[GitHub] [apisix] moonming commented on a change in pull request #6214: fix(admin-token): fixed token is used by default
moonming commented on a change in pull request #6214: URL: https://github.com/apache/apisix/pull/6214#discussion_r794148153 ## File path: ci/linux_apisix_current_luarocks_runner.sh ## @@ -66,6 +67,10 @@ script() { ulimit -n -S ulimit -n -H +# set default admin token +sudo yamlq e -i '.apisix.admin_key[0].key = "edd1c9f034335f136f87ad84b625c8f1"' conf/config-default.yaml Review comment: why set token twice https://github.com/apache/apisix/pull/6214/files#diff-210dceffdb6579327475828287fd91c559b209de07ebf0323ab8005b589d9c0fR44? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] moonming commented on a change in pull request #6214: fix(admin-token): fixed token is used by default
moonming commented on a change in pull request #6214: URL: https://github.com/apache/apisix/pull/6214#discussion_r794145536 ## File path: apisix/init.lua ## @@ -86,6 +88,12 @@ function _M.http_init(args) core.log.error("failed to load the configuration: ", err) end end + +local is_cli_token = getenv(cli_util.ADMIN_TOKEN_TAG_KEY) +if is_cli_token and tonumber(is_cli_token) == 1 then +core.log.warn("admin token has been automatically created by the apisix, ", +"value: `", getenv(cli_util.ADMIN_TOKEN_KEY), "`") +end Review comment: This is just a one-time token and should be very explicit about this ## File path: apisix/init.lua ## @@ -86,6 +88,12 @@ function _M.http_init(args) core.log.error("failed to load the configuration: ", err) end end + +local is_cli_token = getenv(cli_util.ADMIN_TOKEN_TAG_KEY) +if is_cli_token and tonumber(is_cli_token) == 1 then +core.log.warn("admin token has been automatically created by the apisix, ", +"value: `", getenv(cli_util.ADMIN_TOKEN_KEY), "`") +end Review comment: After Apache APISIX restarts, the token will change -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] moonming commented on a change in pull request #6214: fix(admin-token): fixed token is used by default
moonming commented on a change in pull request #6214: URL: https://github.com/apache/apisix/pull/6214#discussion_r793332466 ## File path: apisix/cli/file.lua ## @@ -52,6 +58,32 @@ local function tab_is_array(t) end +local function generate_random_str(len) +local rand_str = "" +local rand_num = 0 + +-- set random seed +randomseed(tostring(os_time()):reverse():sub(1, 5)) Review comment: I means you can make random seed of CLI in https://github.com/apache/apisix/blob/master/apisix/cli/ops.lua#L149 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] moonming commented on a change in pull request #6214: fix(admin-token): fixed token is used by default
moonming commented on a change in pull request #6214: URL: https://github.com/apache/apisix/pull/6214#discussion_r793310867 ## File path: apisix/cli/file.lua ## @@ -52,6 +58,32 @@ local function tab_is_array(t) end +local function generate_random_str(len) +local rand_str = "" +local rand_num = 0 + +-- set random seed +randomseed(tostring(os_time()):reverse():sub(1, 5)) Review comment: https://github.com/apache/apisix/blob/master/apisix/cli/ops.lua#L149 Maybe you can put this function in cli `init` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] moonming commented on a change in pull request #6214: fix(admin-token): fixed token is used by default
moonming commented on a change in pull request #6214: URL: https://github.com/apache/apisix/pull/6214#discussion_r793302104 ## File path: conf/config.yaml ## @@ -43,5 +43,5 @@ apisix: admin_key: - name: admin - key: edd1c9f034335f136f87ad84b625c8f1 # using fixed API token has security risk, please update it when you deploy to production environment + key: ${{APISIX_ADMIN_API_KEY}} Review comment: any do need to remove https://github.com/apache/apisix/blob/master/apisix/admin/init.lua#L64-L68? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] moonming commented on a change in pull request #6214: fix(admin-token): fixed token is used by default
moonming commented on a change in pull request #6214: URL: https://github.com/apache/apisix/pull/6214#discussion_r793300246 ## File path: conf/config.yaml ## @@ -43,5 +43,5 @@ apisix: admin_key: - name: admin - key: edd1c9f034335f136f87ad84b625c8f1 # using fixed API token has security risk, please update it when you deploy to production environment + key: ${{APISIX_ADMIN_API_KEY}} Review comment: According to the discussion on the mailing list, the default value should be empty? I don't understand what the environment variables here mean ## File path: conf/config.yaml ## @@ -43,5 +43,5 @@ apisix: admin_key: - name: admin - key: edd1c9f034335f136f87ad84b625c8f1 # using fixed API token has security risk, please update it when you deploy to production environment + key: ${{APISIX_ADMIN_API_KEY}} Review comment: do we need to update https://github.com/apache/apisix/blob/master/conf/config-default.yaml#L91-L100? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [apisix] moonming commented on a change in pull request #6214: fix(admin-token): fixed token is used by default
moonming commented on a change in pull request #6214: URL: https://github.com/apache/apisix/pull/6214#discussion_r793270205 ## File path: apisix/cli/file.lua ## @@ -52,6 +58,32 @@ local function tab_is_array(t) end +local function generate_random_str(len) +local rand_str = "" +local rand_num = 0 + +-- set random seed +randomseed(tostring(os_time()):reverse():sub(1, 5)) Review comment: I don't think we need to set seed again https://github.com/apache/apisix/blob/427e9269efe32836051bf280ea2af4a566730ae4/apisix/init.lua#L98 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org