From ad5e7328c5d388cd56f5b7e05918e446a7b5c836 Mon Sep 17 00:00:00 2001 From: dongjunduo Date: Wed, 22 Mar 2023 06:06:14 -0700 Subject: [PATCH 01/20] feat(cli): support APISIX_ALLOW_NONE_AUTHENTICATION --- apisix/cli/ngx_tpl.lua | 2 ++ apisix/cli/ops.lua | 7 +++++++ t/cli/test_admin.sh | 21 +++++++++++++++++++++ 3 files changed, 30 insertions(+) diff --git a/apisix/cli/ngx_tpl.lua b/apisix/cli/ngx_tpl.lua index 142d92298805..f33ac15a717e 100644 --- a/apisix/cli/ngx_tpl.lua +++ b/apisix/cli/ngx_tpl.lua @@ -51,6 +51,8 @@ worker_shutdown_timeout {* worker_shutdown_timeout *}; env APISIX_PROFILE; env PATH; # for searching external plugin runner's binary +env APISIX_ALLOW_NONE_AUTHENTICATION; # allow any IP with empty admin_key + # reserved environment variables for configuration env APISIX_DEPLOYMENT_ETCD_HOST; diff --git a/apisix/cli/ops.lua b/apisix/cli/ops.lua index ef069f815010..0d740da2864f 100644 --- a/apisix/cli/ops.lua +++ b/apisix/cli/ops.lua @@ -193,6 +193,13 @@ local function init(env) end end + -- check if APISIX_ALLOW_NONE_AUTHENTICATION=true + -- if so, allow any IP to access admin api with empty admin_key + local allow_none_auth = getenv("APISIX_ALLOW_NONE_AUTHENTICATION") + if allow_none_auth == "true" then + checked_admin_key = true + end + if yaml_conf.apisix.enable_admin and not checked_admin_key then local help = [[ diff --git a/t/cli/test_admin.sh b/t/cli/test_admin.sh index 5336244e3372..3387138a5278 100755 --- a/t/cli/test_admin.sh +++ b/t/cli/test_admin.sh @@ -154,6 +154,27 @@ fi echo "pass: missing admin key and show ERROR message" +# allow any IP to access admin api with empty admin_key, when APISIX_ALLOW_NONE_AUTHENTICATION=true + +git checkout conf/config.yaml + +echo ' +deployment: + admin: + admin_key: ~ + allow_admin: ~ +' > conf/config.yaml + +APISIX_ALLOW_NONE_AUTHENTICATION=true make init > output.log 2>&1 | true + +grep -E "ERROR: missing valid Admin API token." output.log > /dev/null +if [ ! $? -ne 0 ]; then + echo "failed: should show 'ERROR: missing valid Admin API token.'" + exit 1 +fi + +echo "pass: allow empty admin_key, when APISIX_ALLOW_NONE_AUTHENTICATION=true" + # admin api, allow any IP but use default key echo ' From 48c49415e29ae41618fe454036e116a75be3251d Mon Sep 17 00:00:00 2001 From: dongjunduo Date: Wed, 22 Mar 2023 18:34:06 -0700 Subject: [PATCH 02/20] fix wrong test --- t/cli/test_admin.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/t/cli/test_admin.sh b/t/cli/test_admin.sh index 3387138a5278..837b22ababe7 100755 --- a/t/cli/test_admin.sh +++ b/t/cli/test_admin.sh @@ -162,14 +162,15 @@ echo ' deployment: admin: admin_key: ~ - allow_admin: ~ + allow_admin: + - 127.0.0.0/24 ' > conf/config.yaml APISIX_ALLOW_NONE_AUTHENTICATION=true make init > output.log 2>&1 | true grep -E "ERROR: missing valid Admin API token." output.log > /dev/null if [ ! $? -ne 0 ]; then - echo "failed: should show 'ERROR: missing valid Admin API token.'" + echo "failed: should not show 'ERROR: missing valid Admin API token.'" exit 1 fi From 88c7830f795e41f69ce65e1f247c01d56a082bea Mon Sep 17 00:00:00 2001 From: dongjunduo Date: Wed, 22 Mar 2023 19:21:05 -0700 Subject: [PATCH 03/20] fix wrong test --- t/cli/test_admin.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/t/cli/test_admin.sh b/t/cli/test_admin.sh index 837b22ababe7..b4eb796d8351 100755 --- a/t/cli/test_admin.sh +++ b/t/cli/test_admin.sh @@ -163,13 +163,13 @@ deployment: admin: admin_key: ~ allow_admin: - - 127.0.0.0/24 + - 0.0.0.0/0 ' > conf/config.yaml APISIX_ALLOW_NONE_AUTHENTICATION=true make init > output.log 2>&1 | true grep -E "ERROR: missing valid Admin API token." output.log > /dev/null -if [ ! $? -ne 0 ]; then +if [ $? -eq 0 ]; then echo "failed: should not show 'ERROR: missing valid Admin API token.'" exit 1 fi From 8089d473a20be7dde7aecfb02000205f91eea030 Mon Sep 17 00:00:00 2001 From: dongjunduo Date: Fri, 24 Mar 2023 00:12:18 -0700 Subject: [PATCH 04/20] fix wrong test config --- t/cli/test_admin.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/t/cli/test_admin.sh b/t/cli/test_admin.sh index b4eb796d8351..f22be84b0ed4 100755 --- a/t/cli/test_admin.sh +++ b/t/cli/test_admin.sh @@ -168,8 +168,7 @@ deployment: APISIX_ALLOW_NONE_AUTHENTICATION=true make init > output.log 2>&1 | true -grep -E "ERROR: missing valid Admin API token." output.log > /dev/null -if [ $? -eq 0 ]; then +if grep -E "ERROR: missing valid Admin API token." output.log > /dev/null; then echo "failed: should not show 'ERROR: missing valid Admin API token.'" exit 1 fi From 2111f540682759c322619a80ab45987c4f8e1872 Mon Sep 17 00:00:00 2001 From: dongjunduo Date: Mon, 27 Mar 2023 21:05:21 -0700 Subject: [PATCH 05/20] bypass the auth if APISIX_ALLOW_NONE_AUTHENTICATION=true --- apisix/admin/init.lua | 8 ++++++++ apisix/cli/ops.lua | 2 +- t/admin/token.t | 16 ++++++++++++++++ 3 files changed, 25 insertions(+), 1 deletion(-) diff --git a/apisix/admin/init.lua b/apisix/admin/init.lua index 072a584350ee..f061b3e337dd 100644 --- a/apisix/admin/init.lua +++ b/apisix/admin/init.lua @@ -32,6 +32,7 @@ local reload_event = "/apisix/admin/plugins/reload" local ipairs = ipairs local error = error local type = type +local getenv = os.getenv local events @@ -66,6 +67,13 @@ local router local function check_token(ctx) + -- check if APISIX_ALLOW_NONE_AUTHENTICATION=true + -- if so, allow any requests to access admin api without admin_key + local none_auth = getenv("APISIX_ALLOW_NONE_AUTHENTICATION") + if none_auth == "true" then + return true + end + local local_conf = core.config.local_conf() local admin_key = core.table.try_read_attr(local_conf, "deployment", "admin", "admin_key") if not admin_key then diff --git a/apisix/cli/ops.lua b/apisix/cli/ops.lua index 0d740da2864f..ed0bdc55ccaf 100644 --- a/apisix/cli/ops.lua +++ b/apisix/cli/ops.lua @@ -194,7 +194,7 @@ local function init(env) end -- check if APISIX_ALLOW_NONE_AUTHENTICATION=true - -- if so, allow any IP to access admin api with empty admin_key + -- if so, there is no need to check admin_key local allow_none_auth = getenv("APISIX_ALLOW_NONE_AUTHENTICATION") if allow_none_auth == "true" then checked_admin_key = true diff --git a/t/admin/token.t b/t/admin/token.t index 1ab9942ae8ca..17b2a1c50cf9 100644 --- a/t/admin/token.t +++ b/t/admin/token.t @@ -177,3 +177,19 @@ PUT /apisix/admin/plugins/reload?api_key=4054f7cf07e344346cd3f287985e76a2 --- request GET /apisix/admin/routes??api_key=4054f7cf07e344346cd3f287985e76a2 --- error_code: 401 + + + +=== TEST 10: access without api key +--- request +GET /apisix/admin/routes +--- error_code: 401 + + + +=== TEST 11: access without api key, but APISIX_ALLOW_NONE_AUTHENTICATION=true +--- main_config +env APISIX_ALLOW_NONE_AUTHENTICATION=true; +--- request +GET /apisix/admin/routes +--- error_code: 200 From 03958507370c23b9e3b6719cacd3b537ec6579a1 Mon Sep 17 00:00:00 2001 From: dongjunduo Date: Tue, 28 Mar 2023 00:38:36 -0700 Subject: [PATCH 06/20] add hint --- apisix/admin/init.lua | 8 ++++++++ apisix/cli/ops.lua | 3 +++ t/admin/token.t | 2 ++ t/cli/test_admin.sh | 5 +++++ 4 files changed, 18 insertions(+) diff --git a/apisix/admin/init.lua b/apisix/admin/init.lua index f061b3e337dd..dc5e74b5eb70 100644 --- a/apisix/admin/init.lua +++ b/apisix/admin/init.lua @@ -403,6 +403,14 @@ function _M.init_worker() events.register(reload_plugins, reload_event, "PUT") if ngx_worker_id() == 0 then + -- check if APISIX_ALLOW_NONE_AUTHENTICATION=true + local none_auth = getenv("APISIX_ALLOW_NONE_AUTHENTICATION") + if none_auth == "true" then + core.log.warn("AdminKey is bypassed because of APISIX_ALLOW_NONE_AUTHENTICATION=true.", + "If you are deploying APISIX in a production environment,", + "please disable it and set a secure password for the adminKey!") + end + local ok, err = ngx_timer_at(0, function(premature) if premature then return diff --git a/apisix/cli/ops.lua b/apisix/cli/ops.lua index ed0bdc55ccaf..868e9bda9cc3 100644 --- a/apisix/cli/ops.lua +++ b/apisix/cli/ops.lua @@ -198,6 +198,9 @@ local function init(env) local allow_none_auth = getenv("APISIX_ALLOW_NONE_AUTHENTICATION") if allow_none_auth == "true" then checked_admin_key = true + print("Warning! AdminKey is bypassed because of APISIX_ALLOW_NONE_AUTHENTICATION=true.", + "If you are deploying APISIX in a production environment,", + "please disable it and set a secure password for the adminKey!") end if yaml_conf.apisix.enable_admin and not checked_admin_key then diff --git a/t/admin/token.t b/t/admin/token.t index 17b2a1c50cf9..5dee4366bc7b 100644 --- a/t/admin/token.t +++ b/t/admin/token.t @@ -193,3 +193,5 @@ env APISIX_ALLOW_NONE_AUTHENTICATION=true; --- request GET /apisix/admin/routes --- error_code: 200 +--- error_log +AdminKey is bypassed because of APISIX_ALLOW_NONE_AUTHENTICATION=true diff --git a/t/cli/test_admin.sh b/t/cli/test_admin.sh index f22be84b0ed4..396b3dd0c175 100755 --- a/t/cli/test_admin.sh +++ b/t/cli/test_admin.sh @@ -173,6 +173,11 @@ if grep -E "ERROR: missing valid Admin API token." output.log > /dev/null; then exit 1 fi +if ! grep -E "Warning! AdminKey is bypassed" output.log > /dev/null; then + echo "failed: should show 'Warning! AdminKey is bypassed'" + exit 1 +fi + echo "pass: allow empty admin_key, when APISIX_ALLOW_NONE_AUTHENTICATION=true" # admin api, allow any IP but use default key From b4332c7a731c204e4aeb264bb49d8b77240317f6 Mon Sep 17 00:00:00 2001 From: dongjunduo Date: Tue, 28 Mar 2023 20:10:06 -0700 Subject: [PATCH 07/20] change env var name --- apisix/admin/init.lua | 13 +++++++------ apisix/cli/ngx_tpl.lua | 2 +- apisix/cli/ops.lua | 7 +++---- t/admin/token.t | 6 +++--- t/cli/test_admin.sh | 6 +++--- 5 files changed, 17 insertions(+), 17 deletions(-) diff --git a/apisix/admin/init.lua b/apisix/admin/init.lua index dc5e74b5eb70..6a79acec29c8 100644 --- a/apisix/admin/init.lua +++ b/apisix/admin/init.lua @@ -67,9 +67,10 @@ local router local function check_token(ctx) - -- check if APISIX_ALLOW_NONE_AUTHENTICATION=true - -- if so, allow any requests to access admin api without admin_key - local none_auth = getenv("APISIX_ALLOW_NONE_AUTHENTICATION") + bypass_admin_api_auth + APISIX_BYPASS_ADMIN_API_AUTH + -- check if APISIX_BYPASS_ADMIN_API_AUTH=true + local none_auth = getenv("APISIX_BYPASS_ADMIN_API_AUTH") if none_auth == "true" then return true end @@ -403,10 +404,10 @@ function _M.init_worker() events.register(reload_plugins, reload_event, "PUT") if ngx_worker_id() == 0 then - -- check if APISIX_ALLOW_NONE_AUTHENTICATION=true - local none_auth = getenv("APISIX_ALLOW_NONE_AUTHENTICATION") + -- check if APISIX_BYPASS_ADMIN_API_AUTH=true + local none_auth = getenv("APISIX_BYPASS_ADMIN_API_AUTH") if none_auth == "true" then - core.log.warn("AdminKey is bypassed because of APISIX_ALLOW_NONE_AUTHENTICATION=true.", + core.log.warn("AdminKey is bypassed because of APISIX_BYPASS_ADMIN_API_AUTH=true.", "If you are deploying APISIX in a production environment,", "please disable it and set a secure password for the adminKey!") end diff --git a/apisix/cli/ngx_tpl.lua b/apisix/cli/ngx_tpl.lua index f33ac15a717e..1f1ac1c8a797 100644 --- a/apisix/cli/ngx_tpl.lua +++ b/apisix/cli/ngx_tpl.lua @@ -51,7 +51,7 @@ worker_shutdown_timeout {* worker_shutdown_timeout *}; env APISIX_PROFILE; env PATH; # for searching external plugin runner's binary -env APISIX_ALLOW_NONE_AUTHENTICATION; # allow any IP with empty admin_key +env APISIX_BYPASS_ADMIN_API_AUTH; # bypass admin api auth # reserved environment variables for configuration env APISIX_DEPLOYMENT_ETCD_HOST; diff --git a/apisix/cli/ops.lua b/apisix/cli/ops.lua index 868e9bda9cc3..2fef71771737 100644 --- a/apisix/cli/ops.lua +++ b/apisix/cli/ops.lua @@ -193,12 +193,11 @@ local function init(env) end end - -- check if APISIX_ALLOW_NONE_AUTHENTICATION=true - -- if so, there is no need to check admin_key - local allow_none_auth = getenv("APISIX_ALLOW_NONE_AUTHENTICATION") + -- check if APISIX_BYPASS_ADMIN_API_AUTH=true + local allow_none_auth = getenv("APISIX_BYPASS_ADMIN_API_AUTH") if allow_none_auth == "true" then checked_admin_key = true - print("Warning! AdminKey is bypassed because of APISIX_ALLOW_NONE_AUTHENTICATION=true.", + print("Warning! AdminKey is bypassed because of APISIX_BYPASS_ADMIN_API_AUTH=true.", "If you are deploying APISIX in a production environment,", "please disable it and set a secure password for the adminKey!") end diff --git a/t/admin/token.t b/t/admin/token.t index 5dee4366bc7b..56eb08007681 100644 --- a/t/admin/token.t +++ b/t/admin/token.t @@ -187,11 +187,11 @@ GET /apisix/admin/routes -=== TEST 11: access without api key, but APISIX_ALLOW_NONE_AUTHENTICATION=true +=== TEST 11: access without api key, but APISIX_BYPASS_ADMIN_API_AUTH=true --- main_config -env APISIX_ALLOW_NONE_AUTHENTICATION=true; +env APISIX_BYPASS_ADMIN_API_AUTH=true; --- request GET /apisix/admin/routes --- error_code: 200 --- error_log -AdminKey is bypassed because of APISIX_ALLOW_NONE_AUTHENTICATION=true +AdminKey is bypassed because of APISIX_BYPASS_ADMIN_API_AUTH=true diff --git a/t/cli/test_admin.sh b/t/cli/test_admin.sh index 396b3dd0c175..5c70fd86bd3e 100755 --- a/t/cli/test_admin.sh +++ b/t/cli/test_admin.sh @@ -154,7 +154,7 @@ fi echo "pass: missing admin key and show ERROR message" -# allow any IP to access admin api with empty admin_key, when APISIX_ALLOW_NONE_AUTHENTICATION=true +# allow any IP to access admin api with empty admin_key, when APISIX_BYPASS_ADMIN_API_AUTH=true git checkout conf/config.yaml @@ -166,7 +166,7 @@ deployment: - 0.0.0.0/0 ' > conf/config.yaml -APISIX_ALLOW_NONE_AUTHENTICATION=true make init > output.log 2>&1 | true +APISIX_BYPASS_ADMIN_API_AUTH=true make init > output.log 2>&1 | true if grep -E "ERROR: missing valid Admin API token." output.log > /dev/null; then echo "failed: should not show 'ERROR: missing valid Admin API token.'" @@ -178,7 +178,7 @@ if ! grep -E "Warning! AdminKey is bypassed" output.log > /dev/null; then exit 1 fi -echo "pass: allow empty admin_key, when APISIX_ALLOW_NONE_AUTHENTICATION=true" +echo "pass: allow empty admin_key, when APISIX_BYPASS_ADMIN_API_AUTH=true" # admin api, allow any IP but use default key From 811012312141c2c3e69ad026bc8624d209feb567 Mon Sep 17 00:00:00 2001 From: dongjunduo Date: Tue, 28 Mar 2023 20:21:52 -0700 Subject: [PATCH 08/20] add blank line --- t/cli/test_admin.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/t/cli/test_admin.sh b/t/cli/test_admin.sh index f9ad5a6b9490..a6db1556a2fd 100755 --- a/t/cli/test_admin.sh +++ b/t/cli/test_admin.sh @@ -450,4 +450,4 @@ fi make stop -echo "pass: accept changes to /apisix/plugins successfully" \ No newline at end of file +echo "pass: accept changes to /apisix/plugins successfully" From d2cde1484770b9fbdd34f2fd9afe03dfda7abc03 Mon Sep 17 00:00:00 2001 From: dongjunduo Date: Wed, 29 Mar 2023 01:46:05 -0700 Subject: [PATCH 09/20] add non-true check --- apisix/admin/init.lua | 8 ++++---- apisix/cli/ops.lua | 4 ++-- t/admin/token.t | 9 +++++++++ 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/apisix/admin/init.lua b/apisix/admin/init.lua index 97577eaf7e94..f179d53f4b81 100644 --- a/apisix/admin/init.lua +++ b/apisix/admin/init.lua @@ -68,8 +68,8 @@ local router local function check_token(ctx) -- check if APISIX_BYPASS_ADMIN_API_AUTH=true - local none_auth = getenv("APISIX_BYPASS_ADMIN_API_AUTH") - if none_auth == "true" then + local bypass_admin_api_auth = getenv("APISIX_BYPASS_ADMIN_API_AUTH") + if bypass_admin_api_auth == "true" then return true end @@ -403,8 +403,8 @@ function _M.init_worker() if ngx_worker_id() == 0 then -- check if APISIX_BYPASS_ADMIN_API_AUTH=true - local none_auth = getenv("APISIX_BYPASS_ADMIN_API_AUTH") - if none_auth == "true" then + local bypass_admin_api_auth = getenv("APISIX_BYPASS_ADMIN_API_AUTH") + if bypass_admin_api_auth == "true" then core.log.warn("AdminKey is bypassed because of APISIX_BYPASS_ADMIN_API_AUTH=true.", "If you are deploying APISIX in a production environment,", "please disable it and set a secure password for the adminKey!") diff --git a/apisix/cli/ops.lua b/apisix/cli/ops.lua index ca6fc04d2c9f..c32fa499faa3 100644 --- a/apisix/cli/ops.lua +++ b/apisix/cli/ops.lua @@ -191,8 +191,8 @@ local function init(env) end -- check if APISIX_BYPASS_ADMIN_API_AUTH=true - local allow_none_auth = getenv("APISIX_BYPASS_ADMIN_API_AUTH") - if allow_none_auth == "true" then + local bypass_admin_api_auth = getenv("APISIX_BYPASS_ADMIN_API_AUTH") + if bypass_admin_api_auth == "true" then checked_admin_key = true print("Warning! AdminKey is bypassed because of APISIX_BYPASS_ADMIN_API_AUTH=true.", "If you are deploying APISIX in a production environment,", diff --git a/t/admin/token.t b/t/admin/token.t index 56eb08007681..580a0b073fba 100644 --- a/t/admin/token.t +++ b/t/admin/token.t @@ -195,3 +195,12 @@ GET /apisix/admin/routes --- error_code: 200 --- error_log AdminKey is bypassed because of APISIX_BYPASS_ADMIN_API_AUTH=true + + + +=== TEST 12: access without api key, but APISIX_BYPASS_ADMIN_API_AUTH=non-true +--- main_config +env APISIX_BYPASS_ADMIN_API_AUTH=non-true; +--- request +GET /apisix/admin/routes +--- error_code: 401 From 73ff74be31af32f2dc82b9cc3db7df6c225cdcf3 Mon Sep 17 00:00:00 2001 From: dongjunduo Date: Wed, 29 Mar 2023 08:56:27 -0700 Subject: [PATCH 10/20] change env-config to file-config --- apisix/admin/init.lua | 16 +++++++--------- apisix/cli/ngx_tpl.lua | 2 -- apisix/cli/ops.lua | 12 +++++------- apisix/cli/schema.lua | 3 +++ conf/config-default.yaml | 4 ++++ t/admin/api.t | 13 +++++++++++++ t/admin/token.t | 20 -------------------- t/cli/test_admin.sh | 36 +++++++++++++++++++++++++++++++++--- 8 files changed, 65 insertions(+), 41 deletions(-) diff --git a/apisix/admin/init.lua b/apisix/admin/init.lua index f179d53f4b81..f991b7799202 100644 --- a/apisix/admin/init.lua +++ b/apisix/admin/init.lua @@ -32,7 +32,6 @@ local reload_event = "/apisix/admin/plugins/reload" local ipairs = ipairs local error = error local type = type -local getenv = os.getenv local events @@ -67,13 +66,13 @@ local router local function check_token(ctx) - -- check if APISIX_BYPASS_ADMIN_API_AUTH=true - local bypass_admin_api_auth = getenv("APISIX_BYPASS_ADMIN_API_AUTH") - if bypass_admin_api_auth == "true" then + local local_conf = core.config.local_conf() + + -- check if admin_key is required + if not local_conf.deployment.admin.admin_key_required then return true end - local local_conf = core.config.local_conf() local admin_key = core.table.try_read_attr(local_conf, "deployment", "admin", "admin_key") if not admin_key then return true @@ -402,10 +401,9 @@ function _M.init_worker() events.register(reload_plugins, reload_event, "PUT") if ngx_worker_id() == 0 then - -- check if APISIX_BYPASS_ADMIN_API_AUTH=true - local bypass_admin_api_auth = getenv("APISIX_BYPASS_ADMIN_API_AUTH") - if bypass_admin_api_auth == "true" then - core.log.warn("AdminKey is bypassed because of APISIX_BYPASS_ADMIN_API_AUTH=true.", + -- check if admin_key is required + if not local_conf.deployment.admin.admin_key_required then + core.log.warn("AdminKey is bypassed.", "If you are deploying APISIX in a production environment,", "please disable it and set a secure password for the adminKey!") end diff --git a/apisix/cli/ngx_tpl.lua b/apisix/cli/ngx_tpl.lua index 1f1ac1c8a797..142d92298805 100644 --- a/apisix/cli/ngx_tpl.lua +++ b/apisix/cli/ngx_tpl.lua @@ -51,8 +51,6 @@ worker_shutdown_timeout {* worker_shutdown_timeout *}; env APISIX_PROFILE; env PATH; # for searching external plugin runner's binary -env APISIX_BYPASS_ADMIN_API_AUTH; # bypass admin api auth - # reserved environment variables for configuration env APISIX_DEPLOYMENT_ETCD_HOST; diff --git a/apisix/cli/ops.lua b/apisix/cli/ops.lua index c32fa499faa3..35d9c4210362 100644 --- a/apisix/cli/ops.lua +++ b/apisix/cli/ops.lua @@ -189,14 +189,12 @@ local function init(env) and #allow_admin == 1 and allow_admin[1] == "127.0.0.0/24" then checked_admin_key = true end - - -- check if APISIX_BYPASS_ADMIN_API_AUTH=true - local bypass_admin_api_auth = getenv("APISIX_BYPASS_ADMIN_API_AUTH") - if bypass_admin_api_auth == "true" then + -- check if admin_key is required + if not yaml_conf.deployment.admin.admin_key_required then checked_admin_key = true - print("Warning! AdminKey is bypassed because of APISIX_BYPASS_ADMIN_API_AUTH=true.", - "If you are deploying APISIX in a production environment,", - "please disable it and set a secure password for the adminKey!") + print("Warning! AdminKey is bypassed. " + .. "If you are deploying APISIX in a production environment, " + .. "please disable it and set a secure password for the adminKey!") end if yaml_conf.apisix.enable_admin and not checked_admin_key then diff --git a/apisix/cli/schema.lua b/apisix/cli/schema.lua index 477e2ce7e56d..56d7e2f630cc 100644 --- a/apisix/cli/schema.lua +++ b/apisix/cli/schema.lua @@ -353,6 +353,9 @@ local admin_schema = { https_admin = { type = "boolean", }, + admin_key_required = { + type = "boolean", + }, } } diff --git a/conf/config-default.yaml b/conf/config-default.yaml index 2765afe9c43f..ce997b110198 100755 --- a/conf/config-default.yaml +++ b/conf/config-default.yaml @@ -588,6 +588,10 @@ deployment: role_traditional: config_provider: etcd admin: + # If admin_key is required, default value is true. + # Bypass the Admin API authentication by modifying this value to false if needed. + admin_key_required: true + # Default token when use API to call for Admin API. # *NOTE*: Highly recommended to modify this value to protect APISIX's Admin API. # Disabling this configuration item means that the Admin API does not diff --git a/t/admin/api.t b/t/admin/api.t index 67d7344b6998..da81ef45d28f 100644 --- a/t/admin/api.t +++ b/t/admin/api.t @@ -156,3 +156,16 @@ X-API-VERSION: v2 GET /t --- response_body passed + + + +=== TEST 10: Access without api key, but admin_key_required=false +--- yaml_config +deployment: + admin: + admin_key_required: false +--- request +GET /apisix/admin/routes +--- error_code: 200 +--- error_log +AdminKey is bypassed. diff --git a/t/admin/token.t b/t/admin/token.t index 580a0b073fba..3cea019996d6 100644 --- a/t/admin/token.t +++ b/t/admin/token.t @@ -184,23 +184,3 @@ GET /apisix/admin/routes??api_key=4054f7cf07e344346cd3f287985e76a2 --- request GET /apisix/admin/routes --- error_code: 401 - - - -=== TEST 11: access without api key, but APISIX_BYPASS_ADMIN_API_AUTH=true ---- main_config -env APISIX_BYPASS_ADMIN_API_AUTH=true; ---- request -GET /apisix/admin/routes ---- error_code: 200 ---- error_log -AdminKey is bypassed because of APISIX_BYPASS_ADMIN_API_AUTH=true - - - -=== TEST 12: access without api key, but APISIX_BYPASS_ADMIN_API_AUTH=non-true ---- main_config -env APISIX_BYPASS_ADMIN_API_AUTH=non-true; ---- request -GET /apisix/admin/routes ---- error_code: 401 diff --git a/t/cli/test_admin.sh b/t/cli/test_admin.sh index a6db1556a2fd..c2764e9d8d20 100755 --- a/t/cli/test_admin.sh +++ b/t/cli/test_admin.sh @@ -189,19 +189,36 @@ fi echo "pass: missing admin key and only allow 127.0.0.0/24 to access admin api" -# allow any IP to access admin api with empty admin_key, when APISIX_BYPASS_ADMIN_API_AUTH=true +# allow any IP to access admin api with empty admin_key, when admin_key_required=true git checkout conf/config.yaml echo ' deployment: admin: + admin_key_required: true admin_key: ~ allow_admin: - 0.0.0.0/0 ' > conf/config.yaml -APISIX_BYPASS_ADMIN_API_AUTH=true make init > output.log 2>&1 | true +make init > output.log 2>&1 | true + +if ! grep -E "ERROR: missing valid Admin API token." output.log > /dev/null; then + echo "failed: should show 'ERROR: missing valid Admin API token.'" + exit 1 +fi + +echo ' +deployment: + admin: + admin_key_required: false + admin_key: ~ + allow_admin: + - 0.0.0.0/0 +' > conf/config.yaml + +make init > output.log 2>&1 | true if grep -E "ERROR: missing valid Admin API token." output.log > /dev/null; then echo "failed: should not show 'ERROR: missing valid Admin API token.'" @@ -213,7 +230,20 @@ if ! grep -E "Warning! AdminKey is bypassed" output.log > /dev/null; then exit 1 fi -echo "pass: allow empty admin_key, when APISIX_BYPASS_ADMIN_API_AUTH=true" +echo ' +deployment: + admin: + admin_key_required: invalid-value +' > conf/config.yaml + +make init > output.log 2>&1 | true + +if grep -E "path[deployment->admin->admin_key_required] expect: boolean, but got: string" output.log > /dev/null; then + echo "failed: should show 'expect: boolean, but got: string'" + exit 1 +fi + +echo "pass: allow empty admin_key, when admin_key_required=true" # admin api, allow any IP but use default key From 427782e73b2a2a184b9e8e0772967ba46933c213 Mon Sep 17 00:00:00 2001 From: dongjunduo Date: Wed, 29 Mar 2023 09:00:19 -0700 Subject: [PATCH 11/20] remove useless test --- t/admin/token.t | 7 ------- 1 file changed, 7 deletions(-) diff --git a/t/admin/token.t b/t/admin/token.t index 3cea019996d6..1ab9942ae8ca 100644 --- a/t/admin/token.t +++ b/t/admin/token.t @@ -177,10 +177,3 @@ PUT /apisix/admin/plugins/reload?api_key=4054f7cf07e344346cd3f287985e76a2 --- request GET /apisix/admin/routes??api_key=4054f7cf07e344346cd3f287985e76a2 --- error_code: 401 - - - -=== TEST 10: access without api key ---- request -GET /apisix/admin/routes ---- error_code: 401 From d4bf713b40dd802a83d4e0d6a32a6e3b357ba05a Mon Sep 17 00:00:00 2001 From: dongjunduo Date: Wed, 29 Mar 2023 18:58:37 -0700 Subject: [PATCH 12/20] add more test cases --- t/admin/api.t | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/t/admin/api.t b/t/admin/api.t index da81ef45d28f..c6091eb299cd 100644 --- a/t/admin/api.t +++ b/t/admin/api.t @@ -159,7 +159,31 @@ passed -=== TEST 10: Access without api key, but admin_key_required=false +=== TEST 10: Access with api key, and admin_key_required=true +--- yaml_config +deployment: + admin: + admin_key_required: true +--- more_headers +X-API-KEY: edd1c9f034335f136f87ad84b625c8f1 +--- request +GET /apisix/admin/routes +--- error_code: 200 + + + +=== TEST 11: Access without api key, but admin_key_required=true +--- yaml_config +deployment: + admin: + admin_key_required: true +--- request +GET /apisix/admin/routes +--- error_code: 401 + + + +=== TEST 12: Access without api key, but admin_key_required=false --- yaml_config deployment: admin: From 477687e69e173576aafb676da4b4eba69dc1e484 Mon Sep 17 00:00:00 2001 From: dongjunduo Date: Thu, 30 Mar 2023 00:34:33 -0700 Subject: [PATCH 13/20] rewrite comments --- conf/config-default.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/config-default.yaml b/conf/config-default.yaml index ce997b110198..098f80345026 100755 --- a/conf/config-default.yaml +++ b/conf/config-default.yaml @@ -588,7 +588,7 @@ deployment: role_traditional: config_provider: etcd admin: - # If admin_key is required, default value is true. + # admin_key required or not. Default value is true. # Bypass the Admin API authentication by modifying this value to false if needed. admin_key_required: true From 805edceb7b46aa306c8a01e2a503e300e648f715 Mon Sep 17 00:00:00 2001 From: dongjunduo Date: Thu, 30 Mar 2023 01:53:07 -0700 Subject: [PATCH 14/20] Correcting spelling problems --- apisix/admin/init.lua | 6 +++--- apisix/cli/ops.lua | 4 ++-- t/admin/api.t | 2 +- t/cli/test_admin.sh | 6 +++--- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/apisix/admin/init.lua b/apisix/admin/init.lua index f991b7799202..f81bc8ee827c 100644 --- a/apisix/admin/init.lua +++ b/apisix/admin/init.lua @@ -403,9 +403,9 @@ function _M.init_worker() if ngx_worker_id() == 0 then -- check if admin_key is required if not local_conf.deployment.admin.admin_key_required then - core.log.warn("AdminKey is bypassed.", - "If you are deploying APISIX in a production environment,", - "please disable it and set a secure password for the adminKey!") + core.log.warn("Admin key is bypassed! ", + "If you are deploying APISIX in a production environment, ", + "please disable it and set a secure password for the admin Key!") end local ok, err = ngx_timer_at(0, function(premature) diff --git a/apisix/cli/ops.lua b/apisix/cli/ops.lua index 35d9c4210362..40dd14da1eaf 100644 --- a/apisix/cli/ops.lua +++ b/apisix/cli/ops.lua @@ -192,9 +192,9 @@ local function init(env) -- check if admin_key is required if not yaml_conf.deployment.admin.admin_key_required then checked_admin_key = true - print("Warning! AdminKey is bypassed. " + print("Warning! Admin key is bypassed! " .. "If you are deploying APISIX in a production environment, " - .. "please disable it and set a secure password for the adminKey!") + .. "please disable it and set a secure password for the admin Key!") end if yaml_conf.apisix.enable_admin and not checked_admin_key then diff --git a/t/admin/api.t b/t/admin/api.t index c6091eb299cd..204878b29b3e 100644 --- a/t/admin/api.t +++ b/t/admin/api.t @@ -192,4 +192,4 @@ deployment: GET /apisix/admin/routes --- error_code: 200 --- error_log -AdminKey is bypassed. +Admin key is bypassed! diff --git a/t/cli/test_admin.sh b/t/cli/test_admin.sh index c2764e9d8d20..2ddacbcc8033 100755 --- a/t/cli/test_admin.sh +++ b/t/cli/test_admin.sh @@ -225,8 +225,8 @@ if grep -E "ERROR: missing valid Admin API token." output.log > /dev/null; then exit 1 fi -if ! grep -E "Warning! AdminKey is bypassed" output.log > /dev/null; then - echo "failed: should show 'Warning! AdminKey is bypassed'" +if ! grep -E "Warning! Admin key is bypassed" output.log > /dev/null; then + echo "failed: should show 'Warning! Admin key is bypassed'" exit 1 fi @@ -243,7 +243,7 @@ if grep -E "path[deployment->admin->admin_key_required] expect: boolean, but got exit 1 fi -echo "pass: allow empty admin_key, when admin_key_required=true" +echo "pass: allow empty admin_key, when admin_key_required=false" # admin api, allow any IP but use default key From 76656045c2deac9a38a164f27342ad9b23868765 Mon Sep 17 00:00:00 2001 From: dongjunduo Date: Thu, 30 Mar 2023 02:11:08 -0700 Subject: [PATCH 15/20] correct spell problem --- apisix/admin/init.lua | 4 ++-- apisix/cli/ops.lua | 2 +- conf/config-default.yaml | 2 +- t/cli/test_admin.sh | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/apisix/admin/init.lua b/apisix/admin/init.lua index f81bc8ee827c..8615f13ac021 100644 --- a/apisix/admin/init.lua +++ b/apisix/admin/init.lua @@ -69,7 +69,7 @@ local function check_token(ctx) local local_conf = core.config.local_conf() -- check if admin_key is required - if not local_conf.deployment.admin.admin_key_required then + if local_conf.deployment.admin.admin_key_required == false then return true end @@ -402,7 +402,7 @@ function _M.init_worker() if ngx_worker_id() == 0 then -- check if admin_key is required - if not local_conf.deployment.admin.admin_key_required then + if local_conf.deployment.admin.admin_key_required == false then core.log.warn("Admin key is bypassed! ", "If you are deploying APISIX in a production environment, ", "please disable it and set a secure password for the admin Key!") diff --git a/apisix/cli/ops.lua b/apisix/cli/ops.lua index 40dd14da1eaf..cb5c715e2949 100644 --- a/apisix/cli/ops.lua +++ b/apisix/cli/ops.lua @@ -190,7 +190,7 @@ local function init(env) checked_admin_key = true end -- check if admin_key is required - if not yaml_conf.deployment.admin.admin_key_required then + if yaml_conf.deployment.admin.admin_key_required == false then checked_admin_key = true print("Warning! Admin key is bypassed! " .. "If you are deploying APISIX in a production environment, " diff --git a/conf/config-default.yaml b/conf/config-default.yaml index 098f80345026..a80f3964436c 100755 --- a/conf/config-default.yaml +++ b/conf/config-default.yaml @@ -590,7 +590,7 @@ deployment: admin: # admin_key required or not. Default value is true. # Bypass the Admin API authentication by modifying this value to false if needed. - admin_key_required: true + # admin_key_required: true # Default token when use API to call for Admin API. # *NOTE*: Highly recommended to modify this value to protect APISIX's Admin API. diff --git a/t/cli/test_admin.sh b/t/cli/test_admin.sh index 2ddacbcc8033..aad049728176 100755 --- a/t/cli/test_admin.sh +++ b/t/cli/test_admin.sh @@ -239,7 +239,7 @@ deployment: make init > output.log 2>&1 | true if grep -E "path[deployment->admin->admin_key_required] expect: boolean, but got: string" output.log > /dev/null; then - echo "failed: should show 'expect: boolean, but got: string'" + echo "check admin_key_required value failed: should show 'expect: boolean, but got: string'" exit 1 fi From bffbf5612373bcb5f66aa53e11497d5765f57229 Mon Sep 17 00:00:00 2001 From: dongjunduo Date: Tue, 4 Apr 2023 01:53:18 -0700 Subject: [PATCH 16/20] correct warning --- apisix/admin/init.lua | 2 +- apisix/cli/ops.lua | 2 +- t/admin/api.t | 13 ++++++++++++- 3 files changed, 14 insertions(+), 3 deletions(-) diff --git a/apisix/admin/init.lua b/apisix/admin/init.lua index 8615f13ac021..ccea011fe23d 100644 --- a/apisix/admin/init.lua +++ b/apisix/admin/init.lua @@ -405,7 +405,7 @@ function _M.init_worker() if local_conf.deployment.admin.admin_key_required == false then core.log.warn("Admin key is bypassed! ", "If you are deploying APISIX in a production environment, ", - "please disable it and set a secure password for the admin Key!") + "please disable `admin_key_required` and set a secure admin key!") end local ok, err = ngx_timer_at(0, function(premature) diff --git a/apisix/cli/ops.lua b/apisix/cli/ops.lua index cb5c715e2949..ebd3061e0c12 100644 --- a/apisix/cli/ops.lua +++ b/apisix/cli/ops.lua @@ -194,7 +194,7 @@ local function init(env) checked_admin_key = true print("Warning! Admin key is bypassed! " .. "If you are deploying APISIX in a production environment, " - .. "please disable it and set a secure password for the admin Key!") + .. "please disable `admin_key_required` and set a secure admin key!") end if yaml_conf.apisix.enable_admin and not checked_admin_key then diff --git a/t/admin/api.t b/t/admin/api.t index 204878b29b3e..c3b5620c3f66 100644 --- a/t/admin/api.t +++ b/t/admin/api.t @@ -183,7 +183,18 @@ GET /apisix/admin/routes -=== TEST 12: Access without api key, but admin_key_required=false +=== TEST 12: Access without api key, but admin_key_required=true +--- yaml_config +deployment: + admin: + admin_key_required: true +--- request +GET /apisix/admin/routes +--- error_code: 200 + + + +=== TEST 13: Access without api key, but admin_key_required=false --- yaml_config deployment: admin: From 3a08b521b986899c75c521328c0e75a9b1955c1b Mon Sep 17 00:00:00 2001 From: dongjunduo Date: Tue, 4 Apr 2023 02:19:38 -0700 Subject: [PATCH 17/20] correct comments --- conf/config-default.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/conf/config-default.yaml b/conf/config-default.yaml index a80f3964436c..3d149ec64f8c 100755 --- a/conf/config-default.yaml +++ b/conf/config-default.yaml @@ -588,8 +588,8 @@ deployment: role_traditional: config_provider: etcd admin: - # admin_key required or not. Default value is true. - # Bypass the Admin API authentication by modifying this value to false if needed. + # Admin API authentication is enabled by default. + # Set it false in the production environment will cause a serious security issue. # admin_key_required: true # Default token when use API to call for Admin API. From aa15642f92307c7405aff511a6ce7cb4e4e633f2 Mon Sep 17 00:00:00 2001 From: dongjunduo Date: Thu, 6 Apr 2023 00:34:48 -0700 Subject: [PATCH 18/20] fix test err --- conf/config-default.yaml | 2 +- t/admin/api.t | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/conf/config-default.yaml b/conf/config-default.yaml index 3d149ec64f8c..d61f745afc9a 100755 --- a/conf/config-default.yaml +++ b/conf/config-default.yaml @@ -588,7 +588,7 @@ deployment: role_traditional: config_provider: etcd admin: - # Admin API authentication is enabled by default. + # Admin API authentication is enabled by default. # Set it false in the production environment will cause a serious security issue. # admin_key_required: true diff --git a/t/admin/api.t b/t/admin/api.t index c3b5620c3f66..af9fd9962b47 100644 --- a/t/admin/api.t +++ b/t/admin/api.t @@ -190,7 +190,7 @@ deployment: admin_key_required: true --- request GET /apisix/admin/routes ---- error_code: 200 +--- error_code: 401 From 18c00b5fc191e0f3fb6872e4800fb63797fed22a Mon Sep 17 00:00:00 2001 From: dongjunduo Date: Thu, 6 Apr 2023 02:12:06 -0700 Subject: [PATCH 19/20] fix wrong test case --- t/admin/api.t | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/t/admin/api.t b/t/admin/api.t index af9fd9962b47..0657778332c7 100644 --- a/t/admin/api.t +++ b/t/admin/api.t @@ -183,14 +183,16 @@ GET /apisix/admin/routes -=== TEST 12: Access without api key, but admin_key_required=true +=== TEST 12: Access with api key, but admin_key_required=false --- yaml_config deployment: admin: - admin_key_required: true + admin_key_required: false +--- more_headers +X-API-KEY: edd1c9f034335f136f87ad84b625c8f1 --- request GET /apisix/admin/routes ---- error_code: 401 +--- error_code: 200 From 97a5a8ecb164a5078e2a9f126b0c5711ad4dabce Mon Sep 17 00:00:00 2001 From: dongjunduo Date: Thu, 6 Apr 2023 02:29:27 -0700 Subject: [PATCH 20/20] add more test cases --- t/admin/api.t | 36 +++++++++++++++++++++++++++++++++--- 1 file changed, 33 insertions(+), 3 deletions(-) diff --git a/t/admin/api.t b/t/admin/api.t index 0657778332c7..982becc79e7a 100644 --- a/t/admin/api.t +++ b/t/admin/api.t @@ -172,18 +172,31 @@ GET /apisix/admin/routes -=== TEST 11: Access without api key, but admin_key_required=true +=== TEST 11: Access with wrong api key, and admin_key_required=true --- yaml_config deployment: admin: admin_key_required: true +--- more_headers +X-API-KEY: wrong-key --- request GET /apisix/admin/routes --- error_code: 401 -=== TEST 12: Access with api key, but admin_key_required=false +=== TEST 12: Access without api key, and admin_key_required=true +--- yaml_config +deployment: + admin: + admin_key_required: true +--- request +GET /apisix/admin/routes +--- error_code: 401 + + + +=== TEST 13: Access with api key, but admin_key_required=false --- yaml_config deployment: admin: @@ -193,10 +206,27 @@ X-API-KEY: edd1c9f034335f136f87ad84b625c8f1 --- request GET /apisix/admin/routes --- error_code: 200 +--- error_log +Admin key is bypassed! + + + +=== TEST 14: Access with wrong api key, but admin_key_required=false +--- yaml_config +deployment: + admin: + admin_key_required: false +--- more_headers +X-API-KEY: wrong-key +--- request +GET /apisix/admin/routes +--- error_code: 200 +--- error_log +Admin key is bypassed! -=== TEST 13: Access without api key, but admin_key_required=false +=== TEST 15: Access without api key, but admin_key_required=false --- yaml_config deployment: admin: