtime @$(call func_echo_status, "$@ -> [ Start ]") - $(ENV_NGINX) -s reload + $(ENV_APISIX) reload @$(call func_echo_success_status, "$@ -> [ Done ]") diff --git a/t/cli/test_makefile.sh b/t/cli/test_makefile.sh new file mode 100755 index 0..5b1ecd712 --- /dev/null +++ b/t/cli/test_makefile.sh @@ -0,0 +1,40 @@ +#!/usr/bin/env bash + +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +. ./t/cli/common.sh + +make run + +echo " +apisix: + enable_admin: true + admin_listen: +ip: 127.0.0.2 +port: 9181 +" > conf/config.yaml + +make reload +make stop + +if ! grep "listen 127.0.0.2:9181;" conf/nginx.conf > /dev/null; then +echo "failed: regenerate nginx conf in 'make reload'" +exit 1 +fi + +echo "passed: regenerate nginx conf in 'make reload'"
[GitHub] [apisix] spacewander merged pull request #7383: fix(make): make reload doesn't call apisix reload
spacewander merged PR #7383: URL: https://github.com/apache/apisix/pull/7383 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] spacewander closed issue #7376: bug: "make reload" doesn't regenerate /logs/nginx.conf
spacewander closed issue #7376: bug: "make reload" doesn't regenerate /logs/nginx.conf URL: https://github.com/apache/apisix/issues/7376 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-docker] wennuanwk commented on issue #325: apache/apisix:2.14.1 pod status: Restarting
wennuanwk commented on issue #325: URL: https://github.com/apache/apisix-docker/issues/325#issuecomment-1174541954 > > chmod -R 777 example/ > > why need this? and can you try to use `755`? 不行 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-docker] tzssangglass commented on issue #325: apache/apisix:2.14.1 pod status: Restarting
tzssangglass commented on issue #325: URL: https://github.com/apache/apisix-docker/issues/325#issuecomment-1174538715 > chmod -R 777 example/ why need this? and can you try to use `755`? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-website] yzeng25 commented on a diff in pull request #1187: docs: add apisix integrates with hydra blog
yzeng25 commented on code in PR #1187: URL: https://github.com/apache/apisix-website/pull/1187#discussion_r913332541 ## website/i18n/zh/docusaurus-plugin-content-blog/2022/07/04/apisix-integrates-with-hydra.md: ## @@ -0,0 +1,286 @@ +--- +title: "APISIX 如何与 Ory Hydra 集成" +authors: + - name: "Fei Han" +title: "Technical Writer" +url: "https://github.com/hf400159; +image_url: "https://github.com/hf400159.png; +keywords: +- Apache APISIX +- API Gateway +- 身份认证 +- Hydra +- Openid Connect +- OIDC +description: 本文介绍了 API 网关 Apache APISIX 通过 OpenID Connect 插件 与 Ory Hydra 集成实现集中式身份认证。 +tags: [Authentication] +--- + +> 本文介绍了 Apache APISIX 如何与 Ory Hydra 集成实现集中式身份认证。 + + + +## 背景介绍 + +### Apache APISIX + +[Apache APISIX](https://github.com/apache/apisix) 是一个开源的云原生 API 网关,作为 API 网关,它兼具动态、实时、高性能等特点,提供了负载均衡、动态上游、灰度发布、服务熔断、身份认证、可观测性等丰富的流量管理功能。你可以使用 APISIX 来处理传统的南北向流量,以及服务间的东西向流量,也可以当做 K8s Ingress controller 来使用。 + +APISIX 的 `openid-connect` 插件支持 OpenID Connect 协议,用户可以使用该插件让 APISIX 对接众多认证鉴权软件,作为集中式认证网关部署于企业中。 + +### ORY Hydra + +[Ory Hydra](https://github.com/ory/hydra) 是支持 OAuth 2.0 和 OpenID Connect 协议的身份提供商之一,基于 OAuth 2.0 授权框架以及 Open ID Connect Core 1.0 框架实现,兼具开源与云原生特性。它可以与任何登录系统集成,通过 OAuth 2.0 Acces、Refresh 和 ID Tokens,使得第三方能够轻松访问你的 API,实现用户随时随地与任何应用程序的交互。 + +Ory Hydra 采用 Go 语言开发,为几乎所有开发语言都提供了 SDK,包括 Dart、.NET、Go、Java、PHP、Python、Ruby、Rust 和 Typescript。它适用于任何登录系统,并且可以轻松自定义登录体验。 + +## 简介 + +OpenID 是一种集中认证模式,它是一个去中心化的身份认证系统。使用 OpenID 的好处是:用户只需要在一个 OpenID 身份提供方的网站上注册和登录,使用一份账户密码信息即可访问不同应用。 + +通过 APISIX 支持的 `openid-connect` 插件,我们可以与支持 OpenID Connect 协议的认证程序集成。比如:[Ory Hydra]。更多信息请参考:[集中身份认证](https://apisix.apache.org/zh/blog/2021/08/25/using-the-apache-apisix-openid-connect-plugin-for-centralized-authentication/#%E4%BB%80%E4%B9%88%E6%98%AF%E8%BA%AB%E4%BB%BD%E8%AE%A4%E8%AF%81)。 + +Ory Hydra 的最大优势之一是:它实现了 OAuth 和 OpenID Connect 标准,而不是强制你使用 “Hydra 用户管理”(登录、注销、配置文件管理、注册)、特定模板引擎或者预定义的前端。 + +它允许使用你的程序所需的身份验证机制(基于令牌的 2FA、SMS 2FA 等),并且在你的业务系统中实现用户管理和登录。当然你也可以使用现有的解决方案,例如 [authboss](https://github.com/go-authboss/authboss),并为你提供 OAuth 2.0 和 OpenID Connect 的所有优势功能,同时对业务逻辑和技术栈的侵入性最小。 + +OAuth 2.0 适用于多种环境和多用途场景。以下信息可能会帮助你确定 OAuth 2.0 和 Hydra 是否适合某个场景: + +1. 允许第三方的合作方访问你的 API。 +2. 成为像 Google、Facebook 或 Microsoft 这样的身份认证提供者。 +3. 使浏览器、移动设备或可穿戴应用程序能够访问你的 API:运行 OAuth2 提供程序可以很好地实现这一点。你不必在设备上存储密码,并且可以随时撤销访问令牌。 +4. 想要限制后端服务可以相互读取的信息类型。例如,只允许评论服务获取用户配置文件更新,但不能读取用户密码。 + +## 操作步骤 + +接下来,将使用真实示例为你展示 APISIX 如何与 Hydra 集成。在该示例中将使用 Docker 部署所需的环境,请在执行本操作前安装完成 [Docker](https://docs.docker.com/engine/install/)。 + +### 步骤一:创建并部署数据库 + +为了快速部署测试环境,我们将使用 Docker 运行 PostgreSQL 作为 Hydra 的数据库。建议不要在生产环境使用 Docker 运行数据库。 + +```shell +docker network create hydraguide && \ +docker run \ + --network hydraguide \ + --name ory-hydra-example--postgres \ + -e POSTGRES_USER=hydra \ + -e POSTGRES_PASSWORD=secret \ + -e POSTGRES_DB=hydra \ + -d postgres:9.6 +``` + +上述命令将创建一个名称为 `hydraguide` 的网络,并且启动一个名称为 `ory-hydra-example--postgres` 的 Postgres 实例,该实例创建了数据库 `hydra`,用户 `hydra` 和用户密码 `secret`。 + +### 步骤二:部署 Hydra + +该步骤中将会把 `` 映射到 `5444` 和 `4445` 映射到 `5445` 端口,请确保这些端口未被占用。 + +1. 系统密钥只能针对新数据库设置,不支持密钥轮换。 此密钥用于加密数据库,每次进程(重新)启动时都需要设置为相同的值。 你可以使用 /dev/urandom 生成密钥。但请确保在你定义它的时候,该密钥都必须相同。例如,你可以将值存储在某处: + +```shell +export SECRETS_SYSTEM=$(export LC_CTYPE=C; cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1) +``` + +通过配置环境变量,设置 Hydra 的数据库 URL 指向 Postgres 实例。 + +```shell +export DSN=postgres://hydra:secret@ory-hydra-example--postgres:5432/hydra?sslmode=disable +``` + +2. Ory Hydra 没有自动迁移数据库,因此你需要手动执行迁移数据库的操作。 + +```shell +docker pull oryd/hydra:v1.10.6 && \ +docker run -it --rm \ + --network hydraguide \ + oryd/hydra:v1.10.6 \ + migrate sql --yes $DSN +``` + +3. 通过以下命令运行 Hydra 服务器。更多信息,请参考 [deploy-ory-hydra](https://www.ory.sh/docs/hydra/configure-deploy#deploy-ory-hydra)。 + +```shell +docker run -d \ + --name ory-hydra-example--hydra \ + --network hydraguide \ + -p 5444: \ + -p 5445:4445 \ + -e SECRETS_SYSTEM=$SECRETS_SYSTEM \ + -e DSN=$DSN \ + -e URLS_SELF_ISSUER=https://localhost:5444/ \ + -e URLS_CONSENT=http://localhost:9020/consent \ + -e URLS_LOGIN=http://localhost:9020/login \ + oryd/hydra:v1.10.6 serve all +``` + +你可以使用如下命令查看 Hydra 的日志: + +```shell +docker logs ory-hydra-example--hydra +``` + +:::note + +如果未指定 Hydra 的密码,你可以在日志中查到密码信息。如果忘记密码将无法重新启动 Hydra。 + +::: + +你也可以使用以下命令查看 Hydra 相关介绍及操作命令。 + +```shell +docker run -it --rm --entrypoint hydra oryd/hydra:v1.10.6 help serve +``` + +### 步骤三:部署登录和验证程序 + +Login Provider 和 Consent Provider 可以是两个独立的 Web 服务。 Hydra 提供了示例程序,它在一个应用程序中结合了这两个功能。 接下来。我们将使用 Docker 部署该应用程序。 + +```shell +docker pull oryd/hydra-login-consent-node:v1.10.6 && \ +docker run -d \ + --name ory-hydra-example--consent \ + -p 9020:3000 \ + --network hydraguide \ + -e HYDRA_ADMIN_URL=https://ory-hydra-example--hydra:4445 \ + -e NODE_TLS_REJECT_UNAUTHORIZED=0 \ + oryd/hydra-login-consent-node:v1.10.6 +``` + +你可以使用以下命令检查程序是否运行正常: + +```shell +docker logs
[GitHub] [apisix] jujiale commented on issue #7375: bug: limit-count plugin,"group" peoperty result in 404 code
jujiale commented on issue #7375: URL: https://github.com/apache/apisix/issues/7375#issuecomment-1174529389 @soulbird we use apisix-dashboard config the plugin, when I enable the plugin, the "disable:false" always be added -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] jujiale commented on issue #7375: bug: limit-count plugin,"group" peoperty result in 404 code
jujiale commented on issue #7375: URL: https://github.com/apache/apisix/issues/7375#issuecomment-1174528271 > first -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] jujiale closed issue #7375: bug: limit-count plugin,"group" peoperty result in 404 code
jujiale closed issue #7375: bug: limit-count plugin,"group" peoperty result in 404 code URL: https://github.com/apache/apisix/issues/7375 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-website] netlify[bot] commented on pull request #1188: fix: view docs btn
netlify[bot] commented on PR #1188: URL: https://github.com/apache/apisix-website/pull/1188#issuecomment-1174527961 ### Deploy Preview for *apache-apisix* processing. | Name | Link | |-|| | Latest commit | bc94354ee3ee3e8d918fe74b5f1055e11d706dcd | | Latest deploy log | https://app.netlify.com/sites/apache-apisix/deploys/62c39ed348237e000865a8e6 | -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-website] SkyeYoung opened a new pull request, #1188: fix: view docs btn
SkyeYoung opened a new pull request, #1188: URL: https://github.com/apache/apisix-website/pull/1188 Fixes: #[Add issue number here] Changes: Screenshots of the change: https://user-images.githubusercontent.com/48400568/177236251-e78c6a24-3fdb-42bc-9264-077a12c80221.png;> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] soulbird commented on issue #7375: bug: limit-count plugin,"group" peoperty result in 404 code
soulbird commented on issue #7375: URL: https://github.com/apache/apisix/issues/7375#issuecomment-1174527552 You can circumvent this problem by removing the `disable` field in the plugin first. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] bzp2010 commented on a diff in pull request #7380: docs: add more architecture description
bzp2010 commented on code in PR #7380: URL: https://github.com/apache/apisix/pull/7380#discussion_r91452 ## docs/zh/latest/architecture-design/apisix.md: ## @@ -25,6 +25,14 @@ title: APISIX  +Apache APISIX 是一个动态、实时、高性能的云原生 API 网关。它构建于 Nginx + ngx_lua 的技术基础之上,充分利用了 luajit 所提供的强大性能。 Review Comment: updated -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] bzp2010 commented on a diff in pull request #7380: docs: add more architecture description
bzp2010 commented on code in PR #7380: URL: https://github.com/apache/apisix/pull/7380#discussion_r91379 ## docs/en/latest/architecture-design/apisix.md: ## @@ -25,6 +25,14 @@ title: APISIX  +Apache APISIX is a dynamic, real-time, high-performance cloud-native API gateway. It is built on top of Nginx + ngx_lua technology and leverages the power offered by luajit. + +APISIX is divided into two main parts, one is the APISIX core, including Lua plugin runtime, multi-language plugin runtime, WASM plug-in runtime, etc.; the other is a variety of feature-rich built-in plugins, including observability, security, traffic control, etc. Review Comment: updated ## docs/en/latest/architecture-design/apisix.md: ## @@ -25,6 +25,14 @@ title: APISIX  +Apache APISIX is a dynamic, real-time, high-performance cloud-native API gateway. It is built on top of Nginx + ngx_lua technology and leverages the power offered by luajit. Review Comment: updated ## docs/zh/latest/architecture-design/apisix.md: ## @@ -25,6 +25,14 @@ title: APISIX  +Apache APISIX 是一个动态、实时、高性能的云原生 API 网关。它构建于 Nginx + ngx_lua 的技术基础之上,充分利用了 luajit 所提供的强大性能。 + +APISIX 主要分为两个部分,其一是 APISIX 核心,包括 Lua 插件、多语言插件运行时、WASM 插件运行时等;其二是功能丰富的各种内置插件,包括可观测性、安全、流量控制等。 + +在 APISIX 核心中,提供了路由匹配、负载均衡、服务发现、管理 API 等重要功能,以及配置管理等的基础性模块。除此之外,APISIX 插件运行时也包含其中,提供原生 Lua 插件的运行框架、多语言插件的运行框架、实验性的 WASM 插件运行时等。APISIX 多语言插件运行时提供多种不同的其他语言的支持,比如 Golang、Java、Python、JS 等。 + +APISIX 也内置了各类插件,覆盖了 API 网关的各种领域,如认证鉴权、安全、可观测性、流量管理、多协议接入等。当前 APISIX 内置的插件使用原生 Lua 实现,关于它们的介绍与使用方式,可以查看它们的插件文档。 Review Comment: updated ## docs/zh/latest/architecture-design/apisix.md: ## @@ -25,6 +25,14 @@ title: APISIX  +Apache APISIX 是一个动态、实时、高性能的云原生 API 网关。它构建于 Nginx + ngx_lua 的技术基础之上,充分利用了 luajit 所提供的强大性能。 + +APISIX 主要分为两个部分,其一是 APISIX 核心,包括 Lua 插件、多语言插件运行时、WASM 插件运行时等;其二是功能丰富的各种内置插件,包括可观测性、安全、流量控制等。 + +在 APISIX 核心中,提供了路由匹配、负载均衡、服务发现、管理 API 等重要功能,以及配置管理等的基础性模块。除此之外,APISIX 插件运行时也包含其中,提供原生 Lua 插件的运行框架、多语言插件的运行框架、实验性的 WASM 插件运行时等。APISIX 多语言插件运行时提供多种不同的其他语言的支持,比如 Golang、Java、Python、JS 等。 Review Comment: updated -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] bzp2010 commented on a diff in pull request #7380: docs: add more architecture description
bzp2010 commented on code in PR #7380: URL: https://github.com/apache/apisix/pull/7380#discussion_r913331212 ## docs/zh/latest/architecture-design/apisix.md: ## @@ -25,6 +25,14 @@ title: APISIX  +Apache APISIX 是一个动态、实时、高性能的云原生 API 网关。它构建于 Nginx + ngx_lua 的技术基础之上,充分利用了 luajit 所提供的强大性能。 + +APISIX 主要分为两个部分,其一是 APISIX 核心,包括 Lua 插件、多语言插件运行时、WASM 插件运行时等;其二是功能丰富的各种内置插件,包括可观测性、安全、流量控制等。 Review Comment: This corresponds to the `APISIX Core` in the architecture diagram.  -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] soulbird commented on issue #7375: bug: limit-count plugin,"group" peoperty result in 404 code
soulbird commented on issue #7375: URL: https://github.com/apache/apisix/issues/7375#issuecomment-1174521880 Looks like a bug -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] spacewander commented on issue #7376: bug: "make reload" doesn't regenerate /logs/nginx.conf
spacewander commented on issue #7376: URL: https://github.com/apache/apisix/issues/7376#issuecomment-1174521203 The `make reload` doesn't do the same as `apisix reload`. I just submitted a PR to fix it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] tzssangglass commented on a diff in pull request #7348: docs(MAINTAIN): additional information about the release of the LTS …
tzssangglass commented on code in PR #7348:
URL: https://github.com/apache/apisix/pull/7348#discussion_r913329146
##
MAINTAIN.md:
##
@@ -38,15 +37,15 @@ via `VERSION=x.y.z make release-src`
11. Update APISIX rpm package
> Go to [apisix-build-tools](https://github.com/api7/apisix-build-tools)
repository and create a new tag named `apisix-${x.y.z}` to automatically submit
the
package to yum repo
-12. First, update [APISIX
docker](https://github.com/apache/apisix-docker/commit/829d45559c303bea7edde5bebe9fcf4938071601)
in [APISIX docker repository](https://github.com/apache/apisix-docker), after
PR merged, then create a new branch from master, named as
`release/apisix-${version}`, e.g. `release/apisix-2.10.2`
+12. - If the version number is the largest, update [APISIX
docker](https://github.com/apache/apisix-docker/commit/829d45559c303bea7edde5bebe9fcf4938071601)
in [APISIX docker repository](https://github.com/apache/apisix-docker), after
PR merged, then create a new branch from master, named as
`release/apisix-${version}`, e.g. `release/apisix-2.10.2`.
Review Comment:
ping @tokers @moonming
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [apisix] caozhi6655 commented on issue #7298: help request: grpc request proxy http code must be 599 when request not success
caozhi6655 commented on issue #7298: URL: https://github.com/apache/apisix/issues/7298#issuecomment-1174519410 @tokers Did this reappeared in your code? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] tzssangglass commented on issue #5837: request: Expect monitoring metrics to add monitoring of nginx shared memory usage
tzssangglass commented on issue #5837: URL: https://github.com/apache/apisix/issues/5837#issuecomment-1174519045 > Can you tell me which plugin I can modify to get information of `ngx.shared.DICT` regularly and report it? prometheus? yes, prometheus. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-java-plugin-runner] tzssangglass commented on issue #159: 插件获取配置的值偶尔报数组越界异常
tzssangglass commented on issue #159: URL: https://github.com/apache/apisix-java-plugin-runner/issues/159#issuecomment-1174518567 > 0.1.0 pls use 0.2.0 to test -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] caozhi6655 commented on issue #7363: help request: real-ip plugin can't support for grpc proxy
caozhi6655 commented on issue #7363: URL: https://github.com/apache/apisix/issues/7363#issuecomment-1174518062 > Consider solved. Feel free to reopen it if needed. But the real-ip plugin still can't support for grpc。It can solve the problem in another way,and i think designing a unified way to solve more protocols like grpc、http2 and so on is a better way like @tokens said。I hope it can be implement quickly。 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] sczyh30 commented on issue #7381: feat: Add integration with OpenSergo, a cloud-native service governance specification
sczyh30 commented on issue #7381: URL: https://github.com/apache/apisix/issues/7381#issuecomment-1174516157 > Hi @panxiaojun233 , thanks for the sharing. Just one thing I don't see from the description, where is the `fallbackAction`? Hi, an example of the `fallbackAction` can be found [here](https://github.com/opensergo/opensergo-specification/blob/main/specification/zh-Hans/fault-tolerance.md#容错治理规则示例). The community is still working on the spec definition. Discussions are welcomed. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] hf400159 commented on a diff in pull request #7380: docs: add more architecture description
hf400159 commented on code in PR #7380: URL: https://github.com/apache/apisix/pull/7380#discussion_r913325878 ## docs/en/latest/architecture-design/apisix.md: ## @@ -25,6 +25,14 @@ title: APISIX  +Apache APISIX is a dynamic, real-time, high-performance cloud-native API gateway. It is built on top of Nginx + ngx_lua technology and leverages the power offered by luajit. Review Comment: ```suggestion Apache APISIX is a dynamic, real-time, high-performance cloud-native API gateway. It is built on top of Nginx + ngx_lua technology and leverages the power offered by LuaJIT. ``` ## docs/en/latest/architecture-design/apisix.md: ## @@ -25,6 +25,14 @@ title: APISIX  +Apache APISIX is a dynamic, real-time, high-performance cloud-native API gateway. It is built on top of Nginx + ngx_lua technology and leverages the power offered by luajit. + +APISIX is divided into two main parts, one is the APISIX core, including Lua plugin runtime, multi-language plugin runtime, WASM plug-in runtime, etc.; the other is a variety of feature-rich built-in plugins, including observability, security, traffic control, etc. Review Comment: ```suggestion APISIX is divided into two main parts, one is the APISIX core, including Lua plugin runtime, multi-language plugin runtime, Wasm plugin runtime, etc.; the other is a variety of feature-rich built-in plugins, including observability, security, traffic control, etc. ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] hf400159 commented on a diff in pull request #7380: docs: add more architecture description
hf400159 commented on code in PR #7380: URL: https://github.com/apache/apisix/pull/7380#discussion_r913324148 ## docs/zh/latest/architecture-design/apisix.md: ## @@ -25,6 +25,14 @@ title: APISIX  +Apache APISIX 是一个动态、实时、高性能的云原生 API 网关。它构建于 Nginx + ngx_lua 的技术基础之上,充分利用了 luajit 所提供的强大性能。 + +APISIX 主要分为两个部分,其一是 APISIX 核心,包括 Lua 插件、多语言插件运行时、WASM 插件运行时等;其二是功能丰富的各种内置插件,包括可观测性、安全、流量控制等。 + +在 APISIX 核心中,提供了路由匹配、负载均衡、服务发现、管理 API 等重要功能,以及配置管理等的基础性模块。除此之外,APISIX 插件运行时也包含其中,提供原生 Lua 插件的运行框架、多语言插件的运行框架、实验性的 WASM 插件运行时等。APISIX 多语言插件运行时提供多种不同的其他语言的支持,比如 Golang、Java、Python、JS 等。 + +APISIX 也内置了各类插件,覆盖了 API 网关的各种领域,如认证鉴权、安全、可观测性、流量管理、多协议接入等。当前 APISIX 内置的插件使用原生 Lua 实现,关于它们的介绍与使用方式,可以查看它们的插件文档。 Review Comment: ```suggestion APISIX 目前也内置了各类插件,覆盖了 API 网关的各种领域,如认证鉴权、安全、可观测性、流量管理、多协议接入等。APISIX 内置的插件使用原生 Lua 实现,关于各个插件的介绍与使用方式,请查看相关插件的文档。 ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] hf400159 commented on a diff in pull request #7380: docs: add more architecture description
hf400159 commented on code in PR #7380: URL: https://github.com/apache/apisix/pull/7380#discussion_r913321732 ## docs/zh/latest/architecture-design/apisix.md: ## @@ -25,6 +25,14 @@ title: APISIX  +Apache APISIX 是一个动态、实时、高性能的云原生 API 网关。它构建于 Nginx + ngx_lua 的技术基础之上,充分利用了 luajit 所提供的强大性能。 Review Comment: ```suggestion Apache APISIX 是一个动态、实时、高性能的云原生 API 网关。它构建于 NGINX + ngx_lua 的技术基础之上,充分利用了 LuaJIT 所提供的强大性能。 ``` ## docs/zh/latest/architecture-design/apisix.md: ## @@ -25,6 +25,14 @@ title: APISIX  +Apache APISIX 是一个动态、实时、高性能的云原生 API 网关。它构建于 Nginx + ngx_lua 的技术基础之上,充分利用了 luajit 所提供的强大性能。 + +APISIX 主要分为两个部分,其一是 APISIX 核心,包括 Lua 插件、多语言插件运行时、WASM 插件运行时等;其二是功能丰富的各种内置插件,包括可观测性、安全、流量控制等。 + +在 APISIX 核心中,提供了路由匹配、负载均衡、服务发现、管理 API 等重要功能,以及配置管理等的基础性模块。除此之外,APISIX 插件运行时也包含其中,提供原生 Lua 插件的运行框架、多语言插件的运行框架、实验性的 WASM 插件运行时等。APISIX 多语言插件运行时提供多种不同的其他语言的支持,比如 Golang、Java、Python、JS 等。 + +APISIX 也内置了各类插件,覆盖了 API 网关的各种领域,如认证鉴权、安全、可观测性、流量管理、多协议接入等。当前 APISIX 内置的插件使用原生 Lua 实现,关于它们的介绍与使用方式,可以查看它们的插件文档。 Review Comment: ```suggestion APISIX 目前也内置了各类插件,覆盖了 API 网关的各种领域,如认证鉴权、安全、可观测性、流量管理、多协议接入等。APISIX 内置的插件使用原生 Lua 实现,关于各个插件的介绍与使用方式,可以查看相关插件的文档。 ``` ## docs/zh/latest/architecture-design/apisix.md: ## @@ -25,6 +25,14 @@ title: APISIX  +Apache APISIX 是一个动态、实时、高性能的云原生 API 网关。它构建于 Nginx + ngx_lua 的技术基础之上,充分利用了 luajit 所提供的强大性能。 + +APISIX 主要分为两个部分,其一是 APISIX 核心,包括 Lua 插件、多语言插件运行时、WASM 插件运行时等;其二是功能丰富的各种内置插件,包括可观测性、安全、流量控制等。 Review Comment: ```suggestion APISIX 主要分为两个部分,其一是 APISIX 核心功能,包括 Lua 插件、多语言插件运行时、Wasm 插件运行时等;其二是功能丰富的各种内置插件,包括可观测性、安全、流量控制等。 ``` ## docs/zh/latest/architecture-design/apisix.md: ## @@ -25,6 +25,14 @@ title: APISIX  +Apache APISIX 是一个动态、实时、高性能的云原生 API 网关。它构建于 Nginx + ngx_lua 的技术基础之上,充分利用了 luajit 所提供的强大性能。 + +APISIX 主要分为两个部分,其一是 APISIX 核心,包括 Lua 插件、多语言插件运行时、WASM 插件运行时等;其二是功能丰富的各种内置插件,包括可观测性、安全、流量控制等。 + +在 APISIX 核心中,提供了路由匹配、负载均衡、服务发现、管理 API 等重要功能,以及配置管理等的基础性模块。除此之外,APISIX 插件运行时也包含其中,提供原生 Lua 插件的运行框架、多语言插件的运行框架、实验性的 WASM 插件运行时等。APISIX 多语言插件运行时提供多种不同的其他语言的支持,比如 Golang、Java、Python、JS 等。 Review Comment: ```suggestion APISIX 在其核心功能中提供了路由匹配、负载均衡、服务发现、管理 API 等重要特性,以及配置管理等基础性模块。除此之外,APISIX 插件运行时也包含其中,提供了原生 Lua 插件和多语言插件的运行框架,以及实验性的 Wasm 插件运行时等。APISIX 多语言插件运行时提供多种开发语言的支持,比如 Golang、Java、Python、JS 等。 ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] spacewander opened a new pull request, #7383: fix(make): make reload doesn't call apisix reload
spacewander opened a new pull request, #7383: URL: https://github.com/apache/apisix/pull/7383 Signed-off-by: spacewander ### Description Fixes #7376 ### Checklist - [x] I have explained the need for this PR and the problem it solves - [ ] I have explained the changes or the new features added to this PR - [x] I have added tests corresponding to this change - [ ] I have updated the documentation to reflect this change - [ ] I have verified that this change is backward compatible (If not, please discuss on the [APISIX mailing list](https://github.com/apache/apisix/tree/master#community) first) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-docker] wennuanwk commented on issue #325: apache/apisix:2.14.1 pod status: Restarting
wennuanwk commented on issue #325: URL: https://github.com/apache/apisix-docker/issues/325#issuecomment-1174509411 > @wennuanwk请提供有关安装的一些详细信息。 `# 上传本地文件到虚拟机 put C:\Soft\code\apisix-docker.zip /opt # 解压 unzip apisix-docker.zip # 进入目录 cd apisix-docker # 修改权限 chmod -R 777 example/ # 进入example目录下 cd example # 启动docker容器脚本 docker-compose -p docker-apisix up -d` 查看镜像就出现如下: - `8b178d11321aapache/apisix:2.14.1-alpine "sh -c '/usr/bin/a..." 18 hours agoRestarting (1) 5 minutes ago docker-apisix_apisix_1 - 09020fabba14grafana/grafana:7.3.7 "/run.sh" 23 hours agoUp 21 minutes 0.0.0.0:3000->3000/tcp docker-apisix_grafana_1 - 2ad240142e0bnginx:1.19.0-alpine "/docker-entrypoin..." 23 hours agoUp 21 minutes 0.0.0.0:9081->80/tcp docker-apisix_web1_1 - 38bad775b4faapache/apisix-dashboard:2.13-alpine "/usr/local/apisix..." 23 hours agoUp 21 minutes 0.0.0.0:9000->9000/tcp docker-apisix_apisix-dashboard_1 - fb304a877e70bitnami/etcd:3.4.15 "/opt/bitnami/scri..." 23 hours agoUp 21 minutes 0.0.0.0:2379->2379/tcp, 2380/tcp docker-apisix_etcd_1 - a76abce4322eprom/prometheus:v2.25.0 "/bin/prometheus -..." 23 hours agoUp 21 minutes 0.0.0.0:9090->9090/tcp docker-apisix_prometheus_1 - 5f66f02f310anginx:1.19.0-alpine "/docker-entrypoin..." 23 hours agoUp 21 minutes 0.0.0.0:9082->80/tcp docker-apisix_web2_1 - b5a93a50d63dredis "docker-entrypoint..." 7 weeks ago Up 21 minutes 0.0.0.0:6379->6379/tcp redis-test ` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-website] SylviaBABY commented on a diff in pull request #1187: docs: add apisix integrates with hydra blog
SylviaBABY commented on code in PR #1187: URL: https://github.com/apache/apisix-website/pull/1187#discussion_r913323171 ## website/blog/2022/07/04/apisix-integrates-with-hydra.md: ## @@ -0,0 +1,286 @@ +--- +title: "APISIX integrates with Ory Hydra" +authors: + - name: "Fei Han" +title: "Technical Writer" +url: "https://github.com/hf400159; +image_url: "https://github.com/hf400159.png; +keywords: +- Apache APISIX +- API Gateway +- Authentication +- Hydra +- Openid connect +- OIDC +description: This article describes the API gateway Apache APISIX for centralized authentication via the OpenID Connect plugin Hydra integration. +tags: [Authentication] +--- + +> This article describes how Apache APISIX integrates with Ory Hydra to implement centralized authentication. + + + +## Background Information + +### Apache APISIX + +[Apache APISIX](https://github.com/apache/apisix) is an open source cloud native API gateway. As an API gateway, it has the characteristics of dynamic, real-time, and high performance. It provides rich traffic management functions such as load balancing, dynamic upstream, gray-scale publishing, service fusing, identity authentication and observability. You can use APISIX to handle the traditional north-south traffic and the east-west traffic between services. It can also be used as a K8s ingress controller. Thanks to the full dynamic design of APISIX, configuration changes can be made at any time without restarting the service. + +The `openid-connect` plugin of APISIX supports the OpenID Connect protocol. Users can use this plugin to allow Apache APISIX to connect with many authentication service providers and deploy it in enterprises as a centralized authentication gateway. + +### ORY Hydra + +[Ory Hydra](https://github.com/ory/hydra) is one of the identity providers that supports the OAuth 2.0 and OpenID Connect protocols, based on the OAuth 2.0 authorization framework and the Open ID Connect Core 1.0 framework, with both open source and cloud native features. It can be integrated with any login system, and through OAuth 2.0 Access, Refresh, and ID Tokens, third parties can easily access your API, enabling users to interact with any application anytime, anywhere. + +Ory Hydra is written in Go language and provides SDKs for almost all languages, including Dart, .NET, Go, Java, PHP, Python, Ruby, Rust, and Typescript. It works with any login system, and the login experience can be easily customized. + +## Introduction + +OpenID is a centralized authentication mode, and it is a decentralized identity authentication system. The advantage of using OpenID is that users only need to register and log in on one OpenID identity provider's website and use one account and password information to access different applications. + +With the `openid-connect` plugin supported by APISIX, we can integrate with authenticators supporting the OpenID Connect protocol. For example: Ory Hydra. For more information, please refer to: [Centralized Identity Authentication](https://apisix.apache.org/blog/2021/08/25/using-the-apache-apisix-openid-connect-plugin-for-centralized-authentication/#what-is-authentication). + +One of the biggest advantages of Ory Hydra is that it implements the OAuth and OpenID Connect standards instead of forcing you to use "Hydra user management" (login, logout, profile management, registration), a specific template engine, or a predefined front end. + +It allows to use the authentication mechanisms required by your program (token-based 2FA, SMS 2FA, etc.) and implement user management and login in your technology stack. Of course, you can also use existing solutions, such as [authboss](https://github.com/go-authboss/authboss). It gives you all the great features of OAuth 2.0 and OpenID Connect while being minimally intrusive to your business logic and technology stack. + +OAuth 2.0 can be used in many environments for various purposes. This list might help you decide if OAuth 2.0 and Hydra are the right fit for a use case: + +1. enable third-party solutions to access your APIs. +2. be an Identity Provider like Google, Facebook, or Microsoft: OpenID Connect, and thus Hydra is a perfect fit. +3. enable your browser, mobile, or wearable applications to access your APIs: Running an OAuth2 Provider can work great for this. You don't have to store passwords on the device and can revoke access tokens at any time. +4. you want to limit what type of information your backend services can read from each other. For example, the comment service should only be allowed to fetch user profile updates but shouldn't be able to read user passwords. + +## Operation steps + +Next, I will show you how APISIX integrates with Hydra using a real example. In this example, Docker will be used to running the required environment. Please install [Docker](https://docs.docker.com/engine/install/) before doing this. + +### Step 1: Create and
[GitHub] [apisix-website] SylviaBABY commented on a diff in pull request #1187: docs: add apisix integrates with hydra blog
SylviaBABY commented on code in PR #1187: URL: https://github.com/apache/apisix-website/pull/1187#discussion_r913322780 ## website/i18n/zh/docusaurus-plugin-content-blog/2022/07/04/apisix-integrates-with-hydra.md: ## @@ -0,0 +1,286 @@ +--- +title: "APISIX 如何与 Ory Hydra 集成" +authors: + - name: "Fei Han" +title: "Technical Writer" +url: "https://github.com/hf400159; +image_url: "https://github.com/hf400159.png; +keywords: +- Apache APISIX +- API Gateway +- 身份认证 +- Hydra +- Openid Connect +- OIDC +description: 本文介绍了 API 网关 Apache APISIX 通过 OpenID Connect 插件 与 Ory Hydra 集成实现集中式身份认证。 +tags: [Authentication] +--- + +> 本文介绍了 Apache APISIX 如何与 Ory Hydra 集成实现集中式身份认证。 + + + +## 背景介绍 + +### Apache APISIX + +[Apache APISIX](https://github.com/apache/apisix) 是一个开源的云原生 API 网关,作为 API 网关,它兼具动态、实时、高性能等特点,提供了负载均衡、动态上游、灰度发布、服务熔断、身份认证、可观测性等丰富的流量管理功能。你可以使用 APISIX 来处理传统的南北向流量,以及服务间的东西向流量,也可以当做 K8s Ingress controller 来使用。 + +APISIX 的 `openid-connect` 插件支持 OpenID Connect 协议,用户可以使用该插件让 APISIX 对接众多认证鉴权软件,作为集中式认证网关部署于企业中。 + +### ORY Hydra + +[Ory Hydra](https://github.com/ory/hydra) 是支持 OAuth 2.0 和 OpenID Connect 协议的身份提供商之一,基于 OAuth 2.0 授权框架以及 Open ID Connect Core 1.0 框架实现,兼具开源与云原生特性。它可以与任何登录系统集成,通过 OAuth 2.0 Acces、Refresh 和 ID Tokens,使得第三方能够轻松访问你的 API,实现用户随时随地与任何应用程序的交互。 + +Ory Hydra 采用 Go 语言开发,为几乎所有开发语言都提供了 SDK,包括 Dart、.NET、Go、Java、PHP、Python、Ruby、Rust 和 Typescript。它适用于任何登录系统,并且可以轻松自定义登录体验。 + +## 简介 + +OpenID 是一种集中认证模式,它是一个去中心化的身份认证系统。使用 OpenID 的好处是:用户只需要在一个 OpenID 身份提供方的网站上注册和登录,使用一份账户密码信息即可访问不同应用。 + +通过 APISIX 支持的 `openid-connect` 插件,我们可以与支持 OpenID Connect 协议的认证程序集成。比如:[Ory Hydra]。更多信息请参考:[集中身份认证](https://apisix.apache.org/zh/blog/2021/08/25/using-the-apache-apisix-openid-connect-plugin-for-centralized-authentication/#%E4%BB%80%E4%B9%88%E6%98%AF%E8%BA%AB%E4%BB%BD%E8%AE%A4%E8%AF%81)。 + +Ory Hydra 的最大优势之一是:它实现了 OAuth 和 OpenID Connect 标准,而不是强制你使用 “Hydra 用户管理”(登录、注销、配置文件管理、注册)、特定模板引擎或者预定义的前端。 + +它允许使用你的程序所需的身份验证机制(基于令牌的 2FA、SMS 2FA 等),并且在你的业务系统中实现用户管理和登录。当然你也可以使用现有的解决方案,例如 [authboss](https://github.com/go-authboss/authboss),并为你提供 OAuth 2.0 和 OpenID Connect 的所有优势功能,同时对业务逻辑和技术栈的侵入性最小。 + +OAuth 2.0 适用于多种环境和多用途场景。以下信息可能会帮助你确定 OAuth 2.0 和 Hydra 是否适合某个场景: + +1. 允许第三方的合作方访问你的 API。 +2. 成为像 Google、Facebook 或 Microsoft 这样的身份认证提供者。 +3. 使浏览器、移动设备或可穿戴应用程序能够访问你的 API:运行 OAuth2 提供程序可以很好地实现这一点。你不必在设备上存储密码,并且可以随时撤销访问令牌。 +4. 想要限制后端服务可以相互读取的信息类型。例如,只允许评论服务获取用户配置文件更新,但不能读取用户密码。 + +## 操作步骤 + +接下来,将使用真实示例为你展示 APISIX 如何与 Hydra 集成。在该示例中将使用 Docker 部署所需的环境,请在执行本操作前安装完成 [Docker](https://docs.docker.com/engine/install/)。 + +### 步骤一:创建并部署数据库 + +为了快速部署测试环境,我们将使用 Docker 运行 PostgreSQL 作为 Hydra 的数据库。建议不要在生产环境使用 Docker 运行数据库。 + +```shell +docker network create hydraguide && \ +docker run \ + --network hydraguide \ + --name ory-hydra-example--postgres \ + -e POSTGRES_USER=hydra \ + -e POSTGRES_PASSWORD=secret \ + -e POSTGRES_DB=hydra \ + -d postgres:9.6 +``` + +上述命令将创建一个名称为 `hydraguide` 的网络,并且启动一个名称为 `ory-hydra-example--postgres` 的 Postgres 实例,该实例创建了数据库 `hydra`,用户 `hydra` 和用户密码 `secret`。 + +### 步骤二:部署 Hydra + +该步骤中将会把 `` 映射到 `5444` 和 `4445` 映射到 `5445` 端口,请确保这些端口未被占用。 + +1. 系统密钥只能针对新数据库设置,不支持密钥轮换。 此密钥用于加密数据库,每次进程(重新)启动时都需要设置为相同的值。 你可以使用 /dev/urandom 生成密钥。但请确保在你定义它的时候,该密钥都必须相同。例如,你可以将值存储在某处: Review Comment: ```suggestion 1. 系统密钥只能针对新数据库设置,不支持密钥轮换。 此密钥用于加密数据库,每次进程(重新)启动时都需要设置为相同的值。 你可以使用 `/dev/urandom` 生成密钥。但请确保在你定义它的时候,该密钥都必须相同。例如,你可以将值存储在某处: ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-website] SylviaBABY commented on a diff in pull request #1187: docs: add apisix integrates with hydra blog
SylviaBABY commented on code in PR #1187: URL: https://github.com/apache/apisix-website/pull/1187#discussion_r913322559 ## website/blog/2022/07/04/apisix-integrates-with-hydra.md: ## @@ -0,0 +1,286 @@ +--- +title: "APISIX integrates with Ory Hydra" +authors: + - name: "Fei Han" +title: "Technical Writer" +url: "https://github.com/hf400159; +image_url: "https://github.com/hf400159.png; +keywords: +- Apache APISIX +- API Gateway +- Authentication +- Hydra +- Openid connect +- OIDC +description: This article describes the API gateway Apache APISIX for centralized authentication via the OpenID Connect plugin Hydra integration. +tags: [Authentication] +--- + +> This article describes how Apache APISIX integrates with Ory Hydra to implement centralized authentication. + + + +## Background Information + +### Apache APISIX + +[Apache APISIX](https://github.com/apache/apisix) is an open source cloud native API gateway. As an API gateway, it has the characteristics of dynamic, real-time, and high performance. It provides rich traffic management functions such as load balancing, dynamic upstream, gray-scale publishing, service fusing, identity authentication and observability. You can use APISIX to handle the traditional north-south traffic and the east-west traffic between services. It can also be used as a K8s ingress controller. Thanks to the full dynamic design of APISIX, configuration changes can be made at any time without restarting the service. + +The `openid-connect` plugin of APISIX supports the OpenID Connect protocol. Users can use this plugin to allow Apache APISIX to connect with many authentication service providers and deploy it in enterprises as a centralized authentication gateway. + +### ORY Hydra + +[Ory Hydra](https://github.com/ory/hydra) is one of the identity providers that supports the OAuth 2.0 and OpenID Connect protocols, based on the OAuth 2.0 authorization framework and the Open ID Connect Core 1.0 framework, with both open source and cloud native features. It can be integrated with any login system, and through OAuth 2.0 Access, Refresh, and ID Tokens, third parties can easily access your API, enabling users to interact with any application anytime, anywhere. + +Ory Hydra is written in Go language and provides SDKs for almost all languages, including Dart, .NET, Go, Java, PHP, Python, Ruby, Rust, and Typescript. It works with any login system, and the login experience can be easily customized. + +## Introduction + +OpenID is a centralized authentication mode, and it is a decentralized identity authentication system. The advantage of using OpenID is that users only need to register and log in on one OpenID identity provider's website and use one account and password information to access different applications. + +With the `openid-connect` plugin supported by APISIX, we can integrate with authenticators supporting the OpenID Connect protocol. For example: Ory Hydra. For more information, please refer to: [Centralized Identity Authentication](https://apisix.apache.org/blog/2021/08/25/using-the-apache-apisix-openid-connect-plugin-for-centralized-authentication/#what-is-authentication). + +One of the biggest advantages of Ory Hydra is that it implements the OAuth and OpenID Connect standards instead of forcing you to use "Hydra user management" (login, logout, profile management, registration), a specific template engine, or a predefined front end. + +It allows to use the authentication mechanisms required by your program (token-based 2FA, SMS 2FA, etc.) and implement user management and login in your technology stack. Of course, you can also use existing solutions, such as [authboss](https://github.com/go-authboss/authboss). It gives you all the great features of OAuth 2.0 and OpenID Connect while being minimally intrusive to your business logic and technology stack. + +OAuth 2.0 can be used in many environments for various purposes. This list might help you decide if OAuth 2.0 and Hydra are the right fit for a use case: + +1. enable third-party solutions to access your APIs. +2. be an Identity Provider like Google, Facebook, or Microsoft: OpenID Connect, and thus Hydra is a perfect fit. +3. enable your browser, mobile, or wearable applications to access your APIs: Running an OAuth2 Provider can work great for this. You don't have to store passwords on the device and can revoke access tokens at any time. +4. you want to limit what type of information your backend services can read from each other. For example, the comment service should only be allowed to fetch user profile updates but shouldn't be able to read user passwords. + +## Operation steps + +Next, I will show you how APISIX integrates with Hydra using a real example. In this example, Docker will be used to running the required environment. Please install [Docker](https://docs.docker.com/engine/install/) before doing this. + +### Step 1: Create and
[GitHub] [apisix-website] SylviaBABY commented on a diff in pull request #1187: docs: add apisix integrates with hydra blog
SylviaBABY commented on code in PR #1187: URL: https://github.com/apache/apisix-website/pull/1187#discussion_r913322280 ## website/blog/2022/07/04/apisix-integrates-with-hydra.md: ## @@ -0,0 +1,286 @@ +--- +title: "APISIX integrates with Ory Hydra" +authors: + - name: "Fei Han" +title: "Technical Writer" +url: "https://github.com/hf400159; +image_url: "https://github.com/hf400159.png; +keywords: +- Apache APISIX +- API Gateway +- Authentication +- Hydra +- Openid connect +- OIDC +description: This article describes the API gateway Apache APISIX for centralized authentication via the OpenID Connect plugin Hydra integration. +tags: [Authentication] +--- + +> This article describes how Apache APISIX integrates with Ory Hydra to implement centralized authentication. + + + +## Background Information + +### Apache APISIX + +[Apache APISIX](https://github.com/apache/apisix) is an open source cloud native API gateway. As an API gateway, it has the characteristics of dynamic, real-time, and high performance. It provides rich traffic management functions such as load balancing, dynamic upstream, gray-scale publishing, service fusing, identity authentication and observability. You can use APISIX to handle the traditional north-south traffic and the east-west traffic between services. It can also be used as a K8s ingress controller. Thanks to the full dynamic design of APISIX, configuration changes can be made at any time without restarting the service. + +The `openid-connect` plugin of APISIX supports the OpenID Connect protocol. Users can use this plugin to allow Apache APISIX to connect with many authentication service providers and deploy it in enterprises as a centralized authentication gateway. + +### ORY Hydra + +[Ory Hydra](https://github.com/ory/hydra) is one of the identity providers that supports the OAuth 2.0 and OpenID Connect protocols, based on the OAuth 2.0 authorization framework and the Open ID Connect Core 1.0 framework, with both open source and cloud native features. It can be integrated with any login system, and through OAuth 2.0 Access, Refresh, and ID Tokens, third parties can easily access your API, enabling users to interact with any application anytime, anywhere. + +Ory Hydra is written in Go language and provides SDKs for almost all languages, including Dart, .NET, Go, Java, PHP, Python, Ruby, Rust, and Typescript. It works with any login system, and the login experience can be easily customized. + +## Introduction + +OpenID is a centralized authentication mode, and it is a decentralized identity authentication system. The advantage of using OpenID is that users only need to register and log in on one OpenID identity provider's website and use one account and password information to access different applications. + +With the `openid-connect` plugin supported by APISIX, we can integrate with authenticators supporting the OpenID Connect protocol. For example: Ory Hydra. For more information, please refer to: [Centralized Identity Authentication](https://apisix.apache.org/blog/2021/08/25/using-the-apache-apisix-openid-connect-plugin-for-centralized-authentication/#what-is-authentication). + +One of the biggest advantages of Ory Hydra is that it implements the OAuth and OpenID Connect standards instead of forcing you to use "Hydra user management" (login, logout, profile management, registration), a specific template engine, or a predefined front end. + +It allows to use the authentication mechanisms required by your program (token-based 2FA, SMS 2FA, etc.) and implement user management and login in your technology stack. Of course, you can also use existing solutions, such as [authboss](https://github.com/go-authboss/authboss). It gives you all the great features of OAuth 2.0 and OpenID Connect while being minimally intrusive to your business logic and technology stack. + +OAuth 2.0 can be used in many environments for various purposes. This list might help you decide if OAuth 2.0 and Hydra are the right fit for a use case: + +1. enable third-party solutions to access your APIs. +2. be an Identity Provider like Google, Facebook, or Microsoft: OpenID Connect, and thus Hydra is a perfect fit. +3. enable your browser, mobile, or wearable applications to access your APIs: Running an OAuth2 Provider can work great for this. You don't have to store passwords on the device and can revoke access tokens at any time. +4. you want to limit what type of information your backend services can read from each other. For example, the comment service should only be allowed to fetch user profile updates but shouldn't be able to read user passwords. + +## Operation steps + +Next, I will show you how APISIX integrates with Hydra using a real example. In this example, Docker will be used to running the required environment. Please install [Docker](https://docs.docker.com/engine/install/) before doing this. + +### Step 1: Create and
[GitHub] [apisix-website] SylviaBABY commented on a diff in pull request #1187: docs: add apisix integrates with hydra blog
SylviaBABY commented on code in PR #1187: URL: https://github.com/apache/apisix-website/pull/1187#discussion_r913321768 ## website/blog/2022/07/04/apisix-integrates-with-hydra.md: ## @@ -0,0 +1,286 @@ +--- +title: "APISIX integrates with Ory Hydra" +authors: + - name: "Fei Han" +title: "Technical Writer" +url: "https://github.com/hf400159; +image_url: "https://github.com/hf400159.png; +keywords: +- Apache APISIX +- API Gateway +- Authentication +- Hydra +- Openid connect +- OIDC +description: This article describes the API gateway Apache APISIX for centralized authentication via the OpenID Connect plugin Hydra integration. +tags: [Authentication] +--- + +> This article describes how Apache APISIX integrates with Ory Hydra to implement centralized authentication. + + + +## Background Information + +### Apache APISIX + +[Apache APISIX](https://github.com/apache/apisix) is an open source cloud native API gateway. As an API gateway, it has the characteristics of dynamic, real-time, and high performance. It provides rich traffic management functions such as load balancing, dynamic upstream, gray-scale publishing, service fusing, identity authentication and observability. You can use APISIX to handle the traditional north-south traffic and the east-west traffic between services. It can also be used as a K8s ingress controller. Thanks to the full dynamic design of APISIX, configuration changes can be made at any time without restarting the service. + +The `openid-connect` plugin of APISIX supports the OpenID Connect protocol. Users can use this plugin to allow Apache APISIX to connect with many authentication service providers and deploy it in enterprises as a centralized authentication gateway. + +### ORY Hydra + +[Ory Hydra](https://github.com/ory/hydra) is one of the identity providers that supports the OAuth 2.0 and OpenID Connect protocols, based on the OAuth 2.0 authorization framework and the Open ID Connect Core 1.0 framework, with both open source and cloud native features. It can be integrated with any login system, and through OAuth 2.0 Access, Refresh, and ID Tokens, third parties can easily access your API, enabling users to interact with any application anytime, anywhere. + +Ory Hydra is written in Go language and provides SDKs for almost all languages, including Dart, .NET, Go, Java, PHP, Python, Ruby, Rust, and Typescript. It works with any login system, and the login experience can be easily customized. + +## Introduction + +OpenID is a centralized authentication mode, and it is a decentralized identity authentication system. The advantage of using OpenID is that users only need to register and log in on one OpenID identity provider's website and use one account and password information to access different applications. + +With the `openid-connect` plugin supported by APISIX, we can integrate with authenticators supporting the OpenID Connect protocol. For example: Ory Hydra. For more information, please refer to: [Centralized Identity Authentication](https://apisix.apache.org/blog/2021/08/25/using-the-apache-apisix-openid-connect-plugin-for-centralized-authentication/#what-is-authentication). + +One of the biggest advantages of Ory Hydra is that it implements the OAuth and OpenID Connect standards instead of forcing you to use "Hydra user management" (login, logout, profile management, registration), a specific template engine, or a predefined front end. + +It allows to use the authentication mechanisms required by your program (token-based 2FA, SMS 2FA, etc.) and implement user management and login in your technology stack. Of course, you can also use existing solutions, such as [authboss](https://github.com/go-authboss/authboss). It gives you all the great features of OAuth 2.0 and OpenID Connect while being minimally intrusive to your business logic and technology stack. + +OAuth 2.0 can be used in many environments for various purposes. This list might help you decide if OAuth 2.0 and Hydra are the right fit for a use case: + +1. enable third-party solutions to access your APIs. +2. be an Identity Provider like Google, Facebook, or Microsoft: OpenID Connect, and thus Hydra is a perfect fit. Review Comment: ```suggestion 2. be an Identity Provider like Google, Facebook, or Microsoft. ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-website] SylviaBABY commented on a diff in pull request #1187: docs: add apisix integrates with hydra blog
SylviaBABY commented on code in PR #1187: URL: https://github.com/apache/apisix-website/pull/1187#discussion_r913321584 ## website/blog/2022/07/04/apisix-integrates-with-hydra.md: ## @@ -0,0 +1,286 @@ +--- +title: "APISIX integrates with Ory Hydra" +authors: + - name: "Fei Han" +title: "Technical Writer" +url: "https://github.com/hf400159; +image_url: "https://github.com/hf400159.png; +keywords: +- Apache APISIX +- API Gateway +- Authentication +- Hydra +- Openid connect +- OIDC +description: This article describes the API gateway Apache APISIX for centralized authentication via the OpenID Connect plugin Hydra integration. +tags: [Authentication] +--- + +> This article describes how Apache APISIX integrates with Ory Hydra to implement centralized authentication. + + + +## Background Information + +### Apache APISIX + +[Apache APISIX](https://github.com/apache/apisix) is an open source cloud native API gateway. As an API gateway, it has the characteristics of dynamic, real-time, and high performance. It provides rich traffic management functions such as load balancing, dynamic upstream, gray-scale publishing, service fusing, identity authentication and observability. You can use APISIX to handle the traditional north-south traffic and the east-west traffic between services. It can also be used as a K8s ingress controller. Thanks to the full dynamic design of APISIX, configuration changes can be made at any time without restarting the service. + +The `openid-connect` plugin of APISIX supports the OpenID Connect protocol. Users can use this plugin to allow Apache APISIX to connect with many authentication service providers and deploy it in enterprises as a centralized authentication gateway. + +### ORY Hydra + +[Ory Hydra](https://github.com/ory/hydra) is one of the identity providers that supports the OAuth 2.0 and OpenID Connect protocols, based on the OAuth 2.0 authorization framework and the Open ID Connect Core 1.0 framework, with both open source and cloud native features. It can be integrated with any login system, and through OAuth 2.0 Access, Refresh, and ID Tokens, third parties can easily access your API, enabling users to interact with any application anytime, anywhere. + +Ory Hydra is written in Go language and provides SDKs for almost all languages, including Dart, .NET, Go, Java, PHP, Python, Ruby, Rust, and Typescript. It works with any login system, and the login experience can be easily customized. + +## Introduction + +OpenID is a centralized authentication mode, and it is a decentralized identity authentication system. The advantage of using OpenID is that users only need to register and log in on one OpenID identity provider's website and use one account and password information to access different applications. + +With the `openid-connect` plugin supported by APISIX, we can integrate with authenticators supporting the OpenID Connect protocol. For example: Ory Hydra. For more information, please refer to: [Centralized Identity Authentication](https://apisix.apache.org/blog/2021/08/25/using-the-apache-apisix-openid-connect-plugin-for-centralized-authentication/#what-is-authentication). + +One of the biggest advantages of Ory Hydra is that it implements the OAuth and OpenID Connect standards instead of forcing you to use "Hydra user management" (login, logout, profile management, registration), a specific template engine, or a predefined front end. + +It allows to use the authentication mechanisms required by your program (token-based 2FA, SMS 2FA, etc.) and implement user management and login in your technology stack. Of course, you can also use existing solutions, such as [authboss](https://github.com/go-authboss/authboss). It gives you all the great features of OAuth 2.0 and OpenID Connect while being minimally intrusive to your business logic and technology stack. + +OAuth 2.0 can be used in many environments for various purposes. This list might help you decide if OAuth 2.0 and Hydra are the right fit for a use case: Review Comment: ```suggestion OAuth 2.0 can be used in many environments for various purposes. The following information may help you decide whether OAuth 2.0 and Hydra are suitable for a certain scenario: ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-website] SylviaBABY commented on a diff in pull request #1187: docs: add apisix integrates with hydra blog
SylviaBABY commented on code in PR #1187: URL: https://github.com/apache/apisix-website/pull/1187#discussion_r913321183 ## website/i18n/zh/docusaurus-plugin-content-blog/2022/07/04/apisix-integrates-with-hydra.md: ## @@ -0,0 +1,286 @@ +--- +title: "APISIX 如何与 Ory Hydra 集成" +authors: + - name: "Fei Han" +title: "Technical Writer" +url: "https://github.com/hf400159; +image_url: "https://github.com/hf400159.png; +keywords: +- Apache APISIX +- API Gateway +- 身份认证 +- Hydra +- Openid Connect +- OIDC +description: 本文介绍了 API 网关 Apache APISIX 通过 OpenID Connect 插件 与 Ory Hydra 集成实现集中式身份认证。 +tags: [Authentication] +--- + +> 本文介绍了 Apache APISIX 如何与 Ory Hydra 集成实现集中式身份认证。 + + + +## 背景介绍 + +### Apache APISIX + +[Apache APISIX](https://github.com/apache/apisix) 是一个开源的云原生 API 网关,作为 API 网关,它兼具动态、实时、高性能等特点,提供了负载均衡、动态上游、灰度发布、服务熔断、身份认证、可观测性等丰富的流量管理功能。你可以使用 APISIX 来处理传统的南北向流量,以及服务间的东西向流量,也可以当做 K8s Ingress controller 来使用。 + +APISIX 的 `openid-connect` 插件支持 OpenID Connect 协议,用户可以使用该插件让 APISIX 对接众多认证鉴权软件,作为集中式认证网关部署于企业中。 + +### ORY Hydra + +[Ory Hydra](https://github.com/ory/hydra) 是支持 OAuth 2.0 和 OpenID Connect 协议的身份提供商之一,基于 OAuth 2.0 授权框架以及 Open ID Connect Core 1.0 框架实现,兼具开源与云原生特性。它可以与任何登录系统集成,通过 OAuth 2.0 Acces、Refresh 和 ID Tokens,使得第三方能够轻松访问你的 API,实现用户随时随地与任何应用程序的交互。 + +Ory Hydra 采用 Go 语言开发,为几乎所有开发语言都提供了 SDK,包括 Dart、.NET、Go、Java、PHP、Python、Ruby、Rust 和 Typescript。它适用于任何登录系统,并且可以轻松自定义登录体验。 + +## 简介 + +OpenID 是一种集中认证模式,它是一个去中心化的身份认证系统。使用 OpenID 的好处是:用户只需要在一个 OpenID 身份提供方的网站上注册和登录,使用一份账户密码信息即可访问不同应用。 + +通过 APISIX 支持的 `openid-connect` 插件,我们可以与支持 OpenID Connect 协议的认证程序集成。比如:[Ory Hydra]。更多信息请参考:[集中身份认证](https://apisix.apache.org/zh/blog/2021/08/25/using-the-apache-apisix-openid-connect-plugin-for-centralized-authentication/#%E4%BB%80%E4%B9%88%E6%98%AF%E8%BA%AB%E4%BB%BD%E8%AE%A4%E8%AF%81)。 Review Comment: ```suggestion 通过 APISIX 支持的 `openid-connect` 插件,我们可以与支持 OpenID Connect 协议的认证程序集成,比如 Ory Hydra。更多信息请参考:[集中身份认证](https://apisix.apache.org/zh/blog/2021/08/25/using-the-apache-apisix-openid-connect-plugin-for-centralized-authentication)。 ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] tokers commented on issue #7381: feat: Add integration with OpenSergo, a cloud-native service governance specification
tokers commented on issue #7381: URL: https://github.com/apache/apisix/issues/7381#issuecomment-1174503229 Hi @panxiaojun233 , thanks for the sharing. Just one thing I don't see from the description, where is the `fallbackAction`? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-website] SylviaBABY commented on a diff in pull request #1187: docs: add apisix integrates with hydra blog
SylviaBABY commented on code in PR #1187: URL: https://github.com/apache/apisix-website/pull/1187#discussion_r913320331 ## website/blog/2022/07/04/apisix-integrates-with-hydra.md: ## @@ -0,0 +1,286 @@ +--- +title: "APISIX integrates with Ory Hydra" +authors: + - name: "Fei Han" +title: "Technical Writer" +url: "https://github.com/hf400159; +image_url: "https://github.com/hf400159.png; +keywords: +- Apache APISIX +- API Gateway +- Authentication +- Hydra +- Openid connect Review Comment: ```suggestion - OpenID Connect ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] hf400159 commented on a diff in pull request #7371: docs: update openid-connect attributes description and sync CN doc attributes.
hf400159 commented on code in PR #7371: URL: https://github.com/apache/apisix/pull/7371#discussion_r913318158 ## docs/en/latest/plugins/openid-connect.md: ## @@ -33,29 +33,29 @@ The `openid-connect` Plugin provides authentication and introspection capability ## Attributes -| Name | Type| Required | Default | Valid values | Description | -|--|-|--|---|--|| -| client_id| string | True | | | OAuth client ID. | -| client_secret| string | True | | | OAuth client secret. | -| discovery| string | True | | | Discovery endpoint URL of the identity server. | -| scope| string | False| "openid" | | Scope used for authentication. | -| realm| string | False| "apisix" | | Realm used for authentication. | -| bearer_only | boolean | False| false | | When set to true, the Plugin will check for if the authorization header in the request matches a bearer token. | -| logout_path | string | False| "/logout" | | Path for logging out. | -| post_logout_redirect_uri | string | False| | | URL to redirect to after logging out. | -| redirect_uri | string | False| "ngx.var.request_uri" | | URI to which the identity provider redirects back to. | -| timeout | integer | False| 3 | [1,...] | Request timeout time in seconds. | -| ssl_verify | boolean | False| false | | When set to true, verifies the identity provider's SSL certificates. | -| introspection_endpoint | string | False| | | URL of the token verification endpoint of the identity server. | -| introspection_endpoint_auth_method | string | False| "client_secret_basic" | | Authentication method name for token introspection.| -| public_key | string | False| | | Public key to verify the token. | -| use_jwks | boolean | False| | | When set to true, uses the JWKS endpoint of the identity server to verify the token. | -| token_signing_alg_values_expected| string | False| | | Algorithm used for signing the authentication token. | -| set_access_token_header | boolean | False| true | | When set to true, sets the access token in a request header. | -| access_token_in_authorization_header | boolean | False| false | | When set to true, sets the access token in the `Authorization` header. Otherwise, set the `X-Access-Token` header. | -| set_id_token_header | boolean | False| true | | When set to true and the ID token is available, sets the ID token in the `X-ID-Token` request header. | -| set_userinfo_header | boolean | False
[GitHub] [apisix-docker] tokers commented on issue #325: apache/apisix:2.14.1 pod status: Restarting
tokers commented on issue #325: URL: https://github.com/apache/apisix-docker/issues/325#issuecomment-1174498595 @wennuanwk Please give some details about the installation. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[apisix] branch next updated: feat: response body format (#7366)
This is an automated email from the ASF dual-hosted git repository.
spacewander pushed a commit to branch next
in repository https://gitbox.apache.org/repos/asf/apisix.git
The following commit(s) were added to refs/heads/next by this push:
new 83ee13b36 feat: response body format (#7366)
83ee13b36 is described below
commit 83ee13b363f94917562da1a3aed1f03aa800d79b
Author: tzssangglass
AuthorDate: Tue Jul 5 09:13:48 2022 +0800
feat: response body format (#7366)
---
apisix/admin/utils.lua | 4 +-
apisix/core/etcd.lua | 62 ++-
conf/config-default.yaml | 2 +
t/admin/response_body_format.t | 237 +
4 files changed, 298 insertions(+), 7 deletions(-)
diff --git a/apisix/admin/utils.lua b/apisix/admin/utils.lua
index 3ff695a47..db73dda67 100644
--- a/apisix/admin/utils.lua
+++ b/apisix/admin/utils.lua
@@ -24,8 +24,8 @@ local _M = {}
local function inject_timestamp(conf, prev_conf, patch_conf)
if not conf.create_time then
-if prev_conf and prev_conf.node.value.create_time then
-conf.create_time = prev_conf.node.value.create_time
+if prev_conf and (prev_conf.node or prev_conf.list).value.create_time
then
+conf.create_time = (prev_conf.node or
prev_conf.list).value.create_time
else
-- As we don't know existent data's create_time, we have to pretend
-- they are created now.
diff --git a/apisix/core/etcd.lua b/apisix/core/etcd.lua
index a57a5d0c8..fd9eecc4a 100644
--- a/apisix/core/etcd.lua
+++ b/apisix/core/etcd.lua
@@ -21,6 +21,8 @@
local fetch_local_conf = require("apisix.core.config_local").local_conf
local array_mt = require("apisix.core.json").array_mt
+local try_read_attr = require("apisix.core.table").try_read_attr
+local log = require("apisix.core.log")
local etcd = require("resty.etcd")
local clone_tab = require("table.clone")
local health_check = require("resty.etcd.health_check")
@@ -35,6 +37,55 @@ local is_http = ngx.config.subsystem == "http"
local _M = {}
+local admin_api_version
+local function is_v3()
+if admin_api_version then
+if admin_api_version == "v3" then
+return true
+end
+
+if admin_api_version == "default" then
+return false
+end
+end
+
+local local_conf, err = fetch_local_conf()
+if not local_conf then
+admin_api_version = "default"
+log.error("failed to fetch local conf: ", err)
+return false
+end
+
+local api_ver = try_read_attr(local_conf, "apisix", "admin_api_version")
+if api_ver ~= "v3" then
+admin_api_version = "default"
+return false
+end
+
+admin_api_version = api_ver
+return true
+end
+
+
+local function to_v3(body, action)
+if not is_v3() then
+body.action = action
+end
+end
+
+
+local function to_v3_list(body)
+if not is_v3() then
+return
+end
+
+if body.node.dir then
+body.list = body.node.nodes
+body.node = nil
+end
+end
+
+
-- this function create the etcd client instance used in the Admin API
local function new()
local local_conf, err = fetch_local_conf()
@@ -168,7 +219,7 @@ function _M.get_format(res, real_key, is_dir, formatter)
return not_found(res)
end
-res.body.action = "get"
+to_v3(res.body, "get")
if formatter then
return formatter(res)
@@ -196,6 +247,7 @@ function _M.get_format(res, real_key, is_dir, formatter)
end
res.body.kvs = nil
+to_v3_list(res.body)
return res
end
@@ -272,7 +324,7 @@ local function set(key, value, ttl)
res.headers["X-Etcd-Index"] = res.body.header.revision
-- etcd v3 set would not return kv info
-res.body.action = "set"
+to_v3(res.body, "set")
res.body.node = {}
res.body.node.key = prefix .. key
res.body.node.value = value
@@ -335,7 +387,7 @@ function _M.atomic_set(key, value, ttl, mod_revision)
res.headers["X-Etcd-Index"] = res.body.header.revision
-- etcd v3 set would not return kv info
-res.body.action = "compareAndSwap"
+to_v3(res.body, "compareAndSwap")
res.body.node = {
key = key,
value = value,
@@ -373,7 +425,7 @@ function _M.push(key, value, ttl)
return nil, err
end
-res.body.action = "create"
+to_v3(res.body, "create")
return res, nil
end
@@ -397,7 +449,7 @@ function _M.delete(key)
end
-- etcd v3 set would not return kv info
-res.body.action = "delete"
+to_v3(res.body, "delete")
res.body.node = {}
res.body.key = prefix .. key
diff --git a/conf/config-default.yaml b/conf/config-default.yaml
index f35ec65b0..5f18c6255 100644
--- a/conf/config-default.yaml
+++ b/conf/config-default.yaml
@@ -85,6 +85,8 @@ apisix:
admin_ssl_cert_key: "" # Path of your self-signed server side key.
[GitHub] [apisix] spacewander merged pull request #7366: feat: response body format
spacewander merged PR #7366: URL: https://github.com/apache/apisix/pull/7366 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[apisix] branch master updated: feat(deployment): provide conf server in control_plane role (#7365)
This is an automated email from the ASF dual-hosted git repository.
spacewander pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git
The following commit(s) were added to refs/heads/master by this push:
new efd00695a feat(deployment): provide conf server in control_plane role
(#7365)
efd00695a is described below
commit efd00695a577b1521dc6555fb947e3b7c893d7f0
Author: 罗泽轩
AuthorDate: Tue Jul 5 09:09:36 2022 +0800
feat(deployment): provide conf server in control_plane role (#7365)
Signed-off-by: spacewander
---
apisix/cli/schema.lua | 34 ++
apisix/cli/snippet.lua | 39 +---
t/cli/test_deployment_control_plane.sh | 50 ++
t/deployment/conf_server.t | 66 ++
4 files changed, 185 insertions(+), 4 deletions(-)
diff --git a/apisix/cli/schema.lua b/apisix/cli/schema.lua
index db4f47477..d762c3a7d 100644
--- a/apisix/cli/schema.lua
+++ b/apisix/cli/schema.lua
@@ -272,9 +272,43 @@ local deployment_schema = {
traditional = {
properties = {
etcd = etcd_schema,
+role_traditional = {
+properties = {
+config_provider = {
+enum = {"etcd"}
+},
+},
+required = {"config_provider"}
+}
},
required = {"etcd"}
},
+control_plane = {
+properties = {
+etcd = etcd_schema,
+role_control_plane = {
+properties = {
+config_provider = {
+enum = {"etcd"}
+},
+conf_server = {
+properties = {
+listen = {
+type = "string",
+default = "0.0.0.0:9280",
+},
+cert = { type = "string" },
+cert_key = { type = "string" },
+client_ca_cert = { type = "string" },
+},
+required = {"cert", "cert_key"}
+},
+},
+required = {"config_provider", "conf_server"}
+}
+},
+required = {"etcd", "role_control_plane"}
+}
}
diff --git a/apisix/cli/snippet.lua b/apisix/cli/snippet.lua
index bfaf973a0..cda703f66 100644
--- a/apisix/cli/snippet.lua
+++ b/apisix/cli/snippet.lua
@@ -24,7 +24,10 @@ local _M = {}
function _M.generate_conf_server(env, conf)
-if not (conf.deployment and conf.deployment.role == "traditional") then
+if not (conf.deployment and (
+conf.deployment.role == "traditional" or
+conf.deployment.role == "control_plane"))
+then
return nil, nil
end
@@ -49,6 +52,17 @@ function _M.generate_conf_server(env, conf)
end
end
+local control_plane
+if conf.deployment.role == "control_plane" then
+control_plane = conf.deployment.role_control_plane.conf_server
+control_plane.cert = pl_path.abspath(control_plane.cert)
+control_plane.cert_key = pl_path.abspath(control_plane.cert_key)
+
+if control_plane.client_ca_cert then
+control_plane.client_ca_cert =
pl_path.abspath(control_plane.client_ca_cert)
+end
+end
+
local conf_render = template.compile([[
upstream apisix_conf_backend {
server 0.0.0.0:80;
@@ -58,7 +72,20 @@ function _M.generate_conf_server(env, conf)
}
}
server {
+{% if control_plane then %}
+listen {* control_plane.listen *} ssl;
+ssl_certificate {* control_plane.cert *};
+ssl_certificate_key {* control_plane.cert_key *};
+
+{% if control_plane.client_ca_cert then %}
+ssl_verify_client on;
+ssl_client_certificate {* control_plane.client_ca_cert *};
+{% end %}
+
+{% else %}
listen unix:{* home *}/conf/config_listen.sock;
+{% end %}
+
access_log off;
set $upstream_host '';
@@ -71,17 +98,20 @@ function _M.generate_conf_server(env, conf)
location / {
{% if enable_https then %}
proxy_pass https://apisix_conf_backend;
+proxy_ssl_protocols TLSv1.2 TLSv1.3;
proxy_ssl_server_name on;
+
{% if sni then %}
proxy_ssl_name {* sni *};
{% else %}
proxy_ssl_name $upstream_host;
{% end %}
-proxy_ssl_protocols TLSv1.2 TLSv1.3;
+
{% if client_cert then %}
proxy_ssl_certificate {* client_cert *};
proxy_ssl_certificate_key {* client_cert_key *};
{% end %}
+
{% else %}
proxy_pass http://apisix_conf_backend;
{%
[GitHub] [apisix] spacewander merged pull request #7365: feat(deployment): provide conf server in control_plane role
spacewander merged PR #7365: URL: https://github.com/apache/apisix/pull/7365 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] qihaiyan commented on pull request #7370: feat: add PKCE support to the openid-connect plugin
qihaiyan commented on PR #7370: URL: https://github.com/apache/apisix/pull/7370#issuecomment-1174491712 # Failed test 't/plugin/openid-connect.t TEST 9: Access route w/o bearer token and go through the full OIDC Relying Party authentication process. - pattern "[error]" should not match any line in error.log but matches line "2022/07/04 20:45:31 [error] 2009\#2009: *32 [lua] openid-connect.lua:315: phase_func(): OIDC authentication failed: accessing discovery url (http://127.0.0.1:8090/auth/realms/University/.well-known/openid-configuration) failed: connection refused, client: 127.0.0.1, server: localhost, request: \"GET /uri HTTP/1.1\", host: \"127.0.0.1:1984\"" (req 0) why this error occurs when i run the openid-connect.t unit test, how to resolve it? @spacewander -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[apisix-ingress-controller] branch dependabot/go_modules/go.uber.org/zap-1.21.0 updated (86c3f6dc -> ae610560)
This is an automated email from the ASF dual-hosted git repository. github-bot pushed a change to branch dependabot/go_modules/go.uber.org/zap-1.21.0 in repository https://gitbox.apache.org/repos/asf/apisix-ingress-controller.git discard 86c3f6dc chore(deps): bump go.uber.org/zap from 1.19.1 to 1.21.0 add aae2105e feat: ingress annotations support enable websocket (#1101) add ae610560 chore(deps): bump go.uber.org/zap from 1.19.1 to 1.21.0 This update added new revisions after undoing existing revisions. That is to say, some revisions that were in the old version of the branch are not in the new version. This situation occurs when a user --force pushes a change and generates a repository containing something like this: * -- * -- B -- O -- O -- O (86c3f6dc) \ N -- N -- N refs/heads/dependabot/go_modules/go.uber.org/zap-1.21.0 (ae610560) You should already have received notification emails for all of the O revisions, and so the following emails describe only the N revisions from the common base, B. Any revisions marked "omit" are not gone; other references still refer to them. Any revisions marked "discard" are gone forever. No new revisions were added by this update. Summary of changes: docs/en/latest/concepts/annotations.md | 33 pkg/kube/translation/ingress.go | 8 + pkg/kube/translation/ingress_test.go| 261 +++ test/e2e/suite-annotations/websocket.go | 306 4 files changed, 608 insertions(+) create mode 100644 test/e2e/suite-annotations/websocket.go
[GitHub] [apisix-ingress-controller] tao12345666333 commented on pull request #1121: chore(deps): bump github.com/slok/kubewebhook/v2 from 2.2.0 to 2.3.0
tao12345666333 commented on PR #1121: URL: https://github.com/apache/apisix-ingress-controller/pull/1121#issuecomment-1174058585 @dependabot rebase -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[apisix-ingress-controller] branch dependabot/go_modules/github.com/slok/kubewebhook/v2-2.3.0 updated (b5875edf -> ed85e3d8)
This is an automated email from the ASF dual-hosted git repository.
github-bot pushed a change to branch
dependabot/go_modules/github.com/slok/kubewebhook/v2-2.3.0
in repository https://gitbox.apache.org/repos/asf/apisix-ingress-controller.git
discard b5875edf chore(deps): bump github.com/slok/kubewebhook/v2 from 2.2.0
to 2.3.0
add 810f1a1c docs: rename practices to tutorials and add index (#1123)
add 4aa2ca5a test: support ApisixRoute v2 and split suit-plugins (#1103)
add 4bc9f0ca fix: update Makefile verify-mdlint (#1126)
add 70c08706 chore(deps): bump github.com/gruntwork-io/terratest from
0.32.8 to 0.40.17 in /test/e2e (#1112)
add aae2105e feat: ingress annotations support enable websocket (#1101)
add ed85e3d8 chore(deps): bump github.com/slok/kubewebhook/v2 from 2.2.0
to 2.3.0
This update added new revisions after undoing existing revisions.
That is to say, some revisions that were in the old version of the
branch are not in the new version. This situation occurs
when a user --force pushes a change and generates a repository
containing something like this:
* -- * -- B -- O -- O -- O (b5875edf)
\
N -- N -- N
refs/heads/dependabot/go_modules/github.com/slok/kubewebhook/v2-2.3.0 (ed85e3d8)
You should already have received notification emails for all of the O
revisions, and so the following emails describe only the N revisions
from the common base, B.
Any revisions marked "omit" are not gone; other references still
refer to them. Any revisions marked "discard" are gone forever.
No new revisions were added by this update.
Summary of changes:
.github/workflows/e2e-test-ci.yml | 2 +-
Makefile | 2 +-
docs/en/latest/concepts/annotations.md | 33 +
docs/en/latest/config.json | 25 +-
docs/en/latest/deployments/ack.md | 2 +-
docs/en/latest/deployments/aws.md | 2 +-
docs/en/latest/deployments/azure.md| 2 +-
docs/en/latest/deployments/gke.md | 2 +-
docs/en/latest/deployments/k3s-rke.md | 2 +-
docs/en/latest/deployments/kind.md | 2 +-
docs/en/latest/deployments/kubesphere.md | 2 +-
docs/en/latest/deployments/minikube.md | 2 +-
docs/en/latest/deployments/tke.md | 2 +-
.../{practices => tutorials}/cert-manager/ca.yaml | 0
.../cert-manager/issuer.yaml | 0
.../{practices => tutorials}/check-crd-status.md | 0
.../enable-authentication-and-restriction.md | 0
...cess-Apache-APISIX-Prometheus-Metrics-on-k8s.md | 0
...ow-to-use-go-plugin-runner-in-apisix-ingress.md | 0
docs/en/latest/{practices => tutorials}/index.md | 0
.../manage-certificates-with-cert-manager.md | 2 +-
...anage-ingress-certificates-with-cert-manager.md | 2 +-
docs/en/latest/{practices => tutorials}/mtls.md| 2 +-
.../en/latest/{practices => tutorials}/mtls/ca.pem | 0
.../mtls/client-ca-secret.yaml | 0
.../latest/{practices => tutorials}/mtls/mtls.yaml | 0
.../{practices => tutorials}/mtls/route.yaml | 0
.../mtls/server-secret.yaml| 0
.../{practices => tutorials}/mtls/server.key | 0
.../{practices => tutorials}/mtls/server.pem | 0
.../latest/{practices => tutorials}/mtls/tls.yaml | 0
.../latest/{practices => tutorials}/mtls/user.key | 0
.../latest/{practices => tutorials}/mtls/user.pem | 0
.../{practices => tutorials}/proxy-grpc-service.md | 0
.../proxy-the-httpbin-service-with-ingress.md | 0
.../proxy-the-httpbin-service.md | 0
.../{practices => tutorials}/the-hard-way.md | 0
install.md | 2 +-
pkg/ingress/status.go | 17 +
pkg/kube/translation/ingress.go| 8 +
pkg/kube/translation/ingress_test.go | 261 +++
samples/deploy/crd/v1/ApisixRoute.yaml | 12 +
test/e2e/e2e.go| 6 +-
test/e2e/go.mod| 17 +-
test/e2e/go.sum| 230 +-
test/e2e/scaffold/consumer.go | 19 +-
test/e2e/scaffold/ingress.go | 3 +-
test/e2e/scaffold/scaffold.go | 153 ++--
test/e2e/suite-annotations/websocket.go| 306
test/e2e/suite-endpoints/endpoints.go | 130 ++--
test/e2e/suite-features/consumer.go| 40 +-
test/e2e/suite-features/global_rule.go | 10 +-
test/e2e/suite-features/healthcheck.go | 90 +--
test/e2e/suite-features/remote_addrs_match.go | 59 +-
test/e2e/suite-features/retries.go | 178 ++---
[GitHub] [apisix-ingress-controller] tao12345666333 commented on pull request #1117: chore(deps): bump go.uber.org/zap from 1.19.1 to 1.21.0
tao12345666333 commented on PR #1117: URL: https://github.com/apache/apisix-ingress-controller/pull/1117#issuecomment-1174059079 @dependabot rebase -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[apisix-ingress-controller] branch dependabot/go_modules/sigs.k8s.io/gateway-api-0.4.3 updated (a72aed46 -> 0f64e30b)
This is an automated email from the ASF dual-hosted git repository. github-bot pushed a change to branch dependabot/go_modules/sigs.k8s.io/gateway-api-0.4.3 in repository https://gitbox.apache.org/repos/asf/apisix-ingress-controller.git discard a72aed46 chore(deps): bump sigs.k8s.io/gateway-api from 0.4.0 to 0.4.3 add aae2105e feat: ingress annotations support enable websocket (#1101) add 0f64e30b chore(deps): bump sigs.k8s.io/gateway-api from 0.4.0 to 0.4.3 This update added new revisions after undoing existing revisions. That is to say, some revisions that were in the old version of the branch are not in the new version. This situation occurs when a user --force pushes a change and generates a repository containing something like this: * -- * -- B -- O -- O -- O (a72aed46) \ N -- N -- N refs/heads/dependabot/go_modules/sigs.k8s.io/gateway-api-0.4.3 (0f64e30b) You should already have received notification emails for all of the O revisions, and so the following emails describe only the N revisions from the common base, B. Any revisions marked "omit" are not gone; other references still refer to them. Any revisions marked "discard" are gone forever. No new revisions were added by this update. Summary of changes: docs/en/latest/concepts/annotations.md | 33 pkg/kube/translation/ingress.go | 8 + pkg/kube/translation/ingress_test.go| 261 +++ test/e2e/suite-annotations/websocket.go | 306 4 files changed, 608 insertions(+) create mode 100644 test/e2e/suite-annotations/websocket.go
[GitHub] [apisix-ingress-controller] tao12345666333 commented on pull request #1119: chore(deps): bump sigs.k8s.io/gateway-api from 0.4.0 to 0.4.3
tao12345666333 commented on PR #1119: URL: https://github.com/apache/apisix-ingress-controller/pull/1119#issuecomment-1174057601 @dependabot rebase -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-ingress-controller] tao12345666333 commented on a diff in pull request #1131: deploy: update deploy cluster role
tao12345666333 commented on code in PR #1131: URL: https://github.com/apache/apisix-ingress-controller/pull/1131#discussion_r913193002 ## samples/deploy/rbac/apisix_view_clusterrole.yaml: ## @@ -20,150 +20,161 @@ kind: ClusterRole metadata: name: apisix-view-clusterrole rules: -- apiGroups: - - "" - resources: - - events - verbs: -- "*" -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - persistentvolumeclaims - - pods - - replicationcontrollers - - replicationcontrollers/scale - - serviceaccounts - - services - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - bindings - - limitranges - - namespaces/status - - pods/log - - pods/status - - replicationcontrollers/status - - resourcequotas - - resourcequotas/status - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch -- apiGroups: - - apps - resources: - - controllerrevisions - - daemonsets - - deployments - - deployments/scale - - replicasets - - replicasets/scale - - statefulsets - - statefulsets/scale - verbs: - - get - - list - - watch -- apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch -- apiGroups: - - batch - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch -- apiGroups: - - extensions - resources: - - daemonsets - - deployments - - deployments/scale - - ingresses - - networkpolicies - - replicasets - - replicasets/scale - - replicationcontrollers/scale - verbs: - - get - - list - - watch -- apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - - ingresses/status - - networkpolicies - verbs: - - '*' -- apiGroups: - - metrics.k8s.io - resources: - - pods - verbs: - - get - - list - - watch -- apiGroups: - - apisix.apache.org - resources: - - apisixroutes - - apisixroutes/status - - apisixupstreams - - apisixupstreams/status - - apisixtlses - - apisixtlses/status - - apisixclusterconfigs - - apisixclusterconfigs/status - - apisixconsumers - - apisixconsumers/status - - apisixpluginconfigs - - apisixpluginconfigs/status - verbs: - - '*' -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - '*' -- apiGroups: -- discovery.k8s.io - resources: -- endpointslices - verbs: -- get -- list -- watch + - apiGroups: + - "" +resources: + - events +verbs: + - "*" + - apiGroups: + - "" +resources: + - configmaps + - endpoints + - persistentvolumeclaims + - pods + - replicationcontrollers + - replicationcontrollers/scale + - serviceaccounts + - services + - secrets +verbs: + - get + - list + - watch + - apiGroups: + - "" +resources: + - bindings + - limitranges + - namespaces/status + - pods/log + - pods/status + - replicationcontrollers/status + - resourcequotas + - resourcequotas/status +verbs: + - get + - list + - watch + - apiGroups: + - "" +resources: + - namespaces +verbs: + - get + - list + - watch + - apiGroups: + - apps +resources: + - controllerrevisions + - daemonsets + - deployments + - deployments/scale + - replicasets + - replicasets/scale + - statefulsets + - statefulsets/scale +verbs: + - get + - list + - watch + - apiGroups: + - autoscaling +resources: + - horizontalpodautoscalers +verbs: + - get + - list + - watch + - apiGroups: + - batch +resources: + - cronjobs + - jobs +verbs: + - get + - list + - watch + - apiGroups: + - extensions +resources: + - daemonsets + - deployments + - deployments/scale + - ingresses + - networkpolicies + - replicasets + - replicasets/scale + - replicationcontrollers/scale +verbs: + - get + - list + - watch + - apiGroups: + - policy +resources: + - poddisruptionbudgets +verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io +resources: + - ingresses + - ingresses/status + - networkpolicies Review Comment: we don't need `networkpolicies` resource. ## samples/deploy/rbac/apisix_view_clusterrole.yaml: ## @@ -20,150 +20,161 @@ kind: ClusterRole metadata: name: apisix-view-clusterrole rules: -- apiGroups: - - "" - resources: - - events - verbs: -- "*" -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - persistentvolumeclaims - - pods - - replicationcontrollers - - replicationcontrollers/scale - -
[apisix-ingress-controller] branch master updated: feat: ingress annotations support enable websocket (#1101)
This is an automated email from the ASF dual-hosted git repository.
zhangjintao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix-ingress-controller.git
The following commit(s) were added to refs/heads/master by this push:
new aae2105e feat: ingress annotations support enable websocket (#1101)
aae2105e is described below
commit aae2105e123008a0170b68a0133432695ee230c9
Author: seven dickens
AuthorDate: Tue Jul 5 02:05:40 2022 +0800
feat: ingress annotations support enable websocket (#1101)
---
docs/en/latest/concepts/annotations.md | 33
pkg/kube/translation/ingress.go | 8 +
pkg/kube/translation/ingress_test.go| 261 +++
test/e2e/suite-annotations/websocket.go | 306
4 files changed, 608 insertions(+)
diff --git a/docs/en/latest/concepts/annotations.md
b/docs/en/latest/concepts/annotations.md
index ff215ccd..338c7562 100644
--- a/docs/en/latest/concepts/annotations.md
+++ b/docs/en/latest/concepts/annotations.md
@@ -171,3 +171,36 @@ spec:
port:
number: 80
```
+
+Enable websocket
+-
+
+You can use the follow annotations to enable websocket
+
+* `k8s.apisix.apache.org/enable-websocket`
+
+If this annotations set to `true` the route will enable websoket
+
+For example, the following Ingress, if we set
`k8s.apisix.apache.org/enable-websocket: "true"`. `/api/*` route will enable
websocket
+
+```yaml
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ annotations:
+kubernetes.io/ingress.class: apisix
+k8s.apisix.apache.org/enable-websocket: "true"
+ name: ingress-v1
+spec:
+ rules:
+ - host: httpbin.org
+http:
+ paths:
+ - path: /api/*
+pathType: ImplementationSpecific
+backend:
+ service:
+name: service1
+port:
+ number: 80
+```
diff --git a/pkg/kube/translation/ingress.go b/pkg/kube/translation/ingress.go
index 76fb1e07..8b0ab9d6 100644
--- a/pkg/kube/translation/ingress.go
+++ b/pkg/kube/translation/ingress.go
@@ -44,6 +44,8 @@ func (t *translator) translateIngressV1(ing
*networkingv1.Ingress, skipVerify bo
plugins := t.translateAnnotations(ing.Annotations)
annoExtractor := annotations.NewExtractor(ing.Annotations)
useRegex :=
annoExtractor.GetBoolAnnotation(annotations.AnnotationsPrefix + "use-regex")
+ enableWebsocket :=
annoExtractor.GetBoolAnnotation(annotations.AnnotationsPrefix +
"enable-websocket")
+
// add https
for _, tls := range ing.Spec.TLS {
apisixTls := kubev2.ApisixTls{
@@ -132,6 +134,7 @@ func (t *translator) translateIngressV1(ing
*networkingv1.Ingress, skipVerify bo
route.ID = id.GenID(route.Name)
route.Host = rule.Host
route.Uris = uris
+ route.EnableWebsocket = enableWebsocket
if len(nginxVars) > 0 {
routeVars, err :=
t.translateRouteMatchExprs(nginxVars)
if err != nil {
@@ -165,6 +168,8 @@ func (t *translator) translateIngressV1beta1(ing
*networkingv1beta1.Ingress, ski
plugins := t.translateAnnotations(ing.Annotations)
annoExtractor := annotations.NewExtractor(ing.Annotations)
useRegex :=
annoExtractor.GetBoolAnnotation(annotations.AnnotationsPrefix + "use-regex")
+ enableWebsocket :=
annoExtractor.GetBoolAnnotation(annotations.AnnotationsPrefix +
"enable-websocket")
+
// add https
for _, tls := range ing.Spec.TLS {
apisixTls := kubev2beta3.ApisixTls{
@@ -253,6 +258,7 @@ func (t *translator) translateIngressV1beta1(ing
*networkingv1beta1.Ingress, ski
route.ID = id.GenID(route.Name)
route.Host = rule.Host
route.Uris = uris
+ route.EnableWebsocket = enableWebsocket
if len(nginxVars) > 0 {
routeVars, err :=
t.translateRouteMatchExprs(nginxVars)
if err != nil {
@@ -340,6 +346,7 @@ func (t *translator) translateIngressExtensionsV1beta1(ing
*extensionsv1beta1.In
plugins := t.translateAnnotations(ing.Annotations)
annoExtractor := annotations.NewExtractor(ing.Annotations)
useRegex :=
annoExtractor.GetBoolAnnotation(annotations.AnnotationsPrefix + "use-regex")
+ enableWebsocket :=
annoExtractor.GetBoolAnnotation(annotations.AnnotationsPrefix +
"enable-websocket")
for _, rule := range ing.Spec.Rules {
for _, pathRule := range rule.HTTP.Paths {
@@ -400,6 +407,7 @@ func (t *translator) translateIngressExtensionsV1beta1(ing
*extensionsv1beta1.In
route.ID = id.GenID(route.Name)
route.Host = rule.Host
route.Uris
[GitHub] [apisix-ingress-controller] tao12345666333 merged pull request #1101: feat: ingress annotations support enable websocket
tao12345666333 merged PR #1101: URL: https://github.com/apache/apisix-ingress-controller/pull/1101 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] Fatpa commented on issue #6694: bug: using DNS discovery SRV and CHash algorithm can't work like node upstream type
Fatpa commented on issue #6694: URL: https://github.com/apache/apisix/issues/6694#issuecomment-1174038142 Thanks a lot. I will try to upgrade my consul to find out if the DNS search results are still random. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-ingress-controller] tao12345666333 commented on issue #926: bug: we should create APISIX routes even if Service is created later
tao12345666333 commented on issue #926: URL: https://github.com/apache/apisix-ingress-controller/issues/926#issuecomment-1174010344 > Instead of using a cache, I decided to add a handler to the service informer of the ApisixRoute controller. This is consistent with the way K8s does it. > > > > @tao12345666333 PTAL SGTM When the svc is created, do you want to check the status of the ApisixRoute to determine whether to synchronize? Or in another way? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] starsz commented on a diff in pull request #7371: docs: update openid-connect attributes description and sync CN doc attributes.
starsz commented on code in PR #7371: URL: https://github.com/apache/apisix/pull/7371#discussion_r913087982 ## docs/en/latest/plugins/openid-connect.md: ## @@ -33,29 +33,29 @@ The `openid-connect` Plugin provides authentication and introspection capability ## Attributes -| Name | Type| Required | Default | Valid values | Description | -|--|-|--|---|--|| -| client_id| string | True | | | OAuth client ID. | -| client_secret| string | True | | | OAuth client secret. | -| discovery| string | True | | | Discovery endpoint URL of the identity server. | -| scope| string | False| "openid" | | Scope used for authentication. | -| realm| string | False| "apisix" | | Realm used for authentication. | -| bearer_only | boolean | False| false | | When set to true, the Plugin will check for if the authorization header in the request matches a bearer token. | -| logout_path | string | False| "/logout" | | Path for logging out. | -| post_logout_redirect_uri | string | False| | | URL to redirect to after logging out. | -| redirect_uri | string | False| "ngx.var.request_uri" | | URI to which the identity provider redirects back to. | -| timeout | integer | False| 3 | [1,...] | Request timeout time in seconds. | -| ssl_verify | boolean | False| false | | When set to true, verifies the identity provider's SSL certificates. | -| introspection_endpoint | string | False| | | URL of the token verification endpoint of the identity server. | -| introspection_endpoint_auth_method | string | False| "client_secret_basic" | | Authentication method name for token introspection.| -| public_key | string | False| | | Public key to verify the token. | -| use_jwks | boolean | False| | | When set to true, uses the JWKS endpoint of the identity server to verify the token. | -| token_signing_alg_values_expected| string | False| | | Algorithm used for signing the authentication token. | -| set_access_token_header | boolean | False| true | | When set to true, sets the access token in a request header. | -| access_token_in_authorization_header | boolean | False| false | | When set to true, sets the access token in the `Authorization` header. Otherwise, set the `X-Access-Token` header. | -| set_id_token_header | boolean | False| true | | When set to true and the ID token is available, sets the ID token in the `X-ID-Token` request header. | -| set_userinfo_header | boolean | False
[GitHub] [apisix-ingress-controller] tao12345666333 commented on a diff in pull request #1128: e2e-test: Optimize the runtime of ingress/features, and support more default value in NewScaffold
tao12345666333 commented on code in PR #1128:
URL:
https://github.com/apache/apisix-ingress-controller/pull/1128#discussion_r913082615
##
test/e2e/scaffold/scaffold.go:
##
@@ -564,23 +562,29 @@ func (s *Scaffold) FormatNamespaceLabel(label string)
string {
var (
versionRegex = regexp.MustCompile(`apiVersion:
apisix.apache.org/v.*?\n`)
- kindRegex= regexp.MustCompile(`kind: .*?\n`)
+ kindRegex= regexp.MustCompile(`kind: (.*?)\n`)
)
func (s *Scaffold) replaceApiVersion(yml, ver string) string {
return versionRegex.ReplaceAllString(yml, "apiVersion: "+ver+"\n")
}
func (s *Scaffold) getKindValue(yml string) string {
- kind := strings.Replace(kindRegex.FindString(yml), "\n", "", -1)
- kindValue := strings.Replace(kind, "kind: ", "", -1)
- return kindValue
+ subStr := kindRegex.FindStringSubmatch(yml)
+ if len(subStr) < 2 {
+ return ""
+ }
+ return subStr[1]
}
func (s *Scaffold) DisableNamespaceSelector() {
s.opts.disableNamespaceSelector = true
}
+func (s *Scaffold) DisableGatewayAPI() {
Review Comment:
+1
Although we don't currently have this turned on by default for users, the
full functionality should be covered in our e2e tests.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [apisix-ingress-controller] tao12345666333 commented on a diff in pull request #1128: e2e-test: Optimize the runtime of ingress/features, and support more default value in NewScaffold
tao12345666333 commented on code in PR #1128: URL: https://github.com/apache/apisix-ingress-controller/pull/1128#discussion_r913080078 ## test/e2e/suite-ingress/suite-ingress-resource/resourcepushing.go: ## @@ -136,9 +130,9 @@ spec: // remove assert.Nil(ginkgo.GinkgoT(), s.RemoveResourceByString(apisixRoute)) - // TODO When ingress controller can feedback the lifecycle of CRDs to the - // status field, we can poll it rather than sleeping. - time.Sleep(10 * time.Second) + + err = s.EnsureNumApisixUpstreamsCreated(0) + assert.Nil(ginkgo.GinkgoT(), err, "Checking number of routes") ups, err := s.ListApisixUpstreams() assert.Nil(ginkgo.GinkgoT(), err, "list upstreams error") assert.Len(ginkgo.GinkgoT(), ups, 0, "upstreams nodes not expect") Review Comment: yes, we can remove this. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-java-plugin-runner] tzssangglass commented on a diff in pull request #158: feat: support hot reload of Java plugins
tzssangglass commented on code in PR #158:
URL:
https://github.com/apache/apisix-java-plugin-runner/pull/158#discussion_r913059769
##
runner-starter/src/main/java/org/apache/apisix/plugin/runner/PluginRunnerApplication.java:
##
@@ -17,17 +17,138 @@
package org.apache.apisix.plugin.runner;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.support.BeanDefinitionBuilder;
+import org.springframework.beans.factory.support.BeanDefinitionRegistry;
+import org.springframework.scheduling.annotation.Scheduled;
import org.springframework.boot.WebApplicationType;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.builder.SpringApplicationBuilder;
+import org.springframework.context.ApplicationContext;
+import org.springframework.scheduling.annotation.EnableScheduling;
+
+import javax.tools.JavaCompiler;
+import javax.tools.ToolProvider;
+import java.io.File;
+import java.io.IOException;
+import java.nio.file.FileSystems;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.nio.file.WatchEvent;
+import java.nio.file.WatchKey;
+import java.nio.file.WatchService;
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.List;
+
+import static java.nio.file.StandardWatchEventKinds.ENTRY_CREATE;
+import static java.nio.file.StandardWatchEventKinds.ENTRY_DELETE;
+import static java.nio.file.StandardWatchEventKinds.ENTRY_MODIFY;
@SpringBootApplication
+@EnableScheduling
public class PluginRunnerApplication {
-
+
+@Autowired
+private YAMLConfig myConfig;
+@Autowired
+private ApplicationContext ctx;
+private static ClassLoader PARENT_CLASS_LOADER;
+private static DynamicClassLoader CLASS_LOADER;
+
public static void main(String[] args) {
+PARENT_CLASS_LOADER = DynamicClassLoader.class.getClassLoader();
+CLASS_LOADER = new DynamicClassLoader(PARENT_CLASS_LOADER);
+Thread.currentThread().setContextClassLoader(CLASS_LOADER);
new SpringApplicationBuilder(PluginRunnerApplication.class)
.web(WebApplicationType.NONE)
.run(args);
}
-
+
+@Scheduled(fixedDelay = Long.MAX_VALUE, initialDelay = 1000)
+public void reload() throws ClassNotFoundException, IOException,
InterruptedException {
+BeanDefinitionRegistry registry = (BeanDefinitionRegistry)
ctx.getAutowireCapableBeanFactory();
+WatchService watchService = FileSystems.getDefault().newWatchService();
+
+String pathToProject = System.getProperty("user.dir");
+
+//get packagename and path to user's filters from YAML file
+String packageName = myConfig.getPackageName();
+String absolutePath = myConfig.getPath();
+if (packageName.equals("")) {
+packageName = "org.apache.apisix.plugin.runner.filter";
+}
+if (absolutePath.equals("")) {
+absolutePath = pathToProject +
"/runner-plugin/src/main/java/org/apache/apisix/plugin/runner/filter/";
+}
+Path path = Paths.get(absolutePath);
+
+//make /target/classes directory if not already exists, compiled java
files are output here
+new File(pathToProject + "/target").mkdirs();
+new File(pathToProject + "/target/classes").mkdirs();
+
+//detect changes when files in the path are created, modified, or
deleted
+path.register(watchService, ENTRY_CREATE, ENTRY_MODIFY, ENTRY_DELETE);
+boolean poll = true;
+while (poll) {
+WatchKey key = watchService.take();
+for (WatchEvent event : key.pollEvents()) {
+String[] allFilters = new File(absolutePath).list();
+HashSet set = new HashSet<>();
+
+for (int i = 0; i < allFilters.length; i++) {
+//strangely, watchservice creates a file that ends with
".java~", we ignore this file
+if (!allFilters[i].equals("package-info.java") &&
allFilters[i].charAt(allFilters[i].length() - 1) != '~') {
+allFilters[i] = allFilters[i].substring(0,
allFilters[i].length() - 5);
+set.add(allFilters[i]);
+}
+}
+
+for (String filterName : allFilters) {
+if ((!filterName.equals("package-info.java")) &&
filterName.charAt(filterName.length() - 1) != '~') {
+//Bean Filter Name necessary because beans always
start with lower case letters
+String beanFilterName =
Character.toLowerCase(filterName.charAt(0)) + filterName.substring(1);
+if (registry.containsBeanDefinition(beanFilterName)) {
+registry.removeBeanDefinition(beanFilterName);
+}
+JavaCompiler compiler =
ToolProvider.getSystemJavaCompiler();
+
[GitHub] [apisix-java-plugin-runner] tzssangglass commented on a diff in pull request #158: feat: support hot reload of Java plugins
tzssangglass commented on code in PR #158:
URL:
https://github.com/apache/apisix-java-plugin-runner/pull/158#discussion_r913048983
##
runner-starter/src/main/java/org/apache/apisix/plugin/runner/PluginRunnerApplication.java:
##
@@ -17,17 +17,138 @@
package org.apache.apisix.plugin.runner;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.support.BeanDefinitionBuilder;
+import org.springframework.beans.factory.support.BeanDefinitionRegistry;
+import org.springframework.scheduling.annotation.Scheduled;
import org.springframework.boot.WebApplicationType;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.builder.SpringApplicationBuilder;
+import org.springframework.context.ApplicationContext;
+import org.springframework.scheduling.annotation.EnableScheduling;
+
+import javax.tools.JavaCompiler;
+import javax.tools.ToolProvider;
+import java.io.File;
+import java.io.IOException;
+import java.nio.file.FileSystems;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.nio.file.WatchEvent;
+import java.nio.file.WatchKey;
+import java.nio.file.WatchService;
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.List;
+
+import static java.nio.file.StandardWatchEventKinds.ENTRY_CREATE;
+import static java.nio.file.StandardWatchEventKinds.ENTRY_DELETE;
+import static java.nio.file.StandardWatchEventKinds.ENTRY_MODIFY;
@SpringBootApplication
+@EnableScheduling
public class PluginRunnerApplication {
-
+
+@Autowired
+private YAMLConfig myConfig;
+@Autowired
+private ApplicationContext ctx;
+private static ClassLoader PARENT_CLASS_LOADER;
+private static DynamicClassLoader CLASS_LOADER;
+
public static void main(String[] args) {
+PARENT_CLASS_LOADER = DynamicClassLoader.class.getClassLoader();
+CLASS_LOADER = new DynamicClassLoader(PARENT_CLASS_LOADER);
+Thread.currentThread().setContextClassLoader(CLASS_LOADER);
new SpringApplicationBuilder(PluginRunnerApplication.class)
.web(WebApplicationType.NONE)
.run(args);
}
-
+
+@Scheduled(fixedDelay = Long.MAX_VALUE, initialDelay = 1000)
+public void reload() throws ClassNotFoundException, IOException,
InterruptedException {
+BeanDefinitionRegistry registry = (BeanDefinitionRegistry)
ctx.getAutowireCapableBeanFactory();
+WatchService watchService = FileSystems.getDefault().newWatchService();
+
+String pathToProject = System.getProperty("user.dir");
+
+//get packagename and path to user's filters from YAML file
Review Comment:
```suggestion
//get package name and path to user's filters from YAML file
```
##
runner-starter/src/main/java/org/apache/apisix/plugin/runner/PluginRunnerApplication.java:
##
@@ -17,17 +17,138 @@
package org.apache.apisix.plugin.runner;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.support.BeanDefinitionBuilder;
+import org.springframework.beans.factory.support.BeanDefinitionRegistry;
+import org.springframework.scheduling.annotation.Scheduled;
import org.springframework.boot.WebApplicationType;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.builder.SpringApplicationBuilder;
+import org.springframework.context.ApplicationContext;
+import org.springframework.scheduling.annotation.EnableScheduling;
+
+import javax.tools.JavaCompiler;
+import javax.tools.ToolProvider;
+import java.io.File;
+import java.io.IOException;
+import java.nio.file.FileSystems;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.nio.file.WatchEvent;
+import java.nio.file.WatchKey;
+import java.nio.file.WatchService;
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.List;
+
+import static java.nio.file.StandardWatchEventKinds.ENTRY_CREATE;
+import static java.nio.file.StandardWatchEventKinds.ENTRY_DELETE;
+import static java.nio.file.StandardWatchEventKinds.ENTRY_MODIFY;
@SpringBootApplication
+@EnableScheduling
public class PluginRunnerApplication {
-
+
+@Autowired
+private YAMLConfig myConfig;
+@Autowired
+private ApplicationContext ctx;
+private static ClassLoader PARENT_CLASS_LOADER;
+private static DynamicClassLoader CLASS_LOADER;
+
public static void main(String[] args) {
+PARENT_CLASS_LOADER = DynamicClassLoader.class.getClassLoader();
+CLASS_LOADER = new DynamicClassLoader(PARENT_CLASS_LOADER);
+Thread.currentThread().setContextClassLoader(CLASS_LOADER);
new SpringApplicationBuilder(PluginRunnerApplication.class)
.web(WebApplicationType.NONE)
.run(args);
}
-
+
+@Scheduled(fixedDelay = Long.MAX_VALUE, initialDelay = 1000)
+public void
[GitHub] [apisix-java-plugin-runner] tzssangglass commented on pull request #158: feat: support hot reload of Java plugins
tzssangglass commented on PR #158: URL: https://github.com/apache/apisix-java-plugin-runner/pull/158#issuecomment-1173883439 We need to add documentation to explain how this feature should be used. And add test cases to verify it (test cases can be done later). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-java-plugin-runner] daiweiaaaa commented on issue #159: 插件获取配置的值偶尔报数组越界异常
daiwei commented on issue #159: URL: https://github.com/apache/apisix-java-plugin-runner/issues/159#issuecomment-1173876656 0.1.0 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-java-plugin-runner] tzssangglass commented on pull request #160: docs: add maintenance document for Maven
tzssangglass commented on PR #160: URL: https://github.com/apache/apisix-java-plugin-runner/pull/160#issuecomment-1173861034 we should add license header, see: https://github.com/apache/apisix/blob/master/MAINTAIN.md -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-java-plugin-runner] tzssangglass commented on issue #159: 插件获取配置的值偶尔报数组越界异常
tzssangglass commented on issue #159: URL: https://github.com/apache/apisix-java-plugin-runner/issues/159#issuecomment-1173858528 which version of apisix-java-plugin-runner? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] tao12345666333 commented on issue #7052: feat: As a User, I want to be able to use oAuth2 with PKCE
tao12345666333 commented on issue #7052: URL: https://github.com/apache/apisix/issues/7052#issuecomment-1173815124 You can see this file https://github.com/apache/apisix/blob/master/ci/pod/docker-compose.plugin.yml -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] qihaiyan commented on issue #7052: feat: As a User, I want to be able to use oAuth2 with PKCE
qihaiyan commented on issue #7052: URL: https://github.com/apache/apisix/issues/7052#issuecomment-1173806548 how to start the mock server? I can't find the instruction the apisix's docs. @tao12345666333 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-java-plugin-runner] daiweiaaaa commented on issue #159: 插件获取配置的值偶尔报数组越界异常
daiwei commented on issue #159:
URL:
https://github.com/apache/apisix-java-plugin-runner/issues/159#issuecomment-1173797291
插件配置
"plugins": {
"ext-plugin-pre-req": {
"conf": [
{
"name": "testPlugin",
"value": ""
}
]
}
},
项目插件配置
刚开始获取值是能正确获取到,多更新几次后就报异常了。在控制台更新下插件的配置信息 又不报错了
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [apisix] tao12345666333 commented on issue #7052: feat: As a User, I want to be able to use oAuth2 with PKCE
tao12345666333 commented on issue #7052: URL: https://github.com/apache/apisix/issues/7052#issuecomment-1173791350 yes -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] qihaiyan commented on issue #7052: feat: As a User, I want to be able to use oAuth2 with PKCE
qihaiyan commented on issue #7052: URL: https://github.com/apache/apisix/issues/7052#issuecomment-1173786208 `# Failed test 't/plugin/openid-connect.t TEST 9: Access route w/o bearer token and go through the full OIDC Relying Party authentication process. - pattern "[error]" should not match any line in error.log but matches line "2022/07/04 20:45:31 [error] 2009\#2009: *32 [lua] openid-connect.lua:315: phase_func(): OIDC authentication failed: accessing discovery url (http://127.0.0.1:8090/auth/realms/University/.well-known/openid-configuration) failed: connection refused, client: 127.0.0.1, server: localhost, request: \"GET /uri HTTP/1.1\", host: \"127.0.0.1:1984\"" (req 0) ` why this error occurs when i run the openid-connect.t unit test, should i start a mock server? @tao12345666333 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] panxiaojun233 opened a new issue, #7381: feat: Add integration with OpenSergo, a cloud-native service governance specification
panxiaojun233 opened a new issue, #7381: URL: https://github.com/apache/apisix/issues/7381 ### Description Hi community, I'd like to propose a discussion about integration with [the OpenSergo service governance spec](https://opensergo.io/), which was initiated by open-source communities including Apache Dubbo, Kratos, Spring Cloud Alibaba, Sentinel, CloudWeGo and more. OpenSergo is a set of general-purpose, language-agnostic cloud-native service governance specifications, which are based on scenarios and best practices of microservice governance. We hope to build further connections with the Apache APISIX community, where we can discuss and refine the general service governance specification together, including traffic routing, rate limiting, [fault tolerance](https://github.com/opensergo/opensergo-specification/blob/main/specification/en/fault-tolerance.md) and more. --- [OpenSergo](https://opensergo.io/zh-cn/) 是一套开放、通用的、面向分布式服务架构、覆盖全链路异构化生态的服务治理标准,基于业界服务治理场景与实践形成服务治理通用标准。OpenSergo 的最大特点就是**以统一的一套配置/DSL/协议定义服务治理规则,面向多语言异构化架构,做到全链路生态覆盖**。 OpenSergo 社区希望可以联合 Apache APSIX 社区进行进一步的合作,社区来一起讨论与定义一套统一的服务治理标准。Apache APSIX 可以适配实现该标准,通过同一套 OpenSergo CRD 标准配置针对流量网关层进行统一的治理管控,可以释放基于 Apache APSIX 的微服务架构的新价值。 以下是[近期发布的 OpenSergo v1alpha1 中流量路由、流控降级与容错相关标准](https://opensergo.io/zh-cn/blog/opensergo-v1alpha1-is-coming/),我们找到了一些和 Apache APISIX 比较好的结合点,也欢迎社区一起讨论: ## 流量路由 [流量路由](https://github.com/opensergo/opensergo-specification/blob/main/specification/zh-Hans/traffic-routing.md),顾名思义就是将具有某些属性特征的流量,路由到指定的目标。流量路由是流量治理中重要的一环,开发者可以基于流量路由标准来实现各种场景,如灰度发布、金丝雀发布、容灾路由、标签路由等。 ### 场景 流量路由规则(v1alpha1) 主要分为三部分: - Workload 标签规则 (WorkloadLabelRule):将某一组 workload 打上对应的标签,这一块可以理解为是为 APISIX 的各个上游打上对应的标签 - 流量标签规则 (TrafficLabelRule):将具有某些属性特征的流量,打上对应的标签 - 按照 Workload 标签和流量标签来做匹配路由,将带有指定标签的流量路由到匹配的 workload 中  case1: 根据插件中 weighted_upstreams 配置的 weight 值做流量分流。将插件的 upstream 与 route 的 upstream 按 3:2 的流量比例进行划分,其中 60% 的流量到达插件中gray的upstream, 40% 的流量到达 route 上默认的 upstream。   case2: 通过请求头获取 match 规则参数 (也可以通过请求参数获取 NGINX 变量),在 match 规则匹配通过后,表示所有请求都命中到插件配置的 upstream ,否则所有请求只命中 route 上配置的 upstream 。   case3: 只配置了一个 vars 规则, vars 中的多个表达式是 and 的关系。在 weighted_upstreams 中根据 weight 值将流量按 3:2 划分,其中只有 weight 值的部分表示 route 上的 upstream 所占的比例。 当 match 匹配不通过时,所有的流量只会命中 route 上的 upstream    ### 标准  **给 Workload 打标签:** 我们对新版本进行灰度时,通常会有单独的环境,单独的部署集。我们将单独的部署集打上 gray 标签(标签值可自定义),标签会参与到具体的流量路由中。 我们可以通过直接在 Kubernetes workload 上打 label 的方式进行标签绑定,如在 Deployment 上打上 `traffic.opensergo.io/label: gray`标签代表灰度。对于一些复杂的 workload 打标场景(如数据库实例、缓存实例标签),我们可以利用 WorkloadLabelRule CRD 进行打标。示例: ```yaml apiVersion: traffic.opensergo.io/v1alpha1 kind: WorkloadLabelRule metadata: name: gray-sts-label-rule spec: workloadLabels: ['gray'] selector: app: my-app-gray ``` **给流量打标:** case1:假设现在需要将 60% 的流量到达插件中 gray WorkLoad中, 40% 的流量到达 route 上默认的 WorkLoad中。那么只需要配置如下 CRD 即可: ```yaml apiVersion: traffic.opensergo.io/v1alpha1 kind: TrafficLabelRule metadata: name: my-traffic-label-rule labels: app: my-app spec: selector: app: my-app trafficLabel: gray weight: 40% ``` case2: 假设现在需要将内部测试用户灰度到新版主页,测试用户 uid=12345,UID 位于 `X-User-Id` header 中,转发至 gray WorkLoad中。那么只需要配置如下 CRD 即可: ```yaml apiVersion: traffic.opensergo.io/v1alpha1 kind: TrafficLabelRule metadata: name: my-traffic-label-rule labels: app: my-app spec: selector: app: my-app trafficLabel: gray protocol: http match: - condition: "=="# 匹配表达式 type: header # 匹配属性类型 key: 'X-User-Id' # 参数名 value: 12345 # 参数值 - condition: "==" value: "/index" type: path ``` case3: 假设现在需要将内部测试用户灰度到新版主页,测试用户 uid=12345,UID 位于 `X-User-Id` header
[GitHub] [apisix] marziman commented on issue #7377: bug: requests with Istio mTLS enabled fail with connection termination
marziman commented on issue #7377: URL: https://github.com/apache/apisix/issues/7377#issuecomment-1173731907 @tao12345666333 do you have an idea why this is happening? We expected that the authority will be not changed. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] ccxhwmy commented on issue #5837: request: Expect monitoring metrics to add monitoring of nginx shared memory usage
ccxhwmy commented on issue #5837: URL: https://github.com/apache/apisix/issues/5837#issuecomment-1173676584 > Hi @ccxhwmy , would you like to work on this? Can you tell me which plugin I can modify to get information of `ngx.shared.DICT` regularly and report it? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-website] netlify[bot] commented on pull request #1187: docs: add apisix integrates with hydra blog
netlify[bot] commented on PR #1187: URL: https://github.com/apache/apisix-website/pull/1187#issuecomment-1173669675 ### Deploy Preview for *apache-apisix* processing. | Name | Link | |-|| | Latest commit | 430dba427e2cdea01d268ee24ff04c50e57ecc83 | | Latest deploy log | https://app.netlify.com/sites/apache-apisix/deploys/62c2c5df35d7bd0008fa4f5d | -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-website] hf400159 opened a new pull request, #1187: docs: add apisix integrates with hydra blog
hf400159 opened a new pull request, #1187: URL: https://github.com/apache/apisix-website/pull/1187 add apisix integrates with hydra blog Screenshots of the change: -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-ingress-controller] tao12345666333 commented on a diff in pull request #1132: chore: add log for syncManifest delete upstream
tao12345666333 commented on code in PR #1132:
URL:
https://github.com/apache/apisix-ingress-controller/pull/1132#discussion_r912873124
##
pkg/ingress/utils/manifest.go:
##
@@ -240,6 +244,53 @@ func SyncManifests(ctx context.Context, apisix
apisix.APISIX, clusterName string
zap.String("upstream_id", u.ID),
zap.String("upstream_name",
u.Name),
)
+
+ // this could also happen when the
route is synced(deleted) in another syncManifest call,
+ // but arrives later than this
+ // So log the deleted routes in this
call to see if it's true
+ if len(deleted.Routes) == 0 {
+ log.Debugw("syncManifest
deletes upstream but doesn't delete any routes")
+ } else {
+ found := false
+
+ for _, r := range
deleted.Routes {
+ if r.UpstreamId == u.ID
{
+ found = true
+ log.Debugw("a
deleted route is referencing upstream",
+
zap.Any("route", r),
+ )
+ }
+ }
+ if !found {
+ log.Debugw("no any
deleted route is referencing this upstream",
+
zap.String("upstream_id", u.ID),
+ )
+ }
+ }
+
+ // try to find which route is
referencing the upstream
+ routes, err :=
apisix.Cluster(clusterName).Route().List(ctx)
Review Comment:
I am concerned that this will create performance issues
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [apisix] tzssangglass commented on issue #5837: request: Expect monitoring metrics to add monitoring of nginx shared memory usage
tzssangglass commented on issue #5837: URL: https://github.com/apache/apisix/issues/5837#issuecomment-1173658046 Hi @ccxhwmy , would you like to work on this? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix-java-plugin-runner] tzssangglass commented on issue #159: 插件获取配置的值偶尔报数组越界异常
tzssangglass commented on issue #159: URL: https://github.com/apache/apisix-java-plugin-runner/issues/159#issuecomment-1173657234 Can you give the complete steps for reproduction? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] bzp2010 opened a new pull request, #7380: docs: add more architecture description
bzp2010 opened a new pull request, #7380: URL: https://github.com/apache/apisix/pull/7380 ### Description Add corresponding explanations to the architecture diagrams in the APISIX documentation to help readers better understand them. Fixes # (issue) ### Checklist - [x] I have explained the need for this PR and the problem it solves - [x] I have explained the changes or the new features added to this PR - [ ] I have added tests corresponding to this change - [x] I have updated the documentation to reflect this change - [ ] I have verified that this change is backward compatible (If not, please discuss on the [APISIX mailing list](https://github.com/apache/apisix/tree/master#community) first) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] starsz commented on a diff in pull request #7371: docs: update openid-connect attributes description and sync CN doc attributes.
starsz commented on code in PR #7371: URL: https://github.com/apache/apisix/pull/7371#discussion_r912857781 ## docs/en/latest/plugins/openid-connect.md: ## @@ -33,29 +33,29 @@ The `openid-connect` Plugin provides authentication and introspection capability ## Attributes -| Name | Type| Required | Default | Valid values | Description | -|--|-|--|---|--|| -| client_id| string | True | | | OAuth client ID. | -| client_secret| string | True | | | OAuth client secret. | -| discovery| string | True | | | Discovery endpoint URL of the identity server. | -| scope| string | False| "openid" | | Scope used for authentication. | -| realm| string | False| "apisix" | | Realm used for authentication. | -| bearer_only | boolean | False| false | | When set to true, the Plugin will check for if the authorization header in the request matches a bearer token. | -| logout_path | string | False| "/logout" | | Path for logging out. | -| post_logout_redirect_uri | string | False| | | URL to redirect to after logging out. | -| redirect_uri | string | False| "ngx.var.request_uri" | | URI to which the identity provider redirects back to. | -| timeout | integer | False| 3 | [1,...] | Request timeout time in seconds. | -| ssl_verify | boolean | False| false | | When set to true, verifies the identity provider's SSL certificates. | -| introspection_endpoint | string | False| | | URL of the token verification endpoint of the identity server. | -| introspection_endpoint_auth_method | string | False| "client_secret_basic" | | Authentication method name for token introspection.| -| public_key | string | False| | | Public key to verify the token. | -| use_jwks | boolean | False| | | When set to true, uses the JWKS endpoint of the identity server to verify the token. | -| token_signing_alg_values_expected| string | False| | | Algorithm used for signing the authentication token. | -| set_access_token_header | boolean | False| true | | When set to true, sets the access token in a request header. | -| access_token_in_authorization_header | boolean | False| false | | When set to true, sets the access token in the `Authorization` header. Otherwise, set the `X-Access-Token` header. | -| set_id_token_header | boolean | False| true | | When set to true and the ID token is available, sets the ID token in the `X-ID-Token` request header. | -| set_userinfo_header | boolean | False
[GitHub] [apisix-ingress-controller] lingsamuel commented on a diff in pull request #1128: e2e-test: Optimize the runtime of ingress/features, and support more default value in NewScaffold
lingsamuel commented on code in PR #1128:
URL:
https://github.com/apache/apisix-ingress-controller/pull/1128#discussion_r912854536
##
test/e2e/scaffold/k8s.go:
##
@@ -208,6 +208,12 @@ func (s *Scaffold) ensureNumApisixCRDsCreated(url string,
desired int) error {
return wait.Poll(3*time.Second, 35*time.Second, condFunc)
}
+// EnsureNumIngressCreated waits until desired number of route are created in
+// APISIX cluster.
+func (s *Scaffold) EnsureNumIngressCreated(desired int) error {
Review Comment:
Just use EnsureApisixRoute directly. Test case authors should know how many
routes they expect to have.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [apisix-ingress-controller] lingsamuel commented on a diff in pull request #1128: e2e-test: Optimize the runtime of ingress/features, and support more default value in NewScaffold
lingsamuel commented on code in PR #1128:
URL:
https://github.com/apache/apisix-ingress-controller/pull/1128#discussion_r912854536
##
test/e2e/scaffold/k8s.go:
##
@@ -208,6 +208,12 @@ func (s *Scaffold) ensureNumApisixCRDsCreated(url string,
desired int) error {
return wait.Poll(3*time.Second, 35*time.Second, condFunc)
}
+// EnsureNumIngressCreated waits until desired number of route are created in
+// APISIX cluster.
+func (s *Scaffold) EnsureNumIngressCreated(desired int) error {
Review Comment:
Just use EnsureApisix directly. Test case authors should know how many
routes they expect to have.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [apisix] github-actions[bot] commented on pull request #6979: feat: support to use plugin_config_id for consumer object
github-actions[bot] commented on PR #6979: URL: https://github.com/apache/apisix/pull/6979#issuecomment-1173629246 This pull request has been marked as stale due to 60 days of inactivity. It will be closed in 4 weeks if no further activity occurs. If you think that's incorrect or this pull request should instead be reviewed, please simply write any comment. Even if closed, you can still revive the PR at any time or discuss it on the d...@apisix.apache.org list. Thank you for your contributions. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
