feat: support Nacos ak/sk authentication #10445
Conversation
conf/config-default.yaml
Outdated
| @@ -308,6 +308,8 @@ nginx_config: # Config for render the template to generate n | |||
| # connect: 2000 # Default 2000ms | |||
| # send: 2000 # Default 2000ms | |||
| # read: 5000 # Default 5000ms | |||
| # access_key: "" | |||
| # secret_key: "" | |||
There was a problem hiding this comment.
Could you add some comments for the two configurations?
| @@ -39,6 +39,8 @@ local auth_path = 'auth/login' | |||
| local instance_list_path = 'ns/instance/list?healthyOnly=true&serviceName=' | |||
| local default_namespace_id = "public" | |||
| local default_group_name = "DEFAULT_GROUP" | |||
| local access_key | |||
| local secret_key | |||
There was a problem hiding this comment.
Sorry, I'm not very familiar with nacos, how does these configurations work? Don't we need to configure the Nacos?
There was a problem hiding this comment.
In nacos open source version, these configurations was no needed, but it can work in Alibaba Cloud MSE Nacos when MSE Nacos enabled authentication, and it also need to create a RAM user and grant permissions. More details in https://www.alibabacloud.com/help/en/mse/user-guide/access-authentication-by-the-nacos-client .
There was a problem hiding this comment.
So it's for MSE only? Could you describe this in the comment? like
# access_key: "" # Nacos AccessKey ID in Alibaba Cloud, notice that it's for Nacos instances on Microservices Engine (MSE)
# secret_key: "" # Nacos AccessKey Secret in Alibaba Cloud, notice that it's for Nacos instances on Microservices Engine (MSE)
monkeyDluffy6017
added
the
wait for update
|
|
||
|
|
||
| === TEST 7: get APISIX-NACOS info from NACOS - configured in services | ||
| --- yaml_config eval: $::yaml_config |
There was a problem hiding this comment.
How does this work if the opensource nacos doesn't support MSE but you add access_key and secret_key here?
There was a problem hiding this comment.
the part is a implement from nacos sdk, the sign functions will add three args in query request url, if you use opensource nacos, extras args will not take effect in query request, but it's hard for me to make a mse nacos here for test.
| access_key: "my_access_key" | ||
| secret_key: "my_secret_key" |
There was a problem hiding this comment.
If these configurations don't work, why do you add so many test cases?
There was a problem hiding this comment.
because we can use mse nacos instead of it and run test in local environment easily, and also see does it take any effect in open sourece verison. what do you think of it?
There was a problem hiding this comment.
Could you add a comment at the top of the test file, like: we can't use mse nacos to test, access_key and secret_key won't affect the open source nacos
monkeyDluffy6017
added
approved
and removed
wait for update
Description
feat: support Nacos ak/sk authentication
Checklist